Skip to content
Commits on Source (515)
Hide whitespace changes
Inline Side-by-side
.classpath
View file @ 0fec6b8c
......@@ -2,7 +2,7 @@
<classpath>
<classpathentry excluding="**/CMakeLists.txt" kind="src" path="base/test/src"/>
<classpathentry excluding="**/CMakeLists.txt" kind="src" path="base/server/tomcat/src"/>
<classpathentry kind="src" output="tests/dogtag/dev_java_tests/bin" path="tests/dogtag/dev_java_tests/src"/>
<classpathentry excluding="**/CMakeLists.txt" kind="src" path="tests/dogtag/dev_java_tests/src"/>
<classpathentry excluding="**/CMakeLists.txt" kind="src" path="base/symkey/src"/>
<classpathentry excluding="**/CMakeLists.txt" kind="src" path="base/util/src"/>
<classpathentry excluding="**/CMakeLists.txt" kind="src" path="base/util/test"/>
......@@ -19,9 +19,9 @@
<classpathentry excluding="**/CMakeLists.txt" kind="src" path="base/ocsp/src"/>
<classpathentry excluding="**/CMakeLists.txt" kind="src" path="base/tks/src"/>
<classpathentry excluding="**/CMakeLists.txt" kind="src" path="base/tps/src"/>
<classpathentry kind="src" path="base/server/tomcat8/src"/>
<classpathentry kind="src" path="base/common/examples/java"/>
<classpathentry kind="src" path="base/console/src"/>
<classpathentry excluding="**/CMakeLists.txt" kind="src" path="base/server/tomcat-8.5/src"/>
<classpathentry excluding="**/CMakeLists.txt" kind="src" path="base/common/examples/java"/>
<classpathentry excluding="**/CMakeLists.txt" kind="src" path="base/console/src"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
<classpathentry kind="lib" path="/usr/share/java/apache-commons-cli.jar"/>
<classpathentry kind="lib" path="/usr/share/java/apache-commons-logging.jar"/>
......@@ -67,5 +67,7 @@
<classpathentry kind="lib" path="/usr/share/java/hamcrest/core.jar"/>
<classpathentry kind="lib" path="/usr/share/java/jboss-logging/jboss-logging.jar"/>
<classpathentry kind="lib" path="/usr/share/java/jboss-annotations-1.2-api/jboss-annotations-api_1.2_spec.jar"/>
<classpathentry kind="lib" path="/usr/share/java/tomcat/tomcat-juli.jar"/>
<classpathentry kind="lib" path="/usr/share/java/tomcat/jaspic-api.jar"/>
<classpathentry kind="output" path="build/classes"/>
</classpath>
.gitignore
View file @ 0fec6b8c
.metadata/
build/
tests/dogtag/dev_java_tests/bin/
.tox
dist
.tox/
dist/
MANIFEST
*.pyc
__pycache__
/base/common/python/build/
/base/common/python/dist/
/base/common/python/dogtag_pki.egg-info/
.pytest_cache/
.travis.yml
View file @ 0fec6b8c
......@@ -4,68 +4,80 @@ language: python
services:
- docker
cache: pip
env:
global:
- CONTAINER=pkitest
- SCRIPTDIR=/tmp/workdir/pki/.travis
- PKI_LOG=pki_log.log
- CI_RESULTS_LOG="ci_results_${TRAVIS_BRANCH}.log"
- CI_RUNNER_LOG_ARCHIVE="dogtag-ci-job-${TRAVIS_JOB_NUMBER}.tar.gz"
- IMAGE=dogtagpki/pki-ci:f26_105
# F25 is outdated
# - IMAGE=dogtagpki/pki-ci:f25_104
# rawhide repo is unstable
# - IMAGE=dogtagpki/pki-ci:rawhide
matrix:
- TASK_TO_RUN="run-dogtag-build"
jobs:
include:
- TASK_TO_RUN="run-ipa-test"
IPA_TEST_RUNNER_IMAGE="dogtagpki/pki-ci:f26_ipa_4-5"
RPMS_LOCATION=/tmp/workdir/packages/RPMS
DOGTAG_PKI_RPMS=${TRAVIS_BUILD_DIR}/dogtag_rpms
# F27 Image
- env:
- TASK_TO_RUN="pki-test"
- BASE_IMAGE=${IMAGE_REPO:-dogtagpki/pki-ci}:f27_106_46
before_install:
- set -a && source .travis/global_variables
- echo -e $gerrit_ssh_key >> ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa
# Post the Travis Build URL
- TRAVIS_BUILD_URL="https://travis-ci.org/$TRAVIS_REPO_SLUG/builds/$TRAVIS_BUILD_ID"
- MESSAGE="$(printf "Build Started.\nTravis Build:"${TRAVIS_BUILD_URL})"
- .travis/set_gerrit_message.sh -m "${MESSAGE}"
install: .travis/init_task.sh | tee /dev/tty | grep -Eo '(http|https)://transfer.sh/[a-zA-Z0-9./?=_-]*.txt' | uniq >> ${TRANSFER_SH_URLS}
script:
- set -o pipefail
- travis_wait 20 .travis/pki-test.sh | tee /dev/tty | grep -Eo '(http|https)://transfer.sh/[a-zA-Z0-9./?=_-]*.txt' | uniq >> ${TRANSFER_SH_URLS}
after_failure:
# Post the URL of Travis Job that failed
- TRAVIS_JOB_URL="https://travis-ci.org/$TRAVIS_REPO_SLUG/jobs/$TRAVIS_JOB_ID"
- MESSAGE="$(printf "Job 1 Failed\nTravis Job:"${TRAVIS_JOB_URL}"\n\nLogs:\n" )"$'\n'"$(cat ${TRANSFER_SH_URLS})"
- .travis/set_gerrit_message.sh -v -1 -m "${MESSAGE}"
after_script:
- cat ${TRANSFER_SH_URLS}
- docker kill ${CONTAINER}
- docker rm ${CONTAINER}
before_install:
- pyenv global system 3.6
- docker pull ${IMAGE}
- >
docker run
--detach
--name=${CONTAINER}
--hostname='pki.test'
--privileged
--tmpfs /tmp
--tmpfs /run
-v /sys/fs/cgroup:/sys/fs/cgroup:ro
-v $(pwd):/tmp/workdir/pki
-e BUILDUSER_UID=$(id -u)
-e BUILDUSER_GID=$(id -g)
-e TRAVIS=${TRAVIS}
-e TRAVIS_JOB_NUMBER=${TRAVIS_JOB_NUMBER}
-ti
${IMAGE}
- env:
- TASK_TO_RUN="ipa-test"
- BASE_IMAGE=${IMAGE_REPO:-dogtagpki/pki-ci}:f27_106_46
before_install:
- set -a && source .travis/global_variables
- echo -e $gerrit_ssh_key >> ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa
install: .travis/init_task.sh
script: travis_wait 20 .travis/ipa-test.sh
after_failure:
- docker exec ${CONTAINER} journalctl -l > ${SYSTEMD_LOG}
- echo "Uploading CI Logs to transfer.sh ..."
