[PATCH] Disable PKI GUI Configuration
by Matthew Harmsen
Please review the attached patch which addresses parts (1), (2), and (3) of:
* PKI TRAC Ticket #1120 - Remove Firefox PKI GUI Configuration Panel
Interface <https://fedorahosted.org/pki/ticket/1120>
This patch has been tested to verify that CA, KRA, OCSP, TKS, and TPS
instances can still be installed/configured via running 'pkispawn'.
NOTE: An ACK for this patch simply means that the remaining issues
described in this ticket will cause it to be moved to the Dogtag 10.2.1
ticket repository.
10 years
dogtag on Ubuntu
by Raj
Hello All,
I know Dogtab is Redhat/Fedroa based. But I have products that also run on
Ubuntu. Has there been any attempts by anyone to build and run dogtag CA
server on Ubuntu? Any pointers on this will be helpful. Thanks in advance
experts!
Raj Soundar
10 years
[PATCH] 101 Generation of asymmetric keys in the DRM
by Abhishek Koneru
Please find the attached patch which generates the asymmetric keys using
algorithms RSA and DSA (EC to be added) for a valid key sizes of 512,
1024, 2048, 4096.
Key Changes in the patch -
- Adding methods for generation of Asymmetric keys in the DRM.
- Allowing the key-generate CLI command to accept algorithms RSA and
DSA.
- Returning the base64 encoded public key in the KeyInfo object
(key-show CLI command).
- Retrieving the private key using the retrieveKeyData method in the
KeyClient.
-- Abhishek
10 years
[PATCH] 520 Added missing upgrade folders.
by Endi Sukma Dewata
The current upgrade framework requires that all supported versions
to upgrade from to have corresponding upgrade folders even though
they might be empty. New empty folders have been added for 10.1.1.
--
Endi S. Dewata
10 years
[PATCH] 519 Fixed problems in group operations.
by Endi Sukma Dewata
Previously modifying the description of an empty group failed
because the server tried to delete a uniqueMember attribute that
did not exist because the group was already empty. The servlets and
group subsystem has been fixed to retrieve the existing group data
first, perform the changes on it, then save it back to the database.
Also adding a new group will no longer require a description because
it's not required by the LDAP object class.
Ticket #818
--
Endi S. Dewata
10 years
[PATCH] 518 Fixed problem emptying a field in TPS UI.
by Endi Sukma Dewata
Previously emptying a field in TPS UI could not be saved because
the change was not saved and sent to the server. The UI framework
now has been fixed to save and send the empty field to the server
such that the database can be updated properly.
Additional parameters have been added to the tps-token-mod command
to modify all editable fields.
Ticket #1085
Note: The updated pki-ui.js needs to be copied manually into existing
instance at /var/lib/pki/<instance>/webapps/pki/js/.
--
Endi S. Dewata
10 years
[PATCH] PKI TRAC Ticket #1118 - Create 'pki-admin' package
by Matthew Harmsen
Please review the attached patch which addresses the following ticket:
* PKI TRAC Ticket #1118 - Move 'pkispawn' and 'pkidestroy' to a
separate package called 'pki-admin'
<https://fedorahosted.org/pki/ticket/1118>
The patch has been tested by being installed on a system which contained
earlier PKI packages, and it was confirmed that the location and package
ownership of the relocated files have all been changed. Next, the
'pkidestroy' executable was run and successfully removed a couple of
instances that had been generated by the previous versions of the
packages, and finally, a new instance was successfully generated and
tested by running the 'pkispawn' executable.
CAVEATS:
* To install this on a system that already contains previous
versions of the software, use 'yum install' rather than 'yum
upgrade', as the new version of the 'pki-server' RPM now requires
the new package 'pki-admin', and 'yum install' will install this
package as well as upgrading any existing packages.
* Reminder -- the scope and purpose of this bug is simply the
creation of a new package 'pki-admin', and the relocation of the
'pkispawn' and 'pkidestroy' utilities along with their basic
infrastructure; this is the necessary first step before the
currently scheduled 10.2.1 completion of PKI TRAC Ticket #1119 -
Allow 'pkispawn' to remotely configure a PKI instance
<https://fedorahosted.org/pki/ticket/1119> since the 'pkispawn'
executable needed to first be separated from the 'pki-server' package
10 years
[pki-devel][PATCH] 0019-Misc-TPS-packaging-tasks.patch
by John Magne
Misc TPS packaging tasks:
1. Make sure the new TPS packages all the applet files, like the old TPS has done.
2. Create a small new package called "pki-tps-client", which will hold ONLY the
command line utility "tpsclient" and all of its supporting libraries.
We will do this until we can rewrite "tpclient" on the new Java TPS system.
10 years
[PATCH] PKI TRAC Ticket #567 - ui needs to be scrubbed for missing images
by Matthew Harmsen
Please review the attached patch which addresses the following PKI TRAC
Ticket:
* PKI TRAC Ticket #567 - ui needs to be scrubbed for missing images
<https://fedorahosted.org/pki/ticket/567>
Detailed testing instructions for this patch are documented within the
TRAC Ticket.
*CAVEATS:*
* For the CA, KRA, OCSP, and TKS, the following is Firebug warning
(yellow) is expected behavior on newer versions of Firefox:
*CONFIGURATION PANEL:* Import CA's Certificate Chain
*
FIREBUG CONSOLE:*(red - error)
Blocked loading mixed active content
"http://server.example.com:8080/ca/ee/ca/getCAChain?op=download&mimeType=a..."
...p://server.example.com:8080/ca/ee/ca/getCAChain?op=download&mimeType=applic...
*
FIREFOX BROWSER:
*Click on the 'shield' icon in the URL line and select 'Disable
protection on this page' from the pull down menu; follow the dialog
boxes to resend the page, and mark all three trust checkboxes in the
pop-up trust dialog as per usual.*
FIREBUG CONSOLE:* (yellow - warning)
! Loading mixed (insecure) active content on a secure page
"http://server.example.com:8080/ca/ee/ca/getCAChain?op=download&mimeType=a..."
...p://server.example.com:8080/ca/ee/ca/getCAChain?op=download&mimeType=applic...
wizard (line 210)
* For the CA, the following Firebug 404 error (or something similar)
generally shows up when 'View Server Statistics' is selected on the
CA AGENT PAGE (https://server.example.com:8443/ca/agent/ca/getStats)
yet this variable appears to be defined in the referenced
javascript, and everything appears to still work:*
FIREBUG CONSOLE:* (red - error)
TypeError: result.recordSet[i] is undefined
if (result.recordSet[i].name.charAt(0) == '-') {
getStats (line 160)
10 years
[PATCH] pki-cfu-0027-ticket-882-tokendb-policy-handling-revocation-and-re.patch
by Christina Fu
This is continuation of token policy work from ticket #882
This patch provides
1. the 2nd part (and not last) of the token policy work
- determining policies for Enrollment, Re-enrollment, Renewal,
Recovery, and Revocation
(note: Recovery decision needs more refinement in later patch. The
generateCertsAfterRenewalRecoveryPolicy method is currently just a close
translation from the original TPS and is extremely complex. It deserves
some close inspection and improvement at later time, in next round)
2. revocation for certificates due to token operations
(note: administrator initiated will be handled in later patch)
thanks,
Christina
10 years