################################################################################ Name: pki ################################################################################ # Don't use macros in these params since they need to be parsed by build.sh %global vendor_id dogtag %global product_name Dogtag PKI %global product_id dogtag-pki %global theme dogtag # Upstream version number: %global major_version 11 %global minor_version 7 %global update_version 0 # Downstream release number: # - development/stabilization (unsupported): 0. where n >= 1 # - GA/update (supported): where n >= 1 %global release_number 0.1 # Development phase: # - development (unsupported): alpha where n >= 1 # - stabilization (unsupported): beta where n >= 1 # - GA/update (supported): %global phase alpha1 %undefine timestamp %undefine commit_id Summary: %{product_name} Package URL: https://www.dogtagpki.org # The entire source code is GPLv2 except for 'pki-tps' which is LGPLv2 License: GPL-2.0-only AND LGPL-2.0-only Version: 11.7.0 Release: 0.20250625022241871051.master.4613.g1d57ec7619%{?dist} # To create a tarball from a version tag: # $ git archive \ # --format=tar.gz \ # --prefix pki-/ \ # -o pki-.tar.gz \ # Source: pki-11.7.0.tar.gz # To create a patch for all changes since a version tag: # $ git format-patch \ # --stdout \ # \ # > pki-VERSION-RELEASE.patch # Patch: pki-VERSION-RELEASE.patch %if 0%{?java_arches:1} ExclusiveArch: %{java_arches} %else ExcludeArch: i686 %endif ################################################################################ # PKCS #11 Kit Trust ################################################################################ %global p11_kit_trust /usr/lib64/pkcs11/p11-kit-trust.so ################################################################################ # Java ################################################################################ # use Java 17 on Fedora 39 or older and RHEL 9 or older # otherwise, use Java 21 # maven-local is a subpackage of javapackages-tools %if 0%{?fedora} && 0%{?fedora} <= 39 || 0%{?rhel} && 0%{?rhel} <= 9 %define java_runtime java-17-openjdk %define java_devel java-17-openjdk-devel %define java_headless java-17-openjdk-headless %define java_home %{_jvmdir}/jre-17-openjdk %define maven_local maven-local-openjdk17 %else %define java_runtime java-21-openjdk %define java_devel java-21-openjdk-devel %define java_headless java-21-openjdk-headless %define java_home %{_jvmdir}/jre-21-openjdk %define maven_local maven-local %endif ################################################################################ # Application Server ################################################################################ %global app_server tomcat-9.0 ################################################################################ # PKI ################################################################################ # Use external build dependencies unless --without build_deps is specified. %bcond_without build_deps # Use bundled runtime dependencies unless --with runtime_deps is specified. %bcond_with runtime_deps # Build with Maven unless --without maven is specified. %bcond_without maven # Execute unit tests unless --without test is specified. %bcond_without test # Build the package unless --without is specified. %bcond_without base %bcond_without server %bcond_without acme %bcond_without ca %bcond_without esc %bcond_without est %bcond_without kra %bcond_without ocsp %bcond_without tks %bcond_without tps %bcond_without javadoc %bcond_without theme %bcond_without meta %bcond_without tests %bcond_without debug # Don't build console unless --with console is specified. %bcond_with console %if ! %{with debug} %define debug_package %{nil} %endif # ignore unpackaged files from native 'tpsclient' # REMINDER: Remove this '%%define' once 'tpsclient' is rewritten as a Java app %define _unpackaged_files_terminate_build 0 # The PKI UID and GID are preallocated, see: # https://bugzilla.redhat.com/show_bug.cgi?id=476316 # https://bugzilla.redhat.com/show_bug.cgi?id=476782 # https://pagure.io/setup/blob/master/f/uidgid # /usr/share/doc/setup/uidgid %define pki_username pkiuser %define pki_uid 17 %define pki_groupname pkiuser %define pki_gid 17 # Create a home directory for PKI user at /home/pkiuser # to store rootless Podman container. %define pki_homedir /home/%{pki_username} %global saveFileContext() \ if [ -s /etc/selinux/config ]; then \ . %{_sysconfdir}/selinux/config; \ FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \ if [ "${SELINUXTYPE}" == %1 -a -f ${FILE_CONTEXT} ]; then \ cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.%{name}; \ fi \ fi; %global relabel() \ . %{_sysconfdir}/selinux/config; \ FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \ selinuxenabled; \ if [ $? == 0 -a "${SELINUXTYPE}" == %1 -a -f ${FILE_CONTEXT}.%{name} ]; then \ fixfiles -C ${FILE_CONTEXT}.%{name} restore; \ rm -f ${FILE_CONTEXT}.%name; \ fi; ################################################################################ # Build Dependencies ################################################################################ BuildRequires: make BuildRequires: cmake BuildRequires: gcc-c++ BuildRequires: zip BuildRequires: nspr-devel BuildRequires: nss-devel >= 3.36.1 BuildRequires: openldap-devel BuildRequires: pkgconfig BuildRequires: policycoreutils # Java build dependencies BuildRequires: %{java_devel} BuildRequires: %{maven_local} %if 0%{?fedora} BuildRequires: xmvn-tools %endif BuildRequires: javapackages-tools %if %{without runtime_deps} BuildRequires: xmlstarlet %endif BuildRequires: mvn(commons-cli:commons-cli) BuildRequires: mvn(commons-codec:commons-codec) BuildRequires: mvn(commons-io:commons-io) BuildRequires: mvn(commons-logging:commons-logging) BuildRequires: mvn(commons-net:commons-net) BuildRequires: mvn(org.apache.commons:commons-lang3) BuildRequires: mvn(org.apache.httpcomponents:httpclient) BuildRequires: mvn(org.slf4j:slf4j-api) BuildRequires: mvn(xml-apis:xml-apis) BuildRequires: mvn(xml-resolver:xml-resolver) BuildRequires: mvn(org.junit.jupiter:junit-jupiter-api) %if %{with build_deps} BuildRequires: mvn(jakarta.activation:jakarta.activation-api) BuildRequires: mvn(jakarta.annotation:jakarta.annotation-api) BuildRequires: mvn(jakarta.xml.bind:jakarta.xml.bind-api) BuildRequires: mvn(com.fasterxml.jackson.core:jackson-annotations) BuildRequires: mvn(com.fasterxml.jackson.core:jackson-core) BuildRequires: mvn(com.fasterxml.jackson.core:jackson-databind) BuildRequires: mvn(com.fasterxml.jackson.module:jackson-module-jaxb-annotations) BuildRequires: mvn(com.fasterxml.jackson.jaxrs:jackson-jaxrs-base) BuildRequires: mvn(com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider) BuildRequires: mvn(org.jboss.spec.javax.ws.rs:jboss-jaxrs-api_2.0_spec) BuildRequires: mvn(org.jboss.logging:jboss-logging) BuildRequires: mvn(org.jboss.resteasy:resteasy-jaxrs) BuildRequires: mvn(org.jboss.resteasy:resteasy-jackson2-provider) BuildRequires: mvn(org.jboss.resteasy:resteasy-servlet-initializer) %endif BuildRequires: mvn(org.apache.tomcat:tomcat-catalina) >= 9.0.62 BuildRequires: mvn(org.apache.tomcat:tomcat-servlet-api) >= 9.0.62 BuildRequires: mvn(org.apache.tomcat:tomcat-jaspic-api) >= 9.0.62 BuildRequires: mvn(org.apache.tomcat:tomcat-util-scan) >= 9.0.62 %if 0%{?rhel} && 0%{?rhel} >= 10 BuildRequires: tomcat9-lib %endif BuildRequires: mvn(org.dogtagpki.jss:jss-base) >= 5.7 BuildRequires: mvn(org.dogtagpki.jss:jss-tomcat) >= 5.7 BuildRequires: mvn(org.dogtagpki.ldap-sdk:ldapjdk) >= 5.6.0 # Python build dependencies BuildRequires: python3 >= 3.6 BuildRequires: python3-devel BuildRequires: python3-setuptools BuildRequires: python3-cryptography BuildRequires: python3-lxml BuildRequires: python3-ldap BuildRequires: python3-libselinux BuildRequires: python3-requests >= 2.6.0 BuildRequires: python3-six BuildRequires: python3-sphinx BuildRequires: systemd-units # additional build requirements needed to build native 'tpsclient' # REMINDER: Revisit these once 'tpsclient' is