- curl -w "\n" --upload-file ./${SYSTEMD_LOG} https://transfer.sh/systemd_logs.txt > ${TRANSFER_SH_URLS}
- curl -w "\n" --upload-file ./${CI_RESULTS_LOG} https://transfer.sh/freeipa-integration.txt >> ${TRANSFER_SH_URLS}
# Post the URL of Travis Job that failed
- TRAVIS_JOB_URL="https://travis-ci.org/$TRAVIS_REPO_SLUG/jobs/$TRAVIS_JOB_ID"
- MESSAGE="$(printf "Job 2 Failed\nTravis Job:"${TRAVIS_JOB_URL}"\n\nLogs:\n" )"$'\n'"$(cat ${TRANSFER_SH_URLS})"
- .travis/set_gerrit_message.sh -v -1 -m "${MESSAGE}"
after_script:
- cat ${TRANSFER_SH_URLS}
- docker kill ${CONTAINER}
- docker rm ${CONTAINER}
install:
- docker exec -ti ${CONTAINER} /bin/ls -la /tmp/workdir
# F28 image
- env:
- TASK_TO_RUN="pki-test"
- BASE_IMAGE=${IMAGE_REPO:-dogtagpki/pki-ci}:f28_106_46
before_install:
- set -a && source .travis/global_variables
- echo -e $gerrit_ssh_key >> ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa
install: .travis/init_task.sh | tee /dev/tty | grep -Eo '(http|https)://transfer.sh/[a-zA-Z0-9./?=_-]*.txt' | uniq >> ${TRANSFER_SH_URLS}
script:
- set -o pipefail
- travis_wait 20 .travis/pki-test.sh | tee /dev/tty | grep -Eo '(http|https)://transfer.sh/[a-zA-Z0-9./?=_-]*.txt' | uniq >> ${TRANSFER_SH_URLS}
after_failure:
# Post the URL of Travis Job that failed
- TRAVIS_JOB_URL="https://travis-ci.org/$TRAVIS_REPO_SLUG/jobs/$TRAVIS_JOB_ID"
- MESSAGE="$(printf "Job 3 Failed\nTravis Job:"${TRAVIS_JOB_URL}"\n\nLogs:\n" )"$'\n'"$(cat ${TRANSFER_SH_URLS})"
- .travis/set_gerrit_message.sh -v -1 -m "${MESSAGE}"
after_script:
- cat ${TRANSFER_SH_URLS}
- docker kill ${CONTAINER}
- docker rm ${CONTAINER}
- docker exec -ti ${CONTAINER} ${SCRIPTDIR}/00-init
- docker exec -ti ${CONTAINER} ${SCRIPTDIR}/10-compose-rpms
# IPA related installs
- pip install --upgrade pip
- pip3 install --upgrade pip
- pip install pep8
script:
# It is time to run FreeIPA tests with new Dogtag RPMS built
- travis_wait 20 ./.travis_run_task.sh
after_script:
- docker kill ${CONTAINER}
- docker rm ${CONTAINER}
# The errors can be in either dogtag container or freeipa container
after_failure:
- docker exec ${CONTAINER} journalctl -l > ${PKI_LOG}
- echo "Uploading CI Logs to transfer.sh ..."
- curl --upload-file ./${PKI_LOG} https://transfer.sh/dogtag_build_logs.txt
- curl --upload-file ./${CI_RESULTS_LOG} https://transfer.sh/freeipa-integration.txt
- stage: Verification Label
before_install: echo -e $gerrit_ssh_key >> ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa
script:
- MESSAGE="$(printf "Travis Build Successful.")"
- .travis/set_gerrit_message.sh -v +1 -m "${MESSAGE}"
.travis/00-init
View file @ 0fec6b8c
......@@ -32,5 +32,5 @@ dnf makecache
# update, container might be outdated
dnf update -y
## prepare additional build dependencies
dnf builddep -y ${BUILDDIR}/pki/specs/pki-core.spec
# TODO: move this into container image
# dnf install -y rpmlint
.travis/01-install-dependencies 0 → 100755
View file @ 0fec6b8c
#!/bin/bash
## prepare additional build dependencies
dnf builddep -y --spec ${BUILDDIR}/pki/specs/$1.spec.in
\ No newline at end of file
.travis/10-compose-rpms
View file @ 0fec6b8c
#!/bin/bash
set -e
BUILDLOG=/tmp/compose.log
BUILDLOG=/tmp/compose_$1.log
function compose {
pushd ${BUILDDIR}/pki
# run make with --quiet to reduce log verbosity.
sudo -u ${BUILDUSER} MAKEFLAGS="-j2 --quiet" -- \
./scripts/compose_pki_core_packages rpms
sudo -u ${BUILDUSER} -- ./scripts/$1 rpms
popd
}
function upload {
if test -f $BUILDLOG; then
echo "Uploading build log to transfer"
curl --upload-file $BUILDLOG https://transfer.sh/pkitravis.txt
curl --upload-file $BUILDLOG https://transfer.sh/pkitravis_$1.txt
# Add new line for readability of logs
printf "\n\n=====================================\n\n"
fi
}
if test "${TRAVIS}" != "true"; then
compose
else
trap upload EXIT
echo "Runing compose_pki_core_packages rpms."
trap "upload $1" EXIT
echo "Runing $1 rpms."
echo "Build log will be posted to transfer.sh"
echo $(date) > $BUILDLOG
echo "Travis job ${TRAVIS_JOB_NUMBER}" >> $BUILDLOG
compose >>$BUILDLOG 2>&1
fi
compose $1>>$BUILDLOG 2>&1
fi
\ No newline at end of file
.travis/20-install-rpms
View file @ 0fec6b8c
#!/bin/bash
set -e
PACKAGES=`find ${BUILDDIR}/packages/RPMS/ -name '*.rpm' -and -not -name '*debuginfo*'`
find ${BUILDDIR}/packages/RPMS/ -name '*.rpm' -and -not -name '*debuginfo*' \
| xargs dnf install -y --best --allowerasing
# To list all packages that are available. Useful for debug purposes
echo ${PACKAGES}
dnf install -y --best --allowerasing ${PACKAGES}
# Remove the RPMs once installed. They are not required anymore. This will ensure
# that there is no issue generating next set of RPMs
rm ${PACKAGES}
.travis/global_variables 0 → 100644
View file @ 0fec6b8c
CONTAINER=pkitest
SCRIPTDIR=/tmp/workdir/pki/.travis
SYSTEMD_LOG=systemd_log.log
CI_RESULTS_LOG="ci_results_${TRAVIS_BRANCH}.log"
CI_RUNNER_LOG_ARCHIVE="dogtag-ci-job-${TRAVIS_JOB_NUMBER}.tar.gz"
RPMS_LOCATION=/tmp/workdir/packages/RPMS
DOGTAG_PKI_RPMS=${TRAVIS_BUILD_DIR}/dogtag_rpms
TRANSFER_SH_URLS=message.txt
\ No newline at end of file
.travis/init_task.sh 0 → 100755
View file @ 0fec6b8c
#!/bin/bash
#
# Authors:
# Dinesh Prasanth M K <dmoluguw@redhat.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; version 2 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Copyright (C) 2018 Red Hat, Inc.
