[Pki-users] Announcing 'Dogtag 10.0.0 (Alpha)'

The Dogtag team is pleased to announce the availability of an Alpha Release of the Dogtag 10.0 code. This release contains the following features: 1. Extension of the functionality of the DRM to store and retrieve symmetric keys and passphrases, rather than only asymmetric keys. This feature allows the DRM to be used as a secure vault-like storage for essentially any sensitive data. The data is stored using the same secure FIPS-compliant storage mechanism used to store PKI keys. 2. The new DRM functionality is exposed through a new REST interface, provided by the RESTEasy framework. This provides an intuitive mechanism for writing clients to the interface. Both Java (using the RESTEasy client proxy framework) and Python clients have been coded. The server uses standard Java libraries to generate and parse XML or JSON input and output data. 3. Extracted authentication and authorization code from the individual servlets into a standard Tomcat authentication realm. This realm has been configured to require client certificate authentication, and is being used to secure the new DRM REST interface. In the future, this authentication realm could be extended to include other kinds of authentication (such as Kerberos). This is part of a push to refactor the code to expose the core business functionality in the servlets, while extracting the ancillary tasks (authentication, authorization, XML parsing and generation, etc.) and using standard methods and libraries to accomplish these tasks. 4. Enhanced Java subsystems so that they could connect to the internal database using a non-directory manager user, that is authenticated using client authentication. This resolves a number of issues with LDAP operations ignoring search limits. In addition, some changes have been made to allow integrating the Dogtag database with other systems such as IPA. 5. A new package pki-deploy contains the initial framework for a Python-based installer/de-installer (pkispawn/pkidestroy) that will be used to install and configure a Dogtag instance. This will ultimately replace the pki-setup installer/de-installer (pkicreate, pkidestroy) package, and the pki-silent instance configuration (pkisilent) package. 6. Much of the focus of this release was on cleaning up and modernizing the Dogtag source code. * Dogtag source code has been moved to git. * Java coding standards have been revised - and the code has been reformatted to match those standards. * Initially, Eclipse reported about 13000 warnings in the dogtag code. Those have been reduced to close to 2400. This included removing dead and unused code, replacing calls to deprecated functions and replacing raw collections with type-safe generics. NOTE: These numbers currently exclude console code. * OSUtil is a package that has certain utilities that were not available when the Dogtag code was originally written. These utilities are now available in current standard libraries - and so this package has been eliminated entirely. * Improved handling of short and long lived threads which allow threads to exit gracefully on shutdown. The builds can be found at the following links: * http://pki.fedoraproject.org/pki/download/pki/10.0.0.alpha/fc16/RPMS/i686 - Fedora 16 (32-bit i686) * http://pki.fedoraproject.org/pki/download/pki/10.0.0.alpha/fc16/RPMS/x86_64 - Fedora 16 (64-bit x86_64) * http://pki.fedoraproject.org/pki/download/pki/10.0.0.alpha/fc16/SRPMS - Fedora 16 (Source) * http://pki.fedoraproject.org/pki/download/pki/10.0.0.alpha/fc17/RPMS/i686 - Fedora 17 (32-bit i686) * http://pki.fedoraproject.org/pki/download/pki/10.0.0.alpha/fc17/RPMS/x86_64 - Fedora 17 (64-bit x86_64) * http://pki.fedoraproject.org/pki/download/pki/10.0.0.alpha/fc17/SRPMS - Fedora 17 (Source)