rewritten as a Java app BuildRequires: apr-devel BuildRequires: apr-util-devel BuildRequires: cyrus-sasl-devel BuildRequires: httpd-devel >= 2.4.2 BuildRequires: systemd # build dependency to build man pages BuildRequires: golang-github-cpuguy83-md2man # pki-healthcheck depends on the following library %if 0%{?rhel} BuildRequires: ipa-healthcheck-core %else BuildRequires: freeipa-healthcheck-core %endif # PKICertImport depends on certutil and openssl BuildRequires: nss-tools BuildRequires: openssl # description for top-level package (if there is a separate meta package) %if "%{name}" != "%{product_id}" %description %{product_name} is an enterprise software system designed to manage enterprise Public Key Infrastructure deployments. %{product_name} consists of the following components: * Certificate Authority (CA) * Key Recovery Authority (KRA) * Online Certificate Status Protocol (OCSP) Manager * Token Key Service (TKS) * Token Processing Service (TPS) * Automatic Certificate Management Environment (ACME) Responder * Enrollment over Secure Transport (EST) Responder %endif %if %{with meta} %if "%{name}" != "%{product_id}" ################################################################################ %package -n %{product_id} ################################################################################ Summary: %{product_name} Package %endif Obsoletes: pki-symkey < %{version} Obsoletes: %{product_id}-symkey < %{version} Obsoletes: pki-console < %{version} Obsoletes: pki-console-theme < %{version} %if %{with base} Requires: %{product_id}-base = %{version}-%{release} Requires: python3-%{product_id} = %{version}-%{release} Requires: %{product_id}-java = %{version}-%{release} Requires: %{product_id}-tools = %{version}-%{release} %endif %if %{with server} Requires: %{product_id}-server = %{version}-%{release} %endif %if %{with acme} Requires: %{product_id}-acme = %{version}-%{release} %else Obsoletes: pki-acme < %{version} Conflicts: pki-acme < %{version} Obsoletes: %{product_id}-acme < %{version} Conflicts: %{product_id}-acme < %{version} %endif %if %{with ca} Requires: %{product_id}-ca = %{version}-%{release} %else Obsoletes: pki-ca < %{version} Conflicts: pki-ca < %{version} Obsoletes: %{product_id}-ca < %{version} Conflicts: %{product_id}-ca < %{version} %endif %if %{with est} Requires: %{product_id}-est = %{version}-%{release} %else Obsoletes: pki-est < %{version} Conflicts: pki-est < %{version} Obsoletes: %{product_id}-est < %{version} Conflicts: %{product_id}-est < %{version} %endif %if %{with kra} Requires: %{product_id}-kra = %{version}-%{release} %else Obsoletes: pki-kra < %{version} Conflicts: pki-kra < %{version} Obsoletes: %{product_id}-kra < %{version} Conflicts: %{product_id}-kra < %{version} %endif %if %{with ocsp} Requires: %{product_id}-ocsp = %{version}-%{release} %else Obsoletes: pki-ocsp < %{version} Conflicts: pki-ocsp < %{version} Obsoletes: %{product_id}-ocsp < %{version} Conflicts: %{product_id}-ocsp < %{version} %endif %if %{with tks} Requires: %{product_id}-tks = %{version}-%{release} %else Obsoletes: pki-tks < %{version} Conflicts: pki-tks < %{version} Obsoletes: %{product_id}-tks < %{version} Conflicts: %{product_id}-tks < %{version} %endif %if %{with tps} Requires: %{product_id}-tps = %{version}-%{release} %else Obsoletes: pki-tps < %{version} Conflicts: pki-tps < %{version} Obsoletes: %{product_id}-tps < %{version} Conflicts: %{product_id}-tps < %{version} %endif %if %{with javadoc} Requires: %{product_id}-javadoc = %{version}-%{release} %else Obsoletes: pki-javadoc < %{version} Conflicts: pki-javadoc < %{version} Obsoletes: %{product_id}-javadoc < %{version} Conflicts: %{product_id}-javadoc < %{version} %endif %if %{with console} Requires: %{product_id}-console = %{version}-%{release} %else Obsoletes: pki-console < %{version} Conflicts: pki-console < %{version} Obsoletes: %{product_id}-console < %{version} Conflicts: %{product_id}-console < %{version} %endif %if %{with theme} Requires: %{product_id}-theme = %{version}-%{release} %if %{with console} Requires: %{product_id}-console-theme = %{version}-%{release} %endif %else Obsoletes: pki-theme < %{version} Conflicts: pki-theme < %{version} Obsoletes: %{product_id}-theme < %{version} Conflicts: %{product_id}-theme < %{version} Obsoletes: pki-console-theme < %{version} Conflicts: pki-console-theme < %{version} Obsoletes: %{product_id}-console-theme < %{version} Conflicts: %{product_id}-console-theme < %{version} %endif %if %{with tests} Requires: %{product_id}-tests = %{version}-%{release} %endif %if %{with esc} # Make certain that this 'meta' package requires the latest version(s) # of ALL PKI clients -- except for s390/s390x where 'esc' is not built %ifnarch s390 s390x Requires: esc >= 1.1.2 %endif %else Obsoletes: esc <= 1.1.2 Conflicts: esc <= 1.1.2 %endif # description for top-level package (unless there is a separate meta package) %if "%{name}" == "%{product_id}" %description %else %description -n %{product_id} %endif %{product_name} is an enterprise software system designed to manage enterprise Public Key Infrastructure deployments. %{product_name} consists of the following components: * Certificate Authority (CA) * Key Recovery Authority (KRA) * Online Certificate Status Protocol (OCSP) Manager * Token Key Service (TKS) * Token Processing Service (TPS) * Automatic Certificate Management Environment (ACME) Responder * Enrollment over Secure Transport (EST) Responder # with meta %endif %if %{with base} ################################################################################ %package -n %{product_id}-base ################################################################################ Summary: %{product_name} Base Package BuildArch: noarch Obsoletes: pki-base < %{version}-%{release} Provides: pki-base = %{version}-%{release} Requires: nss >= 3.36.1 Requires: python3-pki = %{version}-%{release} Requires(post): python3-pki = %{version}-%{release} # Ensure we end up with a useful installation Conflicts: pki-javadoc < %{version} Conflicts: pki-server-theme < %{version} Conflicts: %{product_id}-theme < %{version} %description -n %{product_id}-base This package provides default configuration files for %{product_name} client. ################################################################################ %package -n python3-%{product_id} ################################################################################ Summary: %{product_name} Python 3 Package BuildArch: noarch Obsoletes: python3-pki < %{version}-%{release} Provides: python3-pki = %{version}-%{release} Obsoletes: pki-base-python3 < %{version}-%{release} Provides: pki-base-python3 = %{version}-%{release} %{?python_provide:%python_provide python3-pki} Requires: %{product_id}-base = %{version}-%{release} Requires: python3 >= 3.6 Requires: python3-cryptography Requires: python3-ldap Requires: python3-lxml Requires: python3-requests >= 2.6.0 Requires: python3-six %description -n python3-%{product_id} This package provides common and client library for Python 3. ################################################################################ %package -n %{product_id}-java ################################################################################ Summary: %{product_name} Base Java Package BuildArch: noarch Obsoletes: pki-base-java < %{version}-%{release} Provides: pki-base-java = %{version}-%{release} Obsoletes: %{product_id}-base-java < %{version}-%{release} Provides: %{product_id}-base-java = %{version}-%{release} Requires: %{java_headless} Requires: mvn(commons-cli:commons-cli) Requires: mvn(commons-codec:commons-codec) Requires: mvn(commons-io:commons-io) Requires: mvn(commons-logging:commons-logging) Requires: mvn(commons-net:commons-net) Requires: mvn(org.apache.commons:commons-lang3) Requires: mvn(org.apache.httpcomponents:httpclient) Requires: mvn(org.slf4j:slf4j-api) Requires: mvn(org.slf4j:slf4j-jdk14) %if %{with runtime_deps} Requires: mvn(jakarta.activation:jakarta.activation-api) Requires: mvn(jakarta.annotation:jakarta.annotation-api) Requires: mvn(jakarta.xml.bind:jakarta.xml.bind-api) Requires: mvn(com.fasterxml.jackson.core:jackson-annotations) Requires: mvn(com.fasterxml.jackson.core:jackson-core) Requires: mvn(com.fasterxml.jackson.core:jackson-databind) Requires: mvn(com.fasterxml.jackson.jaxrs:jackson-jaxrs-base) Requires: mvn(com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider) Requires: mvn(org.jboss.spec.javax.ws.rs:jboss-jaxrs-api_2.0_spec) Requires: mvn(org.jboss.logging:jboss-logging) Requires: mvn(org.jboss.resteasy:resteasy-jaxrs) Requires: mvn(org.jboss.resteasy:resteasy-jackson2-provider) %else Provides: bundled(jakarta-activation) Provides: bundled(jakarta-annotations) Provides: bundled(jaxb-api) Provides: bundled(jackson-annotations) Provides: bundled(jackson-core) Provides: bundled(jackson-databind) Provides: bundled(jackson-modules-base) Provides: bundled(jackson-jaxrs-providers) Provides: bundled(jackson-jaxrs-json-provider) Provides: bundled(jboss-jaxrs-2.0-api) Provides: bundled(jboss-logging) Provides: bundled(resteasy-jaxrs) Provides: bundled(resteasy-jackson2-provider) %endif Requires: mvn(org.dogtagpki.jss:jss-base) >= 5.7 Requires: mvn(org.dogtagpki.ldap-sdk:ldapjdk) >= 5.6.0 Requires: %{product_id}-base = %{version}-%{release} %description -n %{product_id}-java This package provides common and client libraries for Java. ################################################################################ %package -n %{product_id}-tools ################################################################################ Summary: %{product_name} Tools Package Obsoletes: pki-tools < %{version}-%{release} Provides: pki-tools = %{version}-%{release} Requires: openldap-clients Requires: nss-tools >= 3.36.1 Requires: %{product_id}-java = %{version}-%{release} Requires: p11-kit-trust Requires: file # PKICertImport depends on certutil and openssl Requires: nss-tools Requires: openssl %description -n %{product_id}-tools This package provides tools that can be used to help make %{product_name} into a more complete and robust PKI solution. The utility "tpsclient" is a test tool that interacts with TPS. This tool is useful to test TPS server without risking an actual smart card. # with base %endif %if %{with server} ################################################################################ %package -n %{product_id}-server ################################################################################ Summary: %{product_name} Server Package BuildArch: noarch Obsoletes: pki-server < %{version}-%{release} Provides: pki-server = %{version}-%{release} Requires: hostname Requires: policycoreutils Requires: procps-ng Requires: openldap-clients Requires: openssl Requires: %{product_id}-tools = %{version}-%{release} Requires: %{java_devel} Requires: keyutils Requires: policycoreutils-python-utils Requires: python3-lxml Requires: python3-libselinux Requires: python3-policycoreutils Requires: selinux-policy-targeted >= 3.13.1-159 %if %{with runtime_deps} Requires: mvn(org.jboss.resteasy:resteasy-servlet-initializer) %else Provides: bundled(resteasy-servlet-initializer) %endif %if 0%{?rhel} && 0%{?rhel} >= 10 Requires: tomcat9 >= 1:9.0.62 %else Requires: tomcat >= 1:9.0.62 %endif Requires: mvn(org.dogtagpki.jss:jss-tomcat) >= 5.7 Requires: systemd Requires(post): systemd-units Requires(postun): systemd-units Requires(pre): shadow-utils # pki-healthcheck depends on the following library %if 0%{?rhel} Requires: ipa-healthcheck-core %else Requires: freeipa-healthcheck-core %endif # https://pagure.io/freeipa/issue/7742 %if 0%{?rhel} Conflicts: ipa-server < 4.7.1 %else Conflicts: freeipa-server < 4.7.1 %endif Provides: bundled(js-backbone) = 1.6.0 Provides: bundled(js-bootstrap) = 3.4.1 Provides: bundled(js-jquery) = 3.7.1 Provides: bundled(js-jquery-i18n-properties) = 1.2.7 Provides: bundled(js-patternfly) = 3.59.2 Provides: bundled(js-underscore) = 1.13.7 %description -n %{product_id}-server This package provides libraries and utilities needed by %{product_name} services. # with server %endif %if %{with acme} ################################################################################ %package -n %{product_id}-acme ################################################################################ Summary: %{product_name} ACME Package BuildArch: noarch Obsoletes: pki-acme < %{version}-%{release} Provides: pki-acme = %{version}-%{release} Requires: %{product_id}-server = %{version}-%{release} %description -n %{product_id}-acme %{product_name} ACME responder is a service that provides an automatic certificate management via ACME v2 protocol defined in RFC 8555. # with acme %endif %if %{with ca} ################################################################################ %package -n %{product_id}-ca ################################################################################ Summary: %{product_name} CA Package BuildArch: noarch Obsoletes: pki-ca < %{version}-%{release} Provides: pki-ca = %{version}-%{release} Requires: %{product_id}-server = %{version}-%{release} Requires(post): systemd-units Requires(postun): systemd-units %description -n %{product_id}-ca %{product_name} Certificate Authority (CA) is a required subsystem which issues, renews, revokes, and publishes certificates as well as compiling and publishing Certificate Revocation Lists (CRLs). The Certificate Authority can be configured as a self-signing Certificate Authority, where it is the root CA, or it can act as a subordinate CA, where it obtains its own signing certificate from a public CA. # with ca %endif %if %{with est} ################################################################################ %package -n %{product_id}-est ################################################################################ Summary: %{product_name} EST Package BuildArch: noarch Obsoletes: pki-est < %{version}-%{release} Provides: pki-est = %{version}-%{release} Requires: %{product_id}-server = %{version}-%{release} %description -n %{product_id}-est %{product_name} EST subsystem provides an Enrollment over Secure Transport (RFC 7030) service. # with est %endif %if %{with kra} ################################################################################ %package -n %{product_id}-kra ################################################################################ Summary: %{product_name} KRA Package BuildArch: noarch Obsoletes: pki-kra < %{version}-%{release} Provides: pki-kra = %{version}-%{release} Requires: %{product_id}-server = %{version}-%{release} Requires(post): systemd-units Requires(postun): systemd-units %description -n %{product_id}-kra %{product_name} Key Recovery Authority (KRA) is an optional subsystem that can act as a key archival facility. When configured in conjunction with the Certificate Authority (CA), the KRA stores private encryption keys as part of the certificate enrollment process. The key archival mechanism is triggered when a user enrolls in the PKI and creates the certificate request. Using the Certificate Request Message Format (CRMF) request format, a request is generated for the user's private encryption key. This key is then stored in the KRA which is configured to store keys in an encrypted format that can only be decrypted by several agents requesting the key at one time, providing for protection of the public encryption keys for the users in the PKI deployment. Note that the KRA archives encryption keys; it does NOT archive signing keys, since such archival would undermine non-repudiation properties of signing keys. # with kra %endif %if %{with ocsp} ################################################################################ %package -n %{product_id}-ocsp ################################################################################ Summary: %{product_name} OCSP Package BuildArch: noarch Obsoletes: pki-ocsp < %{version}-%{release} Provides: pki-ocsp = %{version}-%{release} Requires: %{product_id}-server = %{version}-%{release} Requires(post): systemd-units Requires(postun): systemd-units %description -n %{product_id}-ocsp %{product_name} Online Certificate Status Protocol (OCSP) Manager is an optional subsystem that can act as a stand-alone OCSP service. The OCSP Manager performs the task of an online certificate validation authority by enabling OCSP-compliant clients to do real-time verification of certificates. Note that an online certificate-validation authority is often referred to as an OCSP Responder. Although the Certificate Authority (CA) is already configured with an internal OCSP service. An external OCSP Responder is offered as a separate subsystem in case the user wants the OCSP service provided outside of a firewall while the CA resides inside of a firewall, or to take the load of requests off of the CA. The OCSP Manager can receive Certificate Revocation Lists (CRLs) from multiple CA servers, and clients can query the OCSP Manager for the revocation status of certificates issued by all of these CA servers. When an instance of OCSP Manager is set up with an instance of CA, and publishing is set up to this OCSP Manager, CRLs are published to it whenever they are issued or updated. # with ocsp %endif %if %{with tks} ################################################################################ %package -n %{product_id}-tks ################################################################################ Summary: %{product_name} TKS Package BuildArch: noarch Obsoletes: pki-tks < %{version}-%{release} Provides: pki-tks = %{version}-%{release} Requires: %{product_id}-server = %{version}-%{release} Requires(post): systemd-units Requires(postun): systemd-units %description -n %{product_id}-tks %{product_name} Token Key Service (TKS) is an optional subsystem that manages the master key(s) and the transport key(s) required to generate and distribute keys for hardware tokens. TKS provides the security between tokens and an instance of Token Processing System (TPS), where the security relies upon the relationship between the master key and the token keys. A TPS communicates with a TKS over SSL using client authentication. TKS helps establish a secure channel (signed and encrypted) between the token and the TPS, provides proof of presence of the security token during enrollment, and supports key changeover when the master key changes on the TKS. Tokens with older keys will get new token keys. Because of the sensitivity of the data that TKS manages, TKS should be set up behind the firewall with restricted access. # with tks %endif %if %{with tps} ################################################################################ %package -n %{product_id}-tps ################################################################################ Summary: %{product_name} TPS Package BuildArch: noarch Obsoletes: pki-tps < %{version}-%{release} Provides: pki-tps = %{version}-%{release} Requires: %{product_id}-server = %{version}-%{release} Requires(post): systemd-units Requires(postun): systemd-units # additional runtime requirements needed to run native 'tpsclient' # REMINDER: Revisit these once 'tpsclient' is rewritten as a Java app Requires: nss-tools >= 3.36.1 Requires: openldap-clients %description -n %{product_id}-tps %{product_name} Token Processing System (TPS) is an optional subsystem that acts as a Registration Authority (RA) for authenticating and processing enrollment requests, PIN reset requests, and formatting requests from the Enterprise Security Client (ESC). TPS is designed to communicate with tokens that conform to Global Platform's Open Platform Specification. TPS communicates over SSL with various PKI backend subsystems (including the Certificate Authority (CA), the Key Recovery Authority (KRA), and the Token Key Service (TKS)) to fulfill the user's requests. TPS also interacts with the token database, an LDAP server that stores information about individual tokens. # with tps %endif %if %{with javadoc} ################################################################################ %package -n %{product_id}-javadoc ################################################################################ Summary: %{product_name} Javadoc Package BuildArch: noarch Obsoletes: pki-javadoc < %{version}-%{release} Provides: pki-javadoc = %{version}-%{release} # Ensure we end up with a useful installation Conflicts: pki-base < %{version} Conflicts: pki-server-theme < %{version} Conflicts: %{product_id}-theme < %{version} %description -n %{product_id}-javadoc This package provides %{product_name} API documentation. # with javadoc %endif %if %{with console} ################################################################################ %package -n %{product_id}-console ################################################################################ Summary: %{product_name} Console Package BuildArch: noarch Obsoletes: pki-console < %{version}-%{release} Provides: pki-console = %{version}-%{release} Requires: %{java_runtime} Requires: %{product_id}-java = %{version}-%{release} Requires: %{product_id}-console-theme = %{version}-%{release} # IDM Console Framework has been merged into PKI Console. # This will remove installed IDM Console Framework packages. Obsoletes: idm-console-framework <= 2.1 Conflicts: idm-console-framework <= 2.1 %description -n %{product_id}-console %{product_name} Console is a Java application used to administer %{product_name} Server. # with console %endif %if %{with theme} ################################################################################ %package -n %{product_id}-theme ################################################################################ Summary: %{product_name} Server Theme Package BuildArch: noarch Obsoletes: pki-server-theme < %{version}-%{release} Provides: pki-server-theme = %{version}-%{release} Obsoletes: %{product_id}-server-theme < %{version}-%{release} Provides: %{product_id}-server-theme = %{version}-%{release} %if 0%{?fedora} > 38 || 0%{?rhel} > 9 BuildRequires: fontawesome4-fonts-web Requires: fontawesome4-fonts-web %else BuildRequires: fontawesome-fonts-web Requires: fontawesome-fonts-web %endif # Ensure we end up with a useful installation Conflicts: pki-base < %{version} Conflicts: pki-javadoc < %{version} %description -n %{product_id}-theme This package provides theme files for %{product_name}. %if %{with console} ################################################################################ %package -n %{product_id}-console-theme ################################################################################ Summary: %{product_name} Console Theme Package BuildArch: noarch Obsoletes: pki-console-theme < %{version}-%{release} Provides: pki-console-theme = %{version}-%{release} # Ensure we end up with a useful installation Conflicts: pki-base < %{version} Conflicts: pki-server-theme < %{version} Conflicts: pki-javadoc < %{version} Conflicts: %{product_id}-theme < %{version} %description -n %{product_id}-console-theme This package provides theme files for %{product_name} Console. # with console %endif # with theme %endif %if %{with tests} ################################################################################ %package -n %{product_id}-tests ################################################################################ Summary: %{product_name} Tests BuildArch: noarch Obsoletes: pki-tests < %{version}-%{release} Provides: pki-tests = %{version}-%{release} Requires: python3-pylint Requires: python3-flake8 %description -n %{product_id}-tests This package provides test suite for %{product_name}. # with tests %endif ################################################################################ %prep ################################################################################ %autosetup -n pki-11.7.0 -p 1 %if %{without runtime_deps} if [ ! -d base/common/lib ] then # import common libraries from RPMs mkdir -p base/common/lib pushd base/common/lib JAKARTA_ACTIVATION_API_VERSION=$(rpm -q jakarta-activation | sed -n 's/^jakarta-activation-$[^-]*$-.*$/\1/p') echo "JAKARTA_ACTIVATION_API_VERSION: $JAKARTA_ACTIVATION_API_VERSION" cp /usr/share/java/jakarta-activation/jakarta.activation-api.jar \ jakarta.activation-api-$JAKARTA_ACTIVATION_API_VERSION.jar JAKARTA_ANNOTATION_API_VERSION=$(rpm -q jakarta-annotations | sed -n 's/^jakarta-annotations-$[^-]*$-.*$/\1/p') echo "JAKARTA_ANNOTATION_API_VERSION: $JAKARTA_ANNOTATION_API_VERSION" cp /usr/share/java/jakarta-annotations/jakarta.annotation-api.jar \ jakarta.annotation-api-$JAKARTA_ANNOTATION_API_VERSION.jar JAXB_API_VERSION=$(rpm -q jaxb-api | sed -n 's/^jaxb-api-$[^-]*$-.*$/\1/p') echo "JAXB_API_VERSION: $JAXB_API_VERSION" if [ -f /usr/share/java/jaxb-api.jar ] then cp /usr/share/java/jaxb-api.jar \ jakarta.xml.bind-api-$JAXB_API_VERSION.jar elif [ -f /usr/share/java/jaxb-api/jakarta.xml.bind-api.jar ] then cp /usr/share/java/jaxb-api/jakarta.xml.bind-api.jar \ jakarta.xml.bind-api-$JAXB_API_VERSION.jar fi JACKSON_VERSION=$(rpm -q jackson-annotations | sed -n 's/^jackson-annotations-$[^-]*$-.*$/\1/p') echo "JACKSON_VERSION: $JACKSON_VERSION" cp /usr/share/java/jackson-annotations.jar \ jackson-annotations-$JACKSON_VERSION.jar cp /usr/share/java/jackson-core.jar \ jackson-core-$JACKSON_VERSION.jar cp /usr/share/java/jackson-databind.jar \ jackson-databind-$JACKSON_VERSION.jar cp /usr/share/java/jackson-jaxrs-providers/jackson-jaxrs-base.jar \ jackson-jaxrs-base-$JACKSON_VERSION.jar cp /usr/share/java/jackson-jaxrs-providers/jackson-jaxrs-json-provider.jar \ jackson-jaxrs-json-provider-$JACKSON_VERSION.jar cp /usr/share/java/jackson-modules/jackson-module-jaxb-annotations.jar \ jackson-module-jaxb-annotations-$JACKSON_VERSION.jar JAXRS_VERSION=$(rpm -q jboss-jaxrs-2.0-api | sed -n 's/^jboss-jaxrs-2.0-api-$[^-]*$-.*$/\1.Final/p') echo "JAXRS_VERSION: $JAXRS_VERSION" cp /usr/share/java/jboss-jaxrs-2.0-api.jar \ jboss-jaxrs-api_2.0_spec-$JAXRS_VERSION.jar JBOSS_LOGGING_VERSION=$(rpm -q jboss-logging | sed -n 's/^jboss-logging-$[^-]*$-.*$/\1.Final/p') echo "JBOSS_LOGGING_VERSION: $JBOSS_LOGGING_VERSION" cp /usr/share/java/jboss-logging/jboss-logging.jar \ jboss-logging-$JBOSS_LOGGING_VERSION.jar RESTEASY_VERSION=$(rpm -q pki-resteasy-core | sed -n 's/^pki-resteasy-core-$[^-]*$-.*$/\1.Final/p') echo "RESTEASY_VERSION: $RESTEASY_VERSION" cp /usr/share/java/resteasy/resteasy-jaxrs.jar \ resteasy-jaxrs-$RESTEASY_VERSION.jar cp /usr/share/java/resteasy/resteasy-jackson2-provider.jar \ resteasy-jackson2-provider-$RESTEASY_VERSION.jar ls -l popd fi if [ ! -d base/server/lib ] then # import server libraries from RPMs mkdir -p base/server/lib pushd base/server/lib RESTEASY_VERSION=$(rpm -q pki-resteasy-servlet-initializer | sed -n 's/^pki-resteasy-servlet-initializer-$[^-]*$-.*$/\1.Final/p') echo "RESTEASY_VERSION: $RESTEASY_VERSION" cp /usr/share/java/resteasy/resteasy-servlet-initializer.jar \ resteasy-servlet-initializer-$RESTEASY_VERSION.jar ls -l popd fi %endif %if ! %{with base} %pom_disable_module common base %pom_disable_module tools base %endif %if ! %{with server} %pom_disable_module tomcat base %pom_disable_module tomcat-9.0 base %pom_disable_module server base %pom_disable_module server-webapp base %endif %if ! %{with ca} %pom_disable_module ca base %endif %if ! %{with kra} %pom_disable_module kra base %endif %if ! %{with ocsp} %pom_disable_module ocsp base %endif %if ! %{with tks} %pom_disable_module tks base %endif %if ! %{with tps} %pom_disable_module tps base %endif %if ! %{with acme} %pom_disable_module acme base %endif %if ! %{with est} %pom_disable_module est base %endif %if ! %{with console} %pom_disable_module console base %endif # remove plugins not needed to build RPM %pom_remove_plugin org.codehaus.mojo:flatten-maven-plugin %pom_remove_plugin org.apache.maven.plugins:maven-deploy-plugin %pom_remove_plugin com.github.github:site-maven-plugin # specify Maven artifact locations %mvn_file org.dogtagpki.pki:pki-common pki/pki-common %mvn_file org.dogtagpki.pki:pki-tools pki/pki-tools %mvn_file org.dogtagpki.pki:pki-server pki/pki-server %mvn_file org.dogtagpki.pki:pki-server-webapp pki/pki-server-webapp %mvn_file org.dogtagpki.pki:pki-tomcat pki/pki-tomcat %mvn_file org.dogtagpki.pki:pki-tomcat-9.0 pki/pki-tomcat-9.0 %mvn_file org.dogtagpki.pki:pki-ca pki/pki-ca %mvn_file org.dogtagpki.pki:pki-kra pki/pki-kra %mvn_file org.dogtagpki.pki:pki-ocsp pki/pki-ocsp %mvn_file org.dogtagpki.pki:pki-tks pki/pki-tks %mvn_file org.dogtagpki.pki:pki-tps pki/pki-tps %mvn_file org.dogtagpki.pki:pki-acme pki/pki-acme %mvn_file org.dogtagpki.pki:pki-est pki/pki-est %if %{with console} %mvn_file org.dogtagpki.pki:pki-console pki/pki-console %endif # specify Maven artifact packages %mvn_package org.dogtagpki.pki:pki-common pki-java %mvn_package org.dogtagpki.pki:pki-tools pki-tools %mvn_package org.dogtagpki.pki:pki-server pki-server %mvn_package org.dogtagpki.pki:pki-server-webapp pki-server %mvn_package org.dogtagpki.pki:pki-tomcat pki-server %mvn_package org.dogtagpki.pki:pki-tomcat-9.0 pki-server %mvn_package org.dogtagpki.pki:pki-ca pki-ca %mvn_package org.dogtagpki.pki:pki-kra pki-kra %mvn_package org.dogtagpki.pki:pki-ocsp pki-ocsp %mvn_package org.dogtagpki.pki:pki-tks pki-tks %mvn_package org.dogtagpki.pki:pki-tps pki-tps %mvn_package org.dogtagpki.pki:pki-acme pki-acme %mvn_package org.dogtagpki.pki:pki-est pki-est %if %{with console} %mvn_package org.dogtagpki.pki:pki-console pki-console %endif %if 0%{?fedora} # Create a sysusers.d config file cat > %{product_id}.sysusers.conf </dev/null || groupadd -f -g %{pki_gid} -r %{pki_groupname} # create PKI user if it doesn't exist if ! getent passwd %{pki_username} >/dev/null ; then useradd -r -u %{pki_uid} -g %{pki_groupname} -d %{pki_homedir} -s /sbin/nologin -c "Certificate System" %{pki_username} fi %endif # create PKI home directory if it doesn't exist if [ ! -d %{pki_homedir} ] ; then cp -ar /etc/skel %{pki_homedir} chown -R %{pki_username}:%{pki_groupname} %{pki_homedir} chmod 700 %{pki_homedir} usermod -d %{pki_homedir} %{pki_username} fi exit 0 # with server %endif %if %{with base} %post -n %{product_id}-base if [ $1 -eq 1 ] then # On RPM installation create system upgrade tracker echo "Configuration-Version: %{version}" > %{_sysconfdir}/pki/pki.version else # On RPM upgrade run system upgrade echo "Upgrading PKI system configuration at `/bin/date`." >> /var/log/pki/pki-upgrade-%{version}.log /sbin/pki-upgrade 2>&1 | tee -a /var/log/pki/pki-upgrade-%{version}.log echo >> /var/log/pki/pki-upgrade-%{version}.log fi %postun -n %{product_id}-base if [ $1 -eq 0 ] then # On RPM uninstallation remove system upgrade tracker rm -f %{_sysconfdir}/pki/pki.version fi # with base %endif %if %{with server} %post -n %{product_id}-server # CVE-2021-3551 # Remove world access from existing installation logs find /var/log/pki -maxdepth 1 -type f -exec chmod o-rwx {} \; # Reload systemd daemons on upgrade only if [ "$1" == "2" ] then systemctl daemon-reload fi # Update the fapolicy rules for each PKI server instance for instance in $(ls /var/lib/pki) do target="/etc/fapolicyd/rules.d/61-pki-$instance.rules" sed -e "s/\[WORK_DIR\]/\/var\/lib\/pki\/$instance\/work/g" \ /usr/share/pki/server/etc/fapolicy.rules \ > $target chown root:fapolicyd $target chmod 644 $target done # Restart fapolicy daemon if it's active status=$(systemctl is-active fapolicyd) if [ "$status" = "active" ] then systemctl restart fapolicyd fi # with server %endif %if %{with meta} %if "%{name}" != "%{product_id}" ################################################################################ %files -n %{product_id} %{?with_maven:-f .mfiles} ################################################################################ %else %files %{?with_maven:-f .mfiles} %endif %doc %{_datadir}/doc/pki/README # with meta %endif %if %{with base} ################################################################################ %files -n %{product_id}-base ################################################################################ %license base/common/LICENSE %license base/common/LICENSE.LESSER %doc %{_datadir}/doc/pki-base/html %dir %{_datadir}/pki %{_datadir}/pki/VERSION %{_datadir}/pki/pom.xml %dir %{_datadir}/pki/etc %{_datadir}/pki/etc/pki.conf %{_datadir}/pki/etc/logging.properties %dir %{_datadir}/pki/lib %dir %{_datadir}/pki/scripts %{_datadir}/pki/scripts/config %{_datadir}/pki/upgrade/ %{_datadir}/pki/key/templates %dir %{_sysconfdir}/pki %config(noreplace) %{_sysconfdir}/pki/pki.conf %dir %{_localstatedir}/log/pki %{_sbindir}/pki-upgrade %{_mandir}/man1/pki-python-client.1.gz %{_mandir}/man5/pki-logging.5.gz %{_mandir}/man8/pki-upgrade.8.gz ################################################################################ %files -n %{product_id}-java %{?with_maven:-f .mfiles-pki-java} ################################################################################ %license base/common/LICENSE %license base/common/LICENSE.LESSER %{_datadir}/pki/examples/java/ %{_datadir}/pki/lib/*.jar %if %{without maven} %{_datadir}/java/pki/pki-common.jar %endif ################################################################################ %files -n python3-%{product_id} ################################################################################ %license base/common/LICENSE %license base/common/LICENSE.LESSER %if %{with server} %exclude %{python3_sitelib}/pki/server %endif %{python3_sitelib}/pki ################################################################################ %files -n %{product_id}-tools %{?with_maven:-f .mfiles-pki-tools} ################################################################################ %license base/tools/LICENSE %doc base/tools/doc/README %{_bindir}/pistool %{_bindir}/pki %{_bindir}/revoker %{_bindir}/setpin %{_bindir}/tkstool %{_bindir}/tpsclient %{_bindir}/AtoB %{_bindir}/AuditVerify %{_bindir}/BtoA %{_bindir}/CMCEnroll %{_bindir}/CMCRequest %{_bindir}/CMCResponse %{_bindir}/CMCRevoke %{_bindir}/CMCSharedToken %{_bindir}/CRMFPopClient %{_bindir}/ExtJoiner %{_bindir}/GenExtKeyUsage %{_bindir}/GenIssuerAltNameExt %{_bindir}/GenSubjectAltNameExt %{_bindir}/HttpClient %{_bindir}/KRATool %{_bindir}/OCSPClient %{_bindir}/PKCS10Client %{_bindir}/PKCS12Export %{_bindir}/PKICertImport %{_bindir}/PrettyPrintCert %{_bindir}/PrettyPrintCrl %{_bindir}/TokenInfo %{_datadir}/pki/tools/ %{_datadir}/pki/lib/p11-kit-trust.so %{_libdir}/libpki-tps.so %{_mandir}/man1/AtoB.1.gz %{_mandir}/man1/AuditVerify.1.gz %{_mandir}/man1/BtoA.1.gz %{_mandir}/man1/CMCEnroll.1.gz %{_mandir}/man1/CMCRequest.1.gz %{_mandir}/man1/CMCSharedToken.1.gz %{_mandir}/man1/CMCResponse.1.gz %{_mandir}/man1/KRATool.1.gz %{_mandir}/man1/PrettyPrintCert.1.gz %{_mandir}/man1/PrettyPrintCrl.1.gz %{_mandir}/man1/pki.1.gz %{_mandir}/man1/pki-audit.1.gz %{_mandir}/man1/pki-ca-cert.1.gz %{_mandir}/man1/pki-ca-kraconnector.1.gz %{_mandir}/man1/pki-ca-profile.1.gz %{_mandir}/man1/pki-client.1.gz %{_mandir}/man1/pki-group.1.gz %{_mandir}/man1/pki-group-member.1.gz %{_mandir}/man1/pki-kra-key.1.gz %{_mandir}/man1/pki-pkcs12-cert.1.gz %{_mandir}/man1/pki-pkcs12-key.1.gz %{_mandir}/man1/pki-pkcs12.1.gz %{_mandir}/man1/pki-securitydomain.1.gz %{_mandir}/man1/pki-tps-profile.1.gz %{_mandir}/man1/pki-user.1.gz %{_mandir}/man1/pki-user-cert.1.gz %{_mandir}/man1/pki-user-membership.1.gz %{_mandir}/man1/PKCS10Client.1.gz %{_mandir}/man1/PKICertImport.1.gz %{_mandir}/man1/tpsclient.1.gz %{_javadir}/pki/pki-tools.jar %{_jnidir}/pki/pki-tools.jar # with base %endif %if %{with server} ################################################################################ %files -n %{product_id}-server %{?with_maven:-f .mfiles-pki-server} ################################################################################ %license base/common/THIRD_PARTY_LICENSES %license base/server/LICENSE %doc base/server/README %attr(755,-,-) %dir %{_sysconfdir}/sysconfig/pki %attr(755,-,-) %dir %{_sysconfdir}/sysconfig/pki/tomcat %{_sbindir}/pkispawn %{_sbindir}/pkidestroy %{_sbindir}/pki-server %{_sbindir}/pki-healthcheck %{python3_sitelib}/pki/server/ %{python3_sitelib}/pkihealthcheck-*.egg-info/ %config(noreplace) %{_sysconfdir}/pki/healthcheck.conf %{_datadir}/pki/etc/tomcat.conf %dir %{_datadir}/pki/deployment %{_datadir}/pki/deployment/config/ %{_datadir}/pki/scripts/operations %{_bindir}/pkidaemon %{_bindir}/pki-server-nuxwdog %dir %{_sysconfdir}/systemd/system/pki-tomcatd.target.wants %attr(644,-,-) %{_unitdir}/pki-tomcatd@.service %attr(644,-,-) %{_unitdir}/pki-tomcatd.target %dir %{_sysconfdir}/systemd/system/pki-tomcatd-nuxwdog.target.wants %attr(644,-,-) %{_unitdir}/pki-tomcatd-nuxwdog@.service %attr(644,-,-) %{_unitdir}/pki-tomcatd-nuxwdog.target %dir %{_sharedstatedir}/pki %{_mandir}/man1/pkidaemon.1.gz %{_mandir}/man5/pki_default.cfg.5.gz %{_mandir}/man5/pki_healthcheck.conf.5.gz %{_mandir}/man5/pki-server-logging.5.gz %{_mandir}/man8/pki-server-upgrade.8.gz %{_mandir}/man8/pkidestroy.8.gz %{_mandir}/man8/pkispawn.8.gz %{_mandir}/man8/pki-server.8.gz %{_mandir}/man8/pki-server-acme.8.gz %{_mandir}/man8/pki-server-est.8.gz %{_mandir}/man8/pki-server-instance.8.gz %{_mandir}/man8/pki-server-subsystem.8.gz %{_mandir}/man8/pki-server-nuxwdog.8.gz %{_mandir}/man8/pki-server-migrate.8.gz %{_mandir}/man8/pki-server-cert.8.gz %{_mandir}/man8/pki-server-ca.8.gz %{_mandir}/man8/pki-server-kra.8.gz %{_mandir}/man8/pki-server-ocsp.8.gz %{_mandir}/man8/pki-server-tks.8.gz %{_mandir}/man8/pki-server-tps.8.gz %{_mandir}/man8/pki-healthcheck.8.gz %{_datadir}/pki/setup/ %{_datadir}/pki/server/ %if 0%{?fedora} %{_sysusersdir}/%{product_id}.conf %endif %if %{without maven} %{_datadir}/java/pki/pki-server.jar %{_datadir}/java/pki/pki-server-webapp.jar %{_datadir}/java/pki/pki-tomcat.jar %{_datadir}/java/pki/pki-tomcat-9.0.jar %endif # with server %endif %if %{with acme} ################################################################################ %files -n %{product_id}-acme %{?with_maven:-f .mfiles-pki-acme} ################################################################################ %{_datadir}/pki/acme/ %if %{without maven} %{_datadir}/java/pki/pki-acme.jar %endif # with acme %endif %if %{with ca} ################################################################################ %files -n %{product_id}-ca %{?with_maven:-f .mfiles-pki-ca} ################################################################################ %license base/ca/LICENSE %{_datadir}/pki/ca/ %if %{without maven} %{_datadir}/java/pki/pki-ca.jar %endif # with ca %endif %if %{with est} ################################################################################ %files -n %{product_id}-est %{?with_maven:-f .mfiles-pki-est} ################################################################################ %{_datadir}/pki/est/ %if %{without maven} %{_datadir}/java/pki/pki-est.jar %endif # with est %endif %if %{with kra} ################################################################################ %files -n %{product_id}-kra %{?with_maven:-f .mfiles-pki-kra} ################################################################################ %license base/kra/LICENSE %{_datadir}/pki/kra/ %if %{without maven} %{_datadir}/java/pki/pki-kra.jar %endif # with kra %endif %if %{with ocsp} ################################################################################ %files -n %{product_id}-ocsp %{?with_maven:-f .mfiles-pki-ocsp} ################################################################################ %license base/ocsp/LICENSE %{_datadir}/pki/ocsp/ %if %{without maven} %{_datadir}/java/pki/pki-ocsp.jar %endif # with ocsp %endif %if %{with tks} ################################################################################ %files -n %{product_id}-tks %{?with_maven:-f .mfiles-pki-tks} ################################################################################ %license base/tks/LICENSE %{_datadir}/pki/tks/ %if %{without maven} %{_datadir}/java/pki/pki-tks.jar %endif # with tks %endif %if %{with tps} ################################################################################ %files -n %{product_id}-tps %{?with_maven:-f .mfiles-pki-tps} ################################################################################ %license base/tps/LICENSE %{_datadir}/pki/tps/ %{_mandir}/man5/pki-tps-connector.5.gz %{_mandir}/man5/pki-tps-profile.5.gz %if %{without maven} %{_datadir}/java/pki/pki-tps.jar %endif # with tps %endif %if %{with javadoc} ################################################################################ %files -n %{product_id}-javadoc ################################################################################ %{_javadocdir}/pki/ # with javadoc %endif %if %{with console} ################################################################################ %files -n %{product_id}-console %{?with_maven:-f .mfiles-pki-console} ################################################################################ %license base/console/LICENSE %{_bindir}/pkiconsole %if %{without maven} %{_datadir}/java/pki/pki-console.jar %endif # with console %endif %if %{with theme} ################################################################################ %files -n %{product_id}-theme ################################################################################ %license themes/%{theme}/common-ui/LICENSE %dir %{_datadir}/pki %if %{with server} %{_datadir}/pki/CS_SERVER_VERSION %{_datadir}/pki/common-ui/ %{_datadir}/pki/server/webapps/pki/ca %{_datadir}/pki/server/webapps/pki/css %{_datadir}/pki/server/webapps/pki/esc %{_datadir}/pki/server/webapps/pki/fonts %{_datadir}/pki/server/webapps/pki/images %{_datadir}/pki/server/webapps/pki/kra %{_datadir}/pki/server/webapps/pki/ocsp %{_datadir}/pki/server/webapps/pki/pki.properties %{_datadir}/pki/server/webapps/pki/tks # with server %endif %if %{with console} ################################################################################ %files -n %{product_id}-console-theme ################################################################################ %license themes/%{theme}/console-ui/LICENSE %{_javadir}/pki/pki-console-theme.jar # with console %endif # with theme %endif %if %{with tests} ################################################################################ %files -n %{product_id}-tests ################################################################################ %{_datadir}/pki/tests/ # with tests %endif ################################################################################ %changelog * Wed Jun 25 2025 Packit - 11.7.0-0.20250625022241871051.master.4613.g1d57ec7619 - Update ElementProcessor to use generics (Endi S. Dewata) - Clean up log messages in LogFile.setupSigningFailure() (Endi S. Dewata) - Add CRLAutoUpdateTask (Endi S. Dewata) - Add test for built-in OCSP in CA clone (Endi S. Dewata) - Refactor CertStatus (Endi S. Dewata) - Add pki ca-crl-update (Endi S. Dewata) - Update OCSP clone test (Endi S. Dewata) - Clean up log messages in DefStore (Endi S. Dewata) - RHCS-6004-[DOC-dev] Upstream->downstream import for Test Day changes involving upstream This patch addresses comments from lmcgarry on the patch imported downstream. (Christina Fu) - Add pki ocsp-cert-verify (Endi S. Dewata) - Add basic test for pki-server CLI (Endi S. Dewata) - RHCS-5927 [DOC] Asciidoc code block rendering issue with [literal,subs="+quotes,verbatim"] This patch was re-created after https://github.com/dogtagpki/pki/pull/5077 that was provided by community member vzlamal to address the issue where bold and italic in some cases are mis-interpreted where '*' and '_' are intended to be literally part of the code. Note that there is still a desire to bold the actual commands. This patch is to be considered a temporary fix. (Christina Fu) - RHCS-5994 Changes from Test Day CY25Q2 (Christina Fu) - Add test for CA cert request templates (Endi S. Dewata) - Update KRAConnector.deregister() and TPSConnector.deregister() (Endi S. Dewata) - Add internationalization test (Endi S. Dewata) - Update README-doc-convention.adoc (Christina Fu) - Update EST CI pkcs12 command to newer option (Marco Fargetta) - Reorganize server port and user tests (Endi S. Dewata) - trust option needs to be preceded by two '--' instead of '-'. (Christina Fu) - Fix pki-server db-schema-upgrade (Endi S. Dewata) - Make keyring clear operation on user id (Marco Fargetta) - Clean up log messages in Profile (Endi S. Dewata) - Clean up log messages in RenewalServlet (Endi S. Dewata) - Clean up log messages in ProcessCertReq (Endi S. Dewata) - Clean up log messages in CAService (Endi S. Dewata) - Clean up log messages in NSSDatabase (Endi S. Dewata) - Remove acl installation from workflow (Marco Fargetta) - Fix nuxwdog instances (Marco Fargetta) - Update pki-server cert-fix (Endi S. Dewata) - Update CI test to verify subject bypass with agent authentication (Marco Fargetta) - Verify client group before enforce subject name with RAClientAuthSubjectNameContraint (Marco Fargetta) - Update EST CI to the new profile subject contraint (Marco Fargetta) - Modify pkispawn to request server certificate when not provided (Marco Fargetta) - Add a pattern params to RAClientAuthSubjectNameContraint (Marco Fargetta) - Add a new profile constraint for subject name (Marco Fargetta) - Update TPS container test to use generic subsystem users (Endi S. Dewata) - Add upgrade script to enable URL rewrite (Endi S. Dewata) - Update TPS container test (Endi S. Dewata) - Handle a missing request_url in the cert request REST output (Rob Crittenden) - python api: add SecurityDomainClient.remove_host() (Fraser Tweedale) - Update python API to support raw profiles (modify) (Rob Crittenden) - Update python API to support raw profiles (Fraser Tweedale) - Add python API for ACME enable/disable (Rob Crittenden) - Fix NPE in pki ca-kraconnector-add (Endi S. Dewata) - Convert PKIDeployer.ds_init() into get_ds_url() (Endi S. Dewata) - Clean up log messages in PKIInstance.load_external_certs_conf() (Endi S. Dewata) - Update PKIDeployer.ds_connect() (Endi S. Dewata) - Update TPS container (Endi S. Dewata) - Clean up PKIDeployer.import_ds_ca_cert() (Endi S. Dewata) - Fix IPA clone test (Endi S. Dewata) - Replace PKIDeployer.authdb_init() with get_authdb_url() (Endi S. Dewata) - Add pki-server ca-connector-* commands (Endi S. Dewata) - Add MCP_TESTS_ENABLED variable (Endi S. Dewata) - Add TPSSubsystem.update_profiles() (Endi S. Dewata) - Add MCP server prototype (Endi S. Dewata) - Modify EST to send client information (Marco Fargetta) - Add a new profile input for client information (Marco Fargetta) - Fix P12 constraint configuration key (Marco Fargetta) - Update creating-ds-instance.adoc (#5076) (Pritam Singh) - Update TPS container test (Endi S. Dewata) - Add pki-server tks-connector-* commands (Endi S. Dewata) - Remove redundant code from EST spawn (Marco Fargetta) - Add pki nss-key-export --wrapper-cert (Endi S. Dewata) - Add pki nss-key-export --session-key-size (Endi S. Dewata) - Consolidate CryptoUtil.generateKey() (Endi S. Dewata) - Add pki-server tps-connector-add (Endi S. Dewata) - Fix pki CLI help commands list (Marco Fargetta) - Update TPS container test (Endi S. Dewata) - Remove RESTEasy based services from ACME (Marco Fargetta) - Implement ACME service with PKIServlet (Marco Fargetta) - fix broken formating in installing-ca-with-existing-keys-in-hsm.adoc (vzlamal) - changing commands to use pki export csr instead of parsing it with sed (vzlamal) - remove substitutions that broke the code block (vzlamal) - remove substitutions that broke the code block (vzlamal) - Add pki-server tps-connector-find (Endi S. Dewata) - Remove resteasy client jar link (Marco Fargetta) - Update standalone OCSP test (Endi S. Dewata) - Removed not used RESTeasy dependencies (Marco Fargetta) - Fix EST id when running in different context (Marco Fargetta) - Update standalone KRA test (Endi S. Dewata) - Fix client redirect strategy (Marco Fargetta) - Add KRA clone failover test (Endi S. Dewata) - Update log messages in AgentCertRequestServlet (Endi S. Dewata) - Update log messages in CertRequestServlet (Endi S. Dewata) - Update log messages in CertRequestService (Endi S. Dewata) - Clean up pki pkcs12-cert-import output (Endi S. Dewata) - Clean up pki pkcs12-key-del output (Endi S. Dewata) - Clean up pki pkcs12-cert-del output (Endi S. Dewata) - Update clone tests to check replica ID ranges (Endi S. Dewata) - Upedate EST CI to read JSON error message (Marco Fargetta) - Remove RESTeasy from EST subsystem (Marco Fargetta) - Disable password console callback if file provided (Marco Fargetta) - Fix pki-server -clone-prepare (Endi S. Dewata) - Fix postgres library path in EST doc installation (Marco Fargetta) - Fix postgres library for CI tests (Marco Fargetta) - Allow searching for certs by the issuerDN of the cert (Rob Crittenden) - Replace WebTarget with URIBuilder in PKI client (Marco Fargetta) - Update SystemConfigClient to support REST API v2 (Endi S. Dewata) - Update SecurityDomainClient to support REST API v2 (Endi S. Dewata) - Update FeatureClient to support REST API v2 (Endi S. Dewata) - Update SystemCertClient to support REST API v2 (Endi S. Dewata) - Update ProfileClient to support REST API v2 (Endi S. Dewata) - Update AuthorityClient to support REST API v2 (Endi S. Dewata) - Update CertClient to support REST API v2 (Endi S. Dewata) - Add Python SubsystemClient (Endi S. Dewata) - Refactor HandleNewPinRequest() (Endi S. Dewata) - Refactor HandleTokenPDURequest() (Endi S. Dewata) - Refactor HandleASQRequest() (Endi S. Dewata) - Refactor HandleSecureIdRequest() (Endi S. Dewata) - Refactor HandleStatusUpdateRequest() (Endi S. Dewata) - Refactor HandleExtendedLoginRequest() (Endi S. Dewata) - Refactor HandleLoginRequest() (Endi S. Dewata) - Merge formatToken(), resetPIN(), enrollToken() (Endi S. Dewata) - Convert TPSClientCLI.performEnrollToken() to Java (Endi S. Dewata) - Convert TPSClientCLI.performResetPIN() to Java (Endi S. Dewata) - Convert TPSClientCLI.performFormatToken() to Java (Endi S. Dewata) - Update FormatToken(), ResetPIN(), EnrollToken() (Endi S. Dewata) - Rename KeyRetrieverRunner.certificateAuthority (Endi S. Dewata) - Move CAEngine.checkForNewerCert() into CertificateAuthority (Endi S. Dewata) - Move CAEngine.initCA() into CertificateAuthority (Endi S. Dewata) - Use synchronous LWCA KeyRetriever (Endi S. Dewata) - Add token methods in TPSClientCLI (Endi S. Dewata) - Add connection methods in TPSClientCLI (Endi S. Dewata) - Move CAEngine.startKeyRetriever() into CertificateAuthority (Endi S. Dewata) - Move CAEngine.initOCSPSigningUnit() into CertificateAuthority (Endi S. Dewata) - Move CAEngine.initCRLSigningUnit() into CertificateAuthority (Endi S. Dewata) - Move CAEngine.initCertSigningUnit() into CertificateAuthority (Endi S. Dewata) - Refactor ThreadConnEnroll() (Endi S. Dewata) - Refactor ThreadConnResetPin() (Endi S. Dewata) - Refactor ThreadConnUpdate() (Endi S. Dewata) - Convert RA_Client::OpConnStart() to Java (Endi S. Dewata) - Update KRA container test (Endi S. Dewata) - Add CRMFUtil.getSANExtension() (Endi S. Dewata) - Refactor NSSDatabase.createCertificate() (Endi S. Dewata) - Refactor NSSDatabase.createCRMFRequest() (Endi S. Dewata) - Refactor CRMFUtil.createCertRequest() (Endi S. Dewata) - Refactor CRMFUtil.createCRMFRequest() (Endi S. Dewata) - Refactor CRMFUtil.encodeCRMF() (Endi S. Dewata) - Clean up CRMFUtil.getExtensionFromCertTemplate() (Endi S. Dewata) - Remove resteasy MediaType from PKIClient (Marco Fargetta) - Move CryptoUtil.createCRMFRequest() to CRMFUtil (Endi S. Dewata) - Move CryptoUtil.createPop() to CRMFUtil (Endi S. Dewata) - Move CryptoUtil.createCertRequest() to CRMFUtil (Endi S. Dewata) - Move CryptoUtil.createCertTemplate() to CRMFUtil (Endi S. Dewata) - Move CryptoUtil.getExtensionFromCertTemplate() to CRMFUtil (Endi S. Dewata) - Move CryptoUtil.getSubjectName() to CRMFUtil (Endi S. Dewata) - Move CryptoUtil.getX509KeyFromCRMFMsgs() to CRMFUtil (Endi S. Dewata) - Move CryptoUtil.getX509KeyFromCRMFMsg() to CRMFUtil (Endi S. Dewata) - Move CertUtil.encodeCRMF() to CRMFUtil (Endi S. Dewata) - Move CertUtil.parseCRMF() to CRMFUtil (Endi S. Dewata) - Move CryptoUtil.parseCRMFMsgs() to CRMFUtil (Endi S. Dewata) - Add AuthorityMonitor.init() (Endi S. Dewata) - Move AuthorityMonitor.authorities into CAEngine (Endi S. Dewata) - Update CertClient.list_requests() to support REST API v2 (Endi S. Dewata) - Replace erroneous resteasy exception from v2 servlet (Marco Fargetta) - Replace erroneous resteasy MediaType from v2 servlet (Marco Fargetta) - Implement client POST,PUT and PATCH with httpclient (Marco Fargetta) - Implement client DELETE with httpclient (Marco Fargetta) - Update AuthorityRepository.createCA() (Endi S. Dewata) - Implement client GET collections with httpclient (Marco Fargetta) - Update log messages in OCSPServlet (Endi S. Dewata) - Update log messages in SigningUnit (Endi S. Dewata) - Update log messages in CAEngine (Endi S. Dewata) - Refactor CAEngine.createCA() (Endi S. Dewata) - Add dedicated exception for client connection problem (Marco Fargetta) - Update exception message in CI for the httpclient connections (Marco Fargetta) - Fix error handling for httpcomponent client connections (Marco Fargetta) - Converting a CLI HTTP GET to httpclient (Marco Fargetta) - Fix CLI debug (Marco Fargetta) - Revert removing blank arguments in nssdb.py Block blank nicknames in adding subsystem_certs (Michal Travnicek) - Fix empty parameter in CLI (Michal Travnicek) - Update CRLPublisher.init() (Endi S. Dewata) - update docs relating to serial number mechanism change (Christina Fu) - Add KRARequestInQListener (Endi S. Dewata) - Add RequestListener.init() (Endi S. Dewata) - Move PinRemovalListener to pki-ca.jar (Endi S. Dewata) - Remove redundant type casts (Endi S. Dewata) - Add issuer_dn to the CertDataInfo (Rob Crittenden) - Refactor CMSEngine.loadSubsystems() (Endi S. Dewata) - Refactor RequestInQListener (part 2) (Endi S. Dewata) - Refactor RequestInQListener (part 1) (Endi S. Dewata) - Add test for LWCA clone with HSM (Endi S. Dewata) - Using apache http basic authentication (Marco Fargetta) - moved dogtagpki-docs-convention-readme.adoc and update with more clarification. Also pushing the current "include" lists. (Christina Fu) - Update test for CA clone with HSM (Endi S. Dewata) - Refactor CAEngine.validate() (Endi S. Dewata) - Replace httpclient deprecated code (Marco Fargetta) - Refactor AuthorityRepository.findAuthorityRecords() (Endi S. Dewata) - Update doc for name change in clientRevocationCheck (Marco Fargetta) - Move clientRevocationCheck to KRA connector (Marco Fargetta) - Fix network alias for IPA CI (Marco Fargetta) - Update CI for JSSSocket in pki CLI (Marco Fargetta) - Update v11.7 for OCSP in client commands (Marco Fargetta) - Make optional OCSP check in CA running as client (Marco Fargetta) - Make client OCSP check optional (Marco Fargetta) - Installation steps has to ignore revoked certificate (Marco Fargetta) - Make PKIConnection default to non blocking (Marco Fargetta) - Comment out lines imcompatible with downstream doc build [skip ci] (Christina Fu) - Refactor AuthorityRepository.getCA() (Endi S. Dewata) - Refactor AuthorityRepository.findCAs() (Endi S. Dewata) - Update doc for OCSP ResponderID default change (Marco Fargetta) - Modify default ResponderID in OCSP (Marco Fargetta) - Update doc change for CA internal OCSP (Marco Fargetta) - Upgrade script for internal OCSP ResponderID configuration (Marco Fargetta) - Add CI test for RootOCSP in SubCA scenario (Marco Fargetta) - Fix KeyHash for CA OCSP Responder ID (Marco Fargetta) - Modify default CA OCSP response to use Key hash instead of name (Marco Fargetta) - fixed downstream build issue on formatting reported by writer [skip ci] (Christina Fu) - Update LWCA tests (Endi S. Dewata) - Move CAEngine.updateAuthoritySerialNumber() to AuthorityRepository (Endi S. Dewata) - Drop KeyClient.key_url and key_requests_url (Endi S. Dewata) - Disable access log buffer in IPA tests (Endi S. Dewata) - Move CAEngine.haveAuthorityContainer() to AuthorityRepository (Endi S. Dewata) - Fix doc typos (Marco Fargetta) - replace past tense with present tense to conform to downstream conventions. [skip ci] (Christina Fu) - Add AuthorityRepository.deleteAuthorityRecord() (