# All rights reserved.
#
pyenv global system 3.6
docker pull ${BASE_IMAGE}
docker run \
--detach \
--name=${CONTAINER} \
--hostname='pki.test' \
--privileged \
--tmpfs /tmp \
--tmpfs /run \
-v /sys/fs/cgroup:/sys/fs/cgroup:ro \
-v $(pwd):/tmp/workdir/pki \
-e BUILDUSER_UID=$(id -u) \
-e BUILDUSER_GID=$(id -g) \
-e TRAVIS=${TRAVIS} \
-e TRAVIS_JOB_NUMBER=${TRAVIS_JOB_NUMBER} \
-i \
${BASE_IMAGE}
docker exec -i ${CONTAINER} /bin/ls -la /tmp/workdir
docker exec -i ${CONTAINER} ${SCRIPTDIR}/00-init
docker exec -i ${CONTAINER} ${SCRIPTDIR}/01-install-dependencies pki-core
docker exec -i ${CONTAINER} ${SCRIPTDIR}/10-compose-rpms compose_pki_core_packages
# IPA related installs
pip install --upgrade pip
pip3 install --upgrade pip
pip install pep8
\ No newline at end of file
.travis_run_task.sh .travis/ipa-test.sh
View file @ 0fec6b8c
......@@ -21,7 +21,6 @@
#
PYTHON="/usr/bin/python${TRAVIS_PYTHON_VERSION}"
TEST_RUNNER_CONFIG=".test_runner_config.yaml"
test_set="test_caacl_plugin.py test_caacl_profile_enforcement.py test_cert_plugin.py test_certprofile_plugin.py test_vault_plugin.py"
developer_mode_opt="--developer-mode"
......@@ -39,54 +38,32 @@ function truncate_log_to_test_failures() {
fi
}
# Copy the built RPMS to host machine
mkdir -p ${DOGTAG_PKI_RPMS}
docker cp ${CONTAINER}:${RPMS_LOCATION}/. ${DOGTAG_PKI_RPMS}
ls ${DOGTAG_PKI_RPMS}
if [[ "$TASK_TO_RUN" == "run-ipa-test" ]]
then
docker pull ${IPA_TEST_RUNNER_IMAGE}
# Copy the built RPMS to host machine
mkdir -p ${DOGTAG_PKI_RPMS}
docker cp ${CONTAINER}:${RPMS_LOCATION}/. ${DOGTAG_PKI_RPMS}
ls ${DOGTAG_PKI_RPMS}
# Install the ipa-docker-test-runner tool
pip3 install git+https://github.com/freeipa/ipa-docker-test-runner@release-0-3-1
for test_files in ${test_set}; do
cert_test_file_loc="${cert_test_file_loc} test_xmlrpc/${test_files}"
done
# Install the ipa-docker-test-runner tool
pip3 install git+https://github.com/freeipa/ipa-docker-test-runner@release-0-3-1
echo ${cert_test_file_loc}
for test_files in ${test_set}; do
cert_test_file_loc="${cert_test_file_loc} test_xmlrpc/${test_files}"
done
ipa-docker-test-runner -l ${CI_RESULTS_LOG} \
-c ${TEST_RUNNER_CONFIG} \
$developer_mode_opt \
--container-environment "PYTHON=$PYTHON" \
--container-image ${IPA_TEST_RUNNER_IMAGE} \
--git-repo ${TRAVIS_BUILD_DIR} \
run-tests ${cert_test_file_loc}
elif [[ "$TASK_TO_RUN" == "run-dogtag-build" ]]
then
docker exec -i ${CONTAINER} ${SCRIPTDIR}/20-install-rpms
docker exec -i ${CONTAINER} ${SCRIPTDIR}/30-setup-389ds
# Test whether pki subsystem works correctly
docker exec -i ${CONTAINER} ${SCRIPTDIR}/40-spawn-ca
docker exec -i ${CONTAINER} ${SCRIPTDIR}/50-spawn-kra
docker exec -i ${CONTAINER} ${SCRIPTDIR}/99-destroy
# copy pki.server for Python 3 and rewrite pkispawn/pkidestroy shebang
docker exec -i ${CONTAINER} ${SCRIPTDIR}/py3rewrite
docker exec -i ${CONTAINER} ${SCRIPTDIR}/30-setup-389ds
docker exec -i ${CONTAINER} ${SCRIPTDIR}/40-spawn-ca
docker exec -i ${CONTAINER} ${SCRIPTDIR}/50-spawn-kra
docker exec -i ${CONTAINER} ${SCRIPTDIR}/99-destroy
fi
echo ${cert_test_file_loc}
ipa-docker-test-runner -l ${CI_RESULTS_LOG} \
-c .travis/ipa-test.yaml \
$developer_mode_opt \
--container-environment "PYTHON=$PYTHON" \
--container-image ${BASE_IMAGE} \
--git-repo ${TRAVIS_BUILD_DIR} \
run-tests ${cert_test_file_loc}
exit_status="$?"
if [[ "$exit_status" -ne 0 && "$TASK_TO_RUN" == "run-ipa-test" ]]
if [[ "$exit_status" -ne 0 ]]
then
truncate_log_to_test_failures
fi
......
.test_runner_config.yaml .travis/ipa-test.yaml
View file @ 0fec6b8c
......@@ -41,7 +41,7 @@ steps:
- echo "Skipping Build. Nothing to do..."
builddep:
- rm -rf /var/cache/dnf/*
- "dnf makecache fast || :"
- "dnf makecache || :"
cleanup:
- chown -R ${uid}:${gid} ${container_working_dir}
- journalctl -b --no-pager > systemd_journal.log
......@@ -54,16 +54,16 @@ steps:
/var/log/pki
systemd_journal.log
- chown ${uid}:${gid} ${container_working_dir}/var_log.tar
- curl --upload ${container_working_dir}/var_log.tar https://transfer.sh/var_log.tar
configure:
- dnf repolist
install_packages:
- echo "Installing recently built dogtag RPMs..."
- sysctl net.ipv6.conf.lo.disable_ipv6=0
- find /freeipa/dogtag_rpms/ -name '*.rpm' -and -not -name '*debuginfo*' | xargs dnf install -y --best --allowerasing
- rpm -qa freeipa-*
- rpm -qa pki-*
- find ${container_working_dir}/dogtag_rpms/ -name '*.rpm' -and -not -name '*debuginfo*' | xargs dnf install -y
- rpm -qa tomcat* pki-* freeipa-* | sort
install_server:
- echo "Installing ipa-server..."
- sysctl net.ipv6.conf.lo.disable_ipv6=0
- ipa-server-install -U --domain ${server_domain} --realm ${server_realm} -p ${server_password}
-a ${server_password} --setup-dns --setup-kra --auto-forwarders
- systemctl restart httpd.service
......@@ -75,7 +75,7 @@ steps:
- echo ${server_password} > ~/.ipa/.dmpw
- echo 'wait_for_dns=5' >> ~/.ipa/default.conf
run_tests:
- ipa-run-tests ${tests_ignore} -k-test_dns_soa ${tests_verbose} ${path}
- ipa-run-tests-3 ${tests_ignore} -k-test_dns_soa ${tests_verbose} ${path}
- ipa-server-install --uninstall -U
tests:
ignore:
......
.travis/pki-test.sh 0 → 100755
View file @ 0fec6b8c
#!/bin/bash
#
# Authors:
# Dinesh Prasanth M K <dmoluguw@redhat.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; version 2 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Copyright (C) 2017 Red Hat, Inc.
# All rights reserved.
#
set -e
# First install pki-core packges as it's the dependency for other packages
docker exec -i ${CONTAINER} ${SCRIPTDIR}/20-install-rpms || exit $?
# Install deps, generate RPMS for all other packages and install them (in order)
docker exec -i ${CONTAINER} ${SCRIPTDIR}/01-install-dependencies dogtag-pki-theme # meta
docker exec -i ${CONTAINER} ${SCRIPTDIR}/01-install-dependencies pki-console
docker exec -i ${CONTAINER} ${SCRIPTDIR}/01-install-dependencies dogtag-pki
docker exec -i ${CONTAINER} ${SCRIPTDIR}/10-compose-rpms compose_dogtag_pki_theme_packages
docker exec -i ${CONTAINER} ${SCRIPTDIR}/20-install-rpms || exit $?
docker exec -i ${CONTAINER} ${SCRIPTDIR}/10-compose-rpms compose_pki_console_packages
docker exec -i ${CONTAINER} ${SCRIPTDIR}/20-install-rpms || exit $?
docker exec -i ${CONTAINER} ${SCRIPTDIR}/10-compose-rpms compose_dogtag_pki_meta_packages
docker exec -i ${CONTAINER} ${SCRIPTDIR}/20-install-rpms || exit $?
docker exec -i ${CONTAINER} ${SCRIPTDIR}/30-setup-389ds
# Test whether pki subsystem works correctly
docker exec -i ${CONTAINER} ${SCRIPTDIR}/40-spawn-ca
docker exec -i ${CONTAINER} ${SCRIPTDIR}/50-spawn-kra
docker exec -i ${CONTAINER} ${SCRIPTDIR}/99-destroy
# copy pki.server for Python 3
docker exec -i ${CONTAINER} ${SCRIPTDIR}/py3rewrite
docker exec -i ${CONTAINER} ${SCRIPTDIR}/30-setup-389ds
docker exec -i ${CONTAINER} ${SCRIPTDIR}/40-spawn-ca
docker exec -i ${CONTAINER} ${SCRIPTDIR}/50-spawn-kra
docker exec -i ${CONTAINER} ${SCRIPTDIR}/99-destroy
.travis/py3rewrite
View file @ 0fec6b8c
......@@ -14,15 +14,6 @@ PKISBIN = os.path.join(PKIBASE, 'server', 'sbin')
SITEPACKAGES = get_python_lib()
def copyscript(src, dst):
with open(src) as f:
lines = f.readlines()
lines[0] = '#!/usr/bin/python3\n'
with open(dst, 'w') as f:
os.fchmod(f.fileno(), 0o755)
f.writelines(lines)
def copyfiles():
shutil.rmtree(os.path.join(SITEPACKAGES, 'pki'))
shutil.copytree(
......@@ -33,14 +24,7 @@ def copyfiles():
PKISERVER,
os.path.join(SITEPACKAGES, 'pki', 'server')
)
copyscript(
os.path.join(PKISBIN, 'pkispawn'),
'/usr/sbin/pkispawn'
)
copyscript(
os.path.join(PKISBIN, 'pkidestroy'),
'/usr/sbin/pkidestroy'
)
if __name__ == '__main__':
copyfiles()
.travis/set_gerrit_message.sh 0 → 100755
View file @ 0fec6b8c
#!/bin/bash
#
# Authors:
# Dinesh Prasanth M K <dmoluguw@redhat.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; version 2 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Copyright (C) 2017 Red Hat, Inc.
# All rights reserved.
#
usage() { echo "Usage: $0 [-v <+1|-1>] [-m <message>]" 1>&2; exit 1; }
if [[ -n "${GERRIT_URL}" ]]
then
CMD="ssh -p 29418 "${GERRIT_URL}" -o StrictHostKeyChecking=no gerrit review ${TRAVIS_COMMIT}"
while getopts ":v:m:" o; do
case "${o}" in
v)
v=${OPTARG}
((v == +1 || v == -1)) || usage
CMD="$CMD --verified $v"
;;
m)
m=${OPTARG}
CMD="$CMD --message \"'$m'\""
;;
*)
usage
;;
esac
done
shift "$((OPTIND-1))"
# For debugging purpose
echo "${CMD}"
eval "${CMD}"
else
echo "Skip setting label..."
fi
\ No newline at end of file
CMakeLists.txt
View file @ 0fec6b8c
......@@ -13,24 +13,22 @@ if (NOT DEFINED VERSION)
set(VERSION "10.0.0")
endif(NOT DEFINED VERSION)
if (NOT DEFINED PKI_NSS_DB_TYPE)
set(PKI_NSS_DB_TYPE "dbm")
endif(NOT DEFINED PKI_NSS_DB_TYPE)
string(REGEX REPLACE "^([0-9]+).*" "\\1" APPLICATION_VERSION_MAJOR ${VERSION})
string(REGEX REPLACE "^[0-9]+\\.([0-9]+).*" "\\1" APPLICATION_VERSION_MINOR ${VERSION})
string(REGEX REPLACE "^[0-9]+\\.[0-9]+\\.([0-9]+).*" "\\1" APPLICATION_VERSION_PATCH ${VERSION})
option(WITH_TOMCAT7 "Build Tomcat 7" ON)
option(WITH_TOMCAT8 "Build Tomcat 8" ON)
option(WITH_SERVER "Build Server" ON)
option(WITH_JAVADOC "Build Javadoc" ON)
set(APP_SERVER "tomcat-8.0" CACHE STRING "Application server")
if (BUILD_DOGTAG_PKI_THEME)
set(APPLICATION_FLAVOR_DOGTAG_PKI_THEME TRUE)
elseif (BUILD_REDHAT_PKI_THEME)
set(APPLICATION_FLAVOR_REDHAT_PKI_THEME TRUE)
elseif (BUILD_PKI_CORE)
set(APPLICATION_FLAVOR_PKI_CORE TRUE)
elseif (BUILD_PKI_CONSOLE)
set(APPLICATION_FLAVOR_PKI_CONSOLE TRUE)
endif ()
option(WITH_SERVER "Build server package" ON)
option(WITH_JAVADOC "Build Javadoc package" ON)
option(WITH_TEST "Run unit tests" ON)
option(WITH_PYTHON2 "Build with Python 2 support" ON)
option(WITH_PYTHON3 "Build with Python 3 support" ON)
option(WITH_PYTHON3_DEFAULT "Build server and scripts with Python 3" OFF)
set(APPLICATION_VERSION "${APPLICATION_VERSION_MAJOR}.${APPLICATION_VERSION_MINOR}.${APPLICATION_VERSION_PATCH}")
......@@ -43,8 +41,8 @@ include(DefineCMakeDefaults)
include(DefinePlatformDefaults)
include(DefineCompilerFlags)
include(DefineInstallationPaths)
include(DefineOptions.cmake)
include(CPackConfig.cmake)
include(DefineOptions)
include(CPackConfig)
# disallow in-source build
include(MacroEnsureOutOfSourceBuild)
......@@ -59,28 +57,19 @@ file(MAKE_DIRECTORY ${CMAKE_BINARY_DIR}/dist)
# required for all PKI components
include(JUnit)
add_custom_target(unit-test)
# search for libraries
# required for all PKI components EXCEPT Theme-based components
if (NOT APPLICATION_FLAVOR_DOGTAG_PKI_THEME AND
NOT APPLICATION_FLAVOR_REDHAT_PKI_THEME)
if (BUILD_PKI_CORE OR BUILD_PKI_CONSOLE)
find_package(NSPR REQUIRED)
find_package(NSS REQUIRED)
endif ()
# ONLY required for Java-based PKI components
if (APPLICATION_FLAVOR_PKI_CORE OR
APPLICATION_FLAVOR_PKI_CONSOLE OR
APPLICATION_FLAVOR_DOGTAG_PKI_THEME OR
APPLICATION_FLAVOR_REDHAT_PKI_THEME)
find_package(Java REQUIRED)
find_package(JNI REQUIRED)
endif ()
find_package(Java REQUIRED)
find_package(JNI REQUIRED)
# ONLY required for PKI_CORE
if (APPLICATION_FLAVOR_PKI_CORE)
if (BUILD_PKI_CORE)
find_package(Ldap REQUIRED)
# required for native 'tpsclient' utility
find_package(APR REQUIRED)
......@@ -90,48 +79,29 @@ endif ()
set(CMAKE_THREAD_PREFER_PTHREADS ON)
find_package(Threads)
find_package(PythonInterp REQUIRED)
execute_process(
COMMAND
${PYTHON_EXECUTABLE} -c
"from distutils.sysconfig import get_python_lib; print get_python_lib()"
OUTPUT_VARIABLE
PYTHON2_SITE_PACKAGES
OUTPUT_STRIP_TRAILING_WHITESPACE
)
# CMake doesn't support multiple PythonInterp
execute_process(
COMMAND
python3 -c
"from distutils.sysconfig import get_python_lib; print(get_python_lib())"
OUTPUT_VARIABLE
PYTHON3_SITE_PACKAGES
ERROR_VARIABLE
PYTHON3_ERROR
RESULT_VARIABLE
PYTHON3_RESULT
OUTPUT_STRIP_TRAILING_WHITESPACE
)
if(PYTHON3_RESULT)
message(WARNING "python3 not found: ${PYTHON3_RESULT}")
if(PYTHON3_ERROR)
message(WARNING ${PYTHON3_ERROR})
endif()
unset(PYTHON3_SITE_PACKAGES)
# NSS default database type
if (PKI_NSS_DB_TYPE STREQUAL "dbm")
message(STATUS "Using old 'dbm' format for NSS_DEFAULT_DB_TYPE")
elseif (PKI_NSS_DB_TYPE STREQUAL "sql")
message(STATUS "Using new 'sql' format for NSS_DEFAULT_DB_TYPE")
else()
message(FATAL_ERROR "Unsupported PKI_NSS_DB_TYPE=${PKI_NSS_DB_TYPE}")
endif()
unset(PYTHON3_RESULT)
unset(PYTHON3_ERROR)
# Detect default Python interpreter
# Set PYTHON2_SITE_PACKAGES, PYTHON3_SITE_PACKAGES
if (BUILD_PKI_CORE OR BUILD_PKI_CONSOLE)
include(DefinePythonSitePackages)
endif ()
# config.h checks
include(ConfigureChecks.cmake)
configure_file(config.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/config.h)
include(ConfigureChecks)
configure_file(cmake/config.h.in ${CMAKE_CURRENT_BINARY_DIR}/config.h)
add_definitions(-DHAVE_CONFIG_H)
# uninstall target
configure_file("${CMAKE_CURRENT_SOURCE_DIR}/cmake_uninstall.cmake.in"
configure_file("${CMAKE_CURRENT_SOURCE_DIR}/cmake/cmake_uninstall.cmake.in"
"${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake"
IMMEDIATE @ONLY)
......@@ -164,14 +134,13 @@ add_custom_target(clean-cmake
)
# check subdirectories
if (APPLICATION_FLAVOR_PKI_CORE OR
APPLICATION_FLAVOR_PKI_CONSOLE)
if (BUILD_PKI_CORE OR BUILD_PKI_CONSOLE)
add_subdirectory(base)
endif ()
# 'Themes' MUST be "mutually-exclusive"!
if (APPLICATION_FLAVOR_DOGTAG_PKI_THEME)
if (BUILD_DOGTAG_PKI_THEME)
add_subdirectory(dogtag)
elseif (APPLICATION_FLAVOR_REDHAT_PKI_THEME)
elseif (BUILD_REDHAT_PKI_THEME)
add_subdirectory(redhat)
endif ()
README
View file @ 0fec6b8c
......@@ -9,18 +9,13 @@ Please comply with the LICENSE contained in each of
the individual components, and the EXPORT CONTROL
regulations defined at:
http://pki.fedoraproject.org/wiki/PKI_Download
http://www.dogtagpki.org/wiki/PKI_Download
These directories contain the following:
CMakeLists.txt
COPYING
CPackConfig.cmake
ConfigureChecks.cmake
DefineOptions.cmake
cmake_uninstall.cmake.in
config.h.cmake
cmake/ - These files and this directory contain
the top-level files necessary to integrate
the CMake build system in pki.
......@@ -45,9 +40,6 @@ These directories contain the following:
who wish to experiment with this project
should focus on this directory first.
patches/ - Contains "patches" needed for specific
versions of this certificate system.
scripts/ - Contains "scripts" used by this
certificate system. This directory
contains numerous "compose" scripts
......@@ -64,5 +56,5 @@ These directories contain the following:
Detailed instructions for building, installing, and
running this project are located at:
http://pki.fedoraproject.org/wiki/PKI_Main_Page
http://www.dogtagpki.org/wiki/PKI_Main_Page
base/CMakeLists.txt
View file @ 0fec6b8c
......@@ -3,6 +3,7 @@ project(base)
find_file(SERVLET_JAR
NAMES
servlet.jar
servlet-api-3.1.jar
PATHS
/usr/share/java
)
......@@ -11,6 +12,7 @@ find_file(JAXRS_API_JAR
NAMES
jaxrs-api.jar
jboss-jaxrs-2.0-api.jar
javax.ws.rs-api.jar
PATHS
${RESTEASY_LIB}
/usr/share/java
......@@ -21,6 +23,7 @@ find_file(SLF4J_API_JAR
slf4j-api.jar
PATHS
/usr/share/java/slf4j
/usr/share/java
)
find_file(SLF4J_JDK14_JAR
......@@ -28,6 +31,14 @@ find_file(SLF4J_JDK14_JAR
slf4j-jdk14.jar
PATHS
/usr/share/java/slf4j
/usr/share/java
)
find_file(COMMONS_CLI_JAR
NAMES
commons-cli.jar
PATHS
/usr/share/java
)
find_file(COMMONS_CODEC_JAR
......@@ -37,6 +48,14 @@ find_file(COMMONS_CODEC_JAR
/usr/share/java
)
find_file(COMMONS_COLLECTIONS_JAR
NAMES
commons-collections.jar
commons-collections3.jar
PATHS
/usr/share/java
)
find_file(COMMONS_HTTPCLIENT_JAR
NAMES
commons-httpclient.jar
......@@ -58,6 +77,13 @@ find_file(COMMONS_LANG_JAR
/usr/share/java
)
find_file(COMMONS_LOGGING_JAR
NAMES
commons-logging.jar
PATHS
/usr/share/java
)
find_file(HAMCREST_JAR
NAMES
core.jar
......@@ -70,6 +96,7 @@ find_file(HTTPCLIENT_JAR
httpclient.jar
PATHS
/usr/share/java/httpcomponents
/usr/share/java
)
find_file(HTTPCORE_JAR
......@@ -77,6 +104,7 @@ find_file(HTTPCORE_JAR
httpcore.jar
PATHS
/usr/share/java/httpcomponents
/usr/share/java
)
find_file(JACKSON_CORE_JAR
......@@ -84,6 +112,15 @@ find_file(JACKSON_CORE_JAR
jackson-core-asl.jar
PATHS
/usr/share/java/jackson
/usr/share/java
)
find_file(JACKSON_JAXRS_JAR
NAMES
jackson-jaxrs.jar
PATHS
/usr/share/java/jackson
/usr/share/java
)
find_file(JACKSON_MAPPER_JAR
......@@ -91,6 +128,38 @@ find_file(JACKSON_MAPPER_JAR
jackson-mapper-asl.jar
PATHS
/usr/share/java/jackson
/usr/share/java
)
find_file(JACKSON_MRBEAN_JAR
NAMES
jackson-mrbean.jar
PATHS
/usr/share/java/jackson
/usr/share/java
)
find_file(JACKSON_SMILE_JAR
NAMES
jackson-smile.jar
PATHS
/usr/share/java/jackson
/usr/share/java
)
find_file(JACKSON_XC_JAR
NAMES
jackson-xc.jar
PATHS
/usr/share/java/jackson
/usr/share/java
)
find_file(JAXB_API_JAR
NAMES
jaxb-api.jar
PATHS
/usr/share/java
)
find_file(JSS_JAR
......@@ -104,6 +173,7 @@ find_file(JSS_JAR
find_file(JUNIT_JAR
NAMES
junit.jar
junit4.jar
PATHS
/usr/share/java
)
......@@ -138,39 +208,58 @@ find_file(RESTEASY_ATOM_PROVIDER_JAR
${RESTEASY_LIB}
)
find_file(JASPIC_API_JAR
NAMES
jaspic-api.jar
tomcat8-jaspic-api.jar
PATHS
/usr/share/java/tomcat
/usr/share/java
)
find_file(TOMCAT_API_JAR
NAMES
tomcat-api.jar
tomcat8-api.jar
PATHS
/usr/share/java/tomcat
/usr/share/java
)
find_file(TOMCAT_CATALINA_JAR
NAMES
catalina.jar
tomcat8-catalina.jar
PATHS
/usr/share/java/tomcat
/usr/share/java
)
find_file(TOMCAT_COYOTE_JAR
NAMES
tomcat-coyote.jar
tomcat8-coyote.jar
PATHS
/usr/share/java/tomcat
/usr/share/java
)
find_file(TOMCAT_UTIL_JAR
NAMES
tomcat-util.jar
tomcat8-util.jar
PATHS
/usr/share/java/tomcat
/usr/share/java
)
find_file(TOMCAT_UTIL_SCAN_JAR
NAMES
tomcat-util-scan.jar
tomcat8-util-scan.jar
PATHS
/usr/share/java/tomcat
/usr/share/java
)
find_file(TOMCATJSS_JAR
......@@ -191,6 +280,7 @@ find_file(VELOCITY_JAR
find_file(XALAN_JAR
NAMES
xalan-j2.jar
xalan2.jar
PATHS
${JAVA_LIB_INSTALL_DIR}
/usr/share/java
......@@ -199,14 +289,30 @@ find_file(XALAN_JAR
find_file(XERCES_JAR
NAMES
xerces-j2.jar
xercesImpl.jar
PATHS
${JAVA_LIB_INSTALL_DIR}
/usr/share/java
)
# The order is important!
if (APPLICATION_FLAVOR_PKI_CORE)
find_file(XML_COMMONS_APIS_JAR
NAMES
xml-commons-apis.jar
xml-apis.jar
PATHS
/usr/share/java
)
find_file(XML_COMMONS_RESOLVER_JAR
NAMES
xml-commons-resolver.jar
xml-resolver.jar
PATHS
/usr/share/java
)
# The order is important!
if (BUILD_PKI_CORE OR BUILD_PKI_CONSOLE)
add_subdirectory(test)
add_subdirectory(symkey)
add_subdirectory(util)
......@@ -224,12 +330,33 @@ if (APPLICATION_FLAVOR_PKI_CORE)
# required for native 'tpsclient' utility
add_subdirectory(tps-client)
if(WITH_JAVADOC)
add_subdirectory(javadoc)
endif(WITH_JAVADOC)
list(APPEND PKI_JAVADOC_SOURCEPATH
${CMAKE_SOURCE_DIR}/base/server/cms/src)
list(APPEND PKI_JAVADOC_SUBPACKAGES
com.netscape.cms)
list(APPEND PKI_JAVADOC_CLASSPATH
${PKI_TOMCAT_JAR}
${PKI_CMS_JAR}
${PKI_CMSCORE_JAR})
list(APPEND PKI_JAVADOC_DEPENDS
pki-tomcat-jar
pki-cms-jar
pki-cmscore-jar
pki-ca-jar
pki-kra-jar
pki-ocsp-jar
pki-tks-jar
pki-tps-jar)
endif(WITH_SERVER)
if(WITH_JAVADOC)
add_subdirectory(javadoc)
endif(WITH_JAVADOC)
configure_file(
${CMAKE_CURRENT_SOURCE_DIR}/VERSION
${CMAKE_CURRENT_BINARY_DIR}/VERSION
......@@ -242,9 +369,8 @@ if (APPLICATION_FLAVOR_PKI_CORE)
${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}
)
endif (APPLICATION_FLAVOR_PKI_CORE)
endif (BUILD_PKI_CORE OR BUILD_PKI_CONSOLE)
if (APPLICATION_FLAVOR_PKI_CONSOLE)
add_subdirectory(test)
if (BUILD_PKI_CONSOLE)
add_subdirectory(console)
endif (APPLICATION_FLAVOR_PKI_CONSOLE)
endif (BUILD_PKI_CONSOLE)
base/ca/CMakeLists.txt
View file @ 0fec6b8c
......@@ -3,29 +3,26 @@ project(ca NONE)
add_subdirectory(src)
add_subdirectory(setup)
add_subdirectory(shared/conf)
add_subdirectory(${APP_SERVER})
if(WITH_TOMCAT7)
add_subdirectory(tomcat7)
endif(WITH_TOMCAT7)
# Create links at /usr/share/pki/ca/webapps/ca/admin/console.
# Create links in /usr/share/pki/ca/webapps/ca/WEB-INF/lib.
# This can be customized for different platforms in RPM spec.
if(WITH_TOMCAT8)
add_subdirectory(tomcat8)
endif(WITH_TOMCAT8)
# Create /usr/share/pki/ca/webapps/ca/WEB-INF/lib. This can be customized for different platforms in RPM spec.
add_custom_target(pki-ca-lib ALL)
add_custom_target(pki-ca-links ALL)
add_custom_command(
TARGET pki-ca-lib
TARGET pki-ca-links
COMMAND ${CMAKE_COMMAND} -E make_directory webapp/admin
COMMAND ln -sf ${DATA_INSTALL_DIR}/server/webapps/pki/admin/console ${CMAKE_CURRENT_BINARY_DIR}/webapp/admin
COMMAND ${CMAKE_COMMAND} -E make_directory webapp/lib
COMMAND /usr/bin/ln -sf /usr/share/java/pki/pki-nsutil.jar ${CMAKE_CURRENT_BINARY_DIR}/webapp/lib/pki-nsutil.jar
COMMAND /usr/bin/ln -sf /usr/share/java/pki/pki-cmsutil.jar ${CMAKE_CURRENT_BINARY_DIR}/webapp/lib/pki-cmsutil.jar
COMMAND /usr/bin/ln -sf /usr/share/java/pki/pki-certsrv.jar ${CMAKE_CURRENT_BINARY_DIR}/webapp/lib/pki-certsrv.jar
COMMAND /usr/bin/ln -sf /usr/share/java/pki/pki-cms.jar ${CMAKE_CURRENT_BINARY_DIR}/webapp/lib/pki-cms.jar
COMMAND /usr/bin/ln -sf /usr/share/java/pki/pki-cmscore.jar ${CMAKE_CURRENT_BINARY_DIR}/webapp/lib/pki-cmscore.jar
COMMAND /usr/bin/ln -sf /usr/share/java/pki/pki-cmsbundle.jar ${CMAKE_CURRENT_BINARY_DIR}/webapp/lib/pki-cmsbundle.jar
COMMAND /usr/bin/ln -sf /usr/share/java/pki/pki-ca.jar ${CMAKE_CURRENT_BINARY_DIR}/webapp/lib/pki-ca.jar
COMMAND ${CMAKE_COMMAND} -E create_symlink ${SLF4J_API_JAR} webapp/lib/slf4j-api.jar
COMMAND ${CMAKE_COMMAND} -E create_symlink ${SLF4J_JDK14_JAR} webapp/lib/slf4j-jdk14.jar
COMMAND ln -sf /usr/share/java/pki/pki-certsrv.jar ${CMAKE_CURRENT_BINARY_DIR}/webapp/lib/pki-certsrv.jar
COMMAND ln -sf /usr/share/java/pki/pki-cms.jar ${CMAKE_CURRENT_BINARY_DIR}/webapp/lib/pki-cms.jar
COMMAND ln -sf /usr/share/java/pki/pki-cmscore.jar ${CMAKE_CURRENT_BINARY_DIR}/webapp/lib/pki-cmscore.jar
COMMAND ln -sf /usr/share/java/pki/pki-cmsbundle.jar ${CMAKE_CURRENT_BINARY_DIR}/webapp/lib/pki-cmsbundle.jar
COMMAND ln -sf /usr/share/java/pki/pki-ca.jar ${CMAKE_CURRENT_BINARY_DIR}/webapp/lib/pki-ca.jar
)
# install directories
......@@ -38,6 +35,13 @@ install(
"CMakeLists.txt" EXCLUDE
)
install(
FILES
${CMAKE_CURRENT_BINARY_DIR}/webapp/admin/
DESTINATION
${DATA_INSTALL_DIR}/ca/webapps/ca/admin
)
install(
DIRECTORY
${CMAKE_CURRENT_BINARY_DIR}/webapp/lib/
......
base/ca/functional/src/com/netscape/cms/servlet/test/CATest.java
View file @ 0fec6b8c
......@@ -31,8 +31,8 @@ import org.mozilla.jss.crypto.AlreadyInitializedException;
import org.mozilla.jss.crypto.CryptoToken;
import org.mozilla.jss.util.Password;
import com.netscape.certsrv.ca.CAClient;
import com.netscape.certsrv.ca.CACertClient;
import com.netscape.certsrv.ca.CAClient;
import com.netscape.certsrv.cert.CertData;
import com.netscape.certsrv.cert.CertDataInfo;
import com.netscape.certsrv.cert.CertDataInfos;
......@@ -158,7 +158,7 @@ public class CATest {
try {
ClientConfig config = new ClientConfig();
config.setServerURI(protocol + "://" + host + ":" + port);
config.setServerURL(protocol + "://" + host + ":" + port);
config.setCertNickname(clientCertNickname);
client = new CAClient(new PKIClient(config, null));
......
base/ca/shared/conf/CS.cfg
View file @ 0fec6b8c
......@@ -233,8 +233,8 @@ ca.scep._004=## ca.scep.nickname=
ca.scep._005=## ca.scep.tokenname=
ca.scep._006=##
ca.scep.enable=false
ca.scep.hashAlgorithm=SHA1
ca.scep.allowedHashAlgorithms=SHA1,SHA256,SHA512
ca.scep.hashAlgorithm=SHA256
ca.scep.allowedHashAlgorithms=SHA256,SHA512
ca.scep.encryptionAlgorithm=DES3
ca.scep.allowedEncryptionAlgorithms=DES3
ca.scep.nonceSizeLimit=16
......@@ -666,7 +666,7 @@ ca.notification.requestInQ.senderEmail=
ca.ocsp_signing.cacertnickname=ocspSigningCert cert-[PKI_INSTANCE_NAME]
ca.ocsp_signing.defaultSigningAlgorithm=SHA256withRSA
ca.ocsp_signing.tokenname=internal
ca.profiles.defaultSigningAlgsAllowed=SHA256withRSA,SHA1withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA256withEC,SHA1withEC,SHA384withEC,SHA512withEC
ca.profiles.defaultSigningAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withEC,SHA512withEC
ca.publish.createOwnDNEntry=false
ca.publish.queue.enable=true
ca.publish.queue.maxNumberOfThreads=3
......@@ -975,7 +975,7 @@ oidmap.pse.oid=2.16.840.1.113730.1.18
oidmap.subject_info_access.class=netscape.security.extensions.SubjectInfoAccessExtension
oidmap.subject_info_access.oid=1.3.6.1.5.5.7.1.11
os.userid=nobody
profile.list=caCMCserverCert,caCMCsubsystemCert,caCMCauditSigningCert,caCMCcaCert,caCMCocspCert,caCMCkraTransportCert,caCMCkraStorageCert,caUserCert,caECUserCert,caUserSMIMEcapCert,caDualCert,caDirBasedDualCert,caECDualCert,AdminCert,caSignedLogCert,caTPSCert,caRARouterCert,caRouterCert,caServerCert,caSubsystemCert,caOtherCert,caCACert,caCMCcaCert,caCrossSignedCACert,caInstallCACert,caRACert,caOCSPCert,caStorageCert,caTransportCert,caDirPinUserCert,caDirUserCert,caECDirUserCert,caAgentServerCert,caAgentFileSigning,caCMCUserCert,caFullCMCUserCert,caFullCMCUserSignedCert,caFullCMCSelfSignedCert,caSimpleCMCUserCert,caTokenDeviceKeyEnrollment,caTokenUserEncryptionKeyEnrollment,caTokenUserSigningKeyEnrollment,caTempTokenDeviceKeyEnrollment,caTempTokenUserEncryptionKeyEnrollment,caTempTokenUserSigningKeyEnrollment,caAdminCert,caInternalAuthServerCert,caInternalAuthTransportCert,caInternalAuthDRMstorageCert,caInternalAuthSubsystemCert,caInternalAuthOCSPCert,caInternalAuthAuditSigningCert,DomainController,caDualRAuserCert,caRAagentCert,caRAserverCert,caUUIDdeviceCert,caSSLClientSelfRenewal,caDirUserRenewal,caManualRenewal,caTokenMSLoginEnrollment,caTokenUserSigningKeyRenewal,caTokenUserEncryptionKeyRenewal,caTokenUserAuthKeyRenewal,caJarSigningCert,caIPAserviceCert,caEncUserCert,caSigningUserCert,caSigningECUserCert,caEncECUserCert,caTokenUserDelegateAuthKeyEnrollment,caTokenUserDelegateSigningKeyEnrollment
profile.list=caCMCserverCert,caCMCECserverCert,caCMCECsubsystemCert,caCMCsubsystemCert,caCMCauditSigningCert,caCMCcaCert,caCMCocspCert,caCMCkraTransportCert,caCMCkraStorageCert,caUserCert,caECUserCert,caUserSMIMEcapCert,caDualCert,caDirBasedDualCert,AdminCert,ECAdminCert,caSignedLogCert,caTPSCert,caRARouterCert,caRouterCert,caServerCert,caECServerCert,caSubsystemCert,caECSubsystemCert,caOtherCert,caCACert,caCMCcaCert,caCrossSignedCACert,caInstallCACert,caRACert,caOCSPCert,caStorageCert,caTransportCert,caDirPinUserCert,caECDirPinUserCert,caDirUserCert,caECDirUserCert,caAgentServerCert,caECAgentServerCert,caAgentFileSigning,caCMCUserCert,caCMCECUserCert,caFullCMCUserCert,caECFullCMCUserCert,caFullCMCUserSignedCert,caECFullCMCUserSignedCert,caFullCMCSelfSignedCert,caECFullCMCSelfSignedCert,caSimpleCMCUserCert,caECSimpleCMCUserCert,caTokenDeviceKeyEnrollment,caTokenUserEncryptionKeyEnrollment,caTokenUserSigningKeyEnrollment,caTempTokenDeviceKeyEnrollment,caTempTokenUserEncryptionKeyEnrollment,caTempTokenUserSigningKeyEnrollment,caAdminCert,caECAdminCert,caInternalAuthServerCert,caECInternalAuthServerCert,caInternalAuthTransportCert,caInternalAuthDRMstorageCert,caInternalAuthSubsystemCert,caECInternalAuthSubsystemCert,caInternalAuthOCSPCert,caInternalAuthAuditSigningCert,DomainController,caDualRAuserCert,caRAagentCert,caRAserverCert,caUUIDdeviceCert,caSSLClientSelfRenewal,caDirUserRenewal,caManualRenewal,caTokenMSLoginEnrollment,caTokenUserSigningKeyRenewal,caTokenUserEncryptionKeyRenewal,caTokenUserAuthKeyRenewal,caJarSigningCert,caIPAserviceCert,caEncUserCert,caSigningUserCert,caTokenUserDelegateAuthKeyEnrollment,caTokenUserDelegateSigningKeyEnrollment
profile.caUUIDdeviceCert.class_id=caEnrollImpl
profile.caUUIDdeviceCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caUUIDdeviceCert.cfg
profile.caManualRenewal.class_id=caEnrollImpl
......@@ -986,16 +986,22 @@ profile.caSSLClientSelfRenewal.class_id=caEnrollImpl
profile.caSSLClientSelfRenewal.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caSSLClientSelfRenewal.cfg
profile.AdminCert.class_id=caEnrollImpl
profile.AdminCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/AdminCert.cfg
profile.ECAdminCert.class_id=caEnrollImpl
profile.ECAdminCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/ECAdminCert.cfg
profile.DomainController.class_id=caEnrollImpl
profile.DomainController.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/DomainController.cfg
profile.caAgentFileSigning.class_id=caEnrollImpl
profile.caAgentFileSigning.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caAgentFileSigning.cfg
profile.caAgentServerCert.class_id=caEnrollImpl
profile.caAgentServerCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caAgentServerCert.cfg
profile.caECAgentServerCert.class_id=caEnrollImpl
profile.caECAgentServerCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caECAgentServerCert.cfg
profile.caRAserverCert.class_id=caEnrollImpl
profile.caRAserverCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caRAserverCert.cfg
profile.caCMCUserCert.class_id=caEnrollImpl
profile.caCMCUserCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caCMCUserCert.cfg
profile.caCMCECUserCert.class_id=caEnrollImpl
profile.caCMCECUserCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caCMCECUserCert.cfg
profile.caCMCauditSigningCert.class_id=caEnrollImpl
profile.caCMCauditSigningCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caCMCauditSigningCert.cfg
profile.caCMCcaCert.class_id=caEnrollImpl
......@@ -1008,8 +1014,12 @@ profile.caCMCocspCert.class_id=caEnrollImpl
profile.caCMCocspCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caCMCocspCert.cfg
profile.caCMCserverCert.class_id=caEnrollImpl
profile.caCMCserverCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caCMCserverCert.cfg
profile.caCMCECserverCert.class_id=caEnrollImpl
profile.caCMCECserverCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caCMCECserverCert.cfg
profile.caCMCsubsystemCert.class_id=caEnrollImpl
profile.caCMCsubsystemCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caCMCsubsystemCert.cfg
profile.caCMCECsubsystemCert.class_id=caEnrollImpl
profile.caCMCECsubsystemCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caCMCECsubsystemCert.cfg
profile.caCACert.class_id=caEnrollImpl
profile.caCACert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caCACert.cfg
profile.caInstallCACert.class_id=caEnrollImpl
......@@ -1020,32 +1030,42 @@ profile.caDirBasedDualCert.class_id=caEnrollImpl
profile.caDirBasedDualCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caDirBasedDualCert.cfg
profile.caDirPinUserCert.class_id=caEnrollImpl
profile.caDirPinUserCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caDirPinUserCert.cfg
profile.caECDirPinUserCert.class_id=caEnrollImpl
profile.caECDirPinUserCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caECDirPinUserCert.cfg
profile.caDirUserCert.class_id=caEnrollImpl
profile.caDirUserCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caDirUserCert.cfg
profile.caECDirUserCert.class_id=caEnrollImpl
profile.caECDirUserCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caECDirUserCert.cfg
profile.caDualCert.class_id=caEnrollImpl
profile.caDualCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caDualCert.cfg
profile.caECDualCert.class_id=caEnrollImpl
profile.caECDualCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caECDualCert.cfg
profile.caDualRAuserCert.class_id=caEnrollImpl
profile.caDualRAuserCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caDualRAuserCert.cfg
profile.caRAagentCert.class_id=caEnrollImpl
profile.caRAagentCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caRAagentCert.cfg
profile.caFullCMCUserCert.class_id=caEnrollImpl
profile.caFullCMCUserCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caFullCMCUserCert.cfg
profile.caECFullCMCUserCert.class_id=caEnrollImpl
profile.caECFullCMCUserCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caECFullCMCUserCert.cfg
profile.caFullCMCUserSignedCert.class_id=caEnrollImpl
profile.caFullCMCUserSignedCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caFullCMCUserSignedCert.cfg
profile.caECFullCMCUserSignedCert.class_id=caEnrollImpl
profile.caECFullCMCUserSignedCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caECFullCMCUserSignedCert.cfg
profile.caFullCMCSelfSignedCert.class_id=caEnrollImpl
profile.caFullCMCSelfSignedCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caFullCMCSelfSignedCert.cfg
profile.caECFullCMCSelfSignedCert.class_id=caEnrollImpl
profile.caECFullCMCSelfSignedCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caECFullCMCSelfSignedCert.cfg
profile.caInternalAuthOCSPCert.class_id=caEnrollImpl
profile.caInternalAuthOCSPCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caInternalAuthOCSPCert.cfg
profile.caInternalAuthAuditSigningCert.class_id=caEnrollImpl
profile.caInternalAuthAuditSigningCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caInternalAuthAuditSigningCert.cfg
profile.caInternalAuthServerCert.class_id=caEnrollImpl
profile.caInternalAuthServerCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caInternalAuthServerCert.cfg
profile.caECInternalAuthServerCert.class_id=caEnrollImpl
profile.caECInternalAuthServerCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caECInternalAuthServerCert.cfg
profile.caInternalAuthSubsystemCert.class_id=caEnrollImpl
profile.caInternalAuthSubsystemCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caInternalAuthSubsystemCert.cfg
profile.caECInternalAuthSubsystemCert.class_id=caEnrollImpl
profile.caECInternalAuthSubsystemCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caECInternalAuthSubsystemCert.cfg
profile.caInternalAuthDRMstorageCert.class_id=caEnrollImpl
profile.caInternalAuthDRMstorageCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caInternalAuthDRMstorageCert.cfg
profile.caInternalAuthTransportCert.class_id=caEnrollImpl
......@@ -1062,20 +1082,26 @@ profile.caRouterCert.class_id=caEnrollImpl
profile.caRouterCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caRouterCert.cfg
profile.caServerCert.class_id=caEnrollImpl
profile.caServerCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caServerCert.cfg
profile.caECServerCert.class_id=caEnrollImpl
profile.caECServerCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caECServerCert.cfg
profile.caSignedLogCert.class_id=caEnrollImpl
profile.caSignedLogCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caSignedLogCert.cfg
profile.caSigningECUserCert.class_id=caEnrollImpl
profile.caSigningECUserCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caSigningECUserCert.cfg
profile.caSigningUserCert.class_id=caEnrollImpl
profile.caSigningUserCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caSigningUserCert.cfg
profile.caSimpleCMCUserCert.class_id=caEnrollImpl
profile.caSimpleCMCUserCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caSimpleCMCUserCert.cfg
profile.caECSimpleCMCUserCert.class_id=caEnrollImpl
profile.caECSimpleCMCUserCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caECSimpleCMCUserCert.cfg
profile.caSubsystemCert.class_id=caEnrollImpl
profile.caSubsystemCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caSubsystemCert.cfg
profile.caECSubsystemCert.class_id=caEnrollImpl
profile.caECSubsystemCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caECSubsystemCert.cfg
profile.caTPSCert.class_id=caEnrollImpl
profile.caTPSCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caTPSCert.cfg
profile.caAdminCert.class_id=caEnrollImpl
profile.caAdminCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caAdminCert.cfg
profile.caECAdminCert.class_id=caEnrollImpl
profile.caECAdminCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caAdminCert.cfg
profile.caTempTokenDeviceKeyEnrollment.class_id=caUserCertEnrollImpl
profile.caTempTokenDeviceKeyEnrollment.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg
profile.caTempTokenUserEncryptionKeyEnrollment.class_id=caUserCertEnrollImpl
......@@ -1116,8 +1142,6 @@ profile.caIPAserviceCert.class_id=caEnrollImpl
profile.caIPAserviceCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caIPAserviceCert.cfg
profile.caEncUserCert.class_id=caEnrollImpl
profile.caEncUserCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caEncUserCert.cfg
profile.caEncECUserCert.class_id=caEnrollImpl
profile.caEncECUserCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE]/profiles/ca/caEncECUserCert.cfg
registry.file=[PKI_INSTANCE_PATH]/conf/[PKI_SUBSYSTEM_TYPE]/registry.cfg
processor.caProfileProcess.getClientCert=true
processor.caProfileProcess.authzMgr=BasicAclAuthz
......