[PATCH] 743 Fixed install-only message in external CA case.
by Endi Sukma Dewata
Previously, in external CA case if pkispawn was executed with
pki_skip_configuration=True, it would stop the execution before
the step 1 was fully completed (i.e. generating CSR), but it would
incorrectly show a message indicating the CSR has been generated.
The code that displays the installation summary has been fixed to
check for pki_skip_configuration first before checking for external
CA case to ensure that it displays the appropriate message for each
step.
The code that generates the Tomcat instance systemd service link
was moved into instance_layout.py to avoid redundant executions.
The pkispawn and pkidestroy have also be modified to remove
redundant log of deployment parameters in master dictionary.
--
Endi S. Dewata
8 years, 4 months
[PATCH] fix for existing CA for HSM
by Ade Lee
commit 5efd691e71f32b350737d95fe08f470164e60192
Author: Ade Lee <alee(a)redhat.com>
Date: Thu May 12 00:35:41 2016 +0200
Fix existing ca setup to work with HSM
If the existing CA keys are in an HSM, the code fails to
load the keys becauseit does not take into account the full nickname.
This small fix addresses this bug.
Please review,
Thanks,
Ade
8 years, 4 months
[PATCH] patches for authz realm and fixing output on request rejection
by Ade Lee
Patch descriptions .. in reverse order.
Note that the CA setup for authz is further documented at
pki.fedoraproject.org/wiki/Kra_authz_realm , where I have added a
section on 'CA Configuration".
Thanks,
Ade
****************************************************************
commit ad1fcecc2f36cc1ebc1f13efe3df9d1e138224b7
Author: Ade Lee <alee(a)redhat.com>
Date: Mon May 9 15:00:20 2016 -0400
Add authz realm check for cert enrollment
Ticket 2041
commit b5232ce101083409ed9a86e9057620cca7288f62
Author: Ade Lee <alee(a)redhat.com>
Date: Sat May 7 00:06:08 2016 -0400
Fix error output when request is rejected
With this fix, error messages are returned to the user when
a request is rejected - either in the UI or from the pki CLI.
Trac Ticket 1247 (amongst others)
commit 82d18a99103de1fa749b077cfccec5ff65ceb4a5
Author: Ade Lee <alee(a)redhat.com>
Date: Wed May 4 18:25:51 2016 -0400
Add realm to requests coming in from CA
Requests to the KRA through the CA-KRA connector use the Enrollment
Service. This has been modified to read and store any realm passed in.
The realm can be added to the request by havibg the admin add
a AuthzRealmDefault and AuthzRealmConstraint in a profile.
At this point, all the constraint does is verify that the realm is
one of a specified list of realms. More verification will be added
in a subsequent patch.
No attempt is made yet to allow users to specify the realm. This
would need to be added as a ProfileInput.
Part of Ticket 2041
8 years, 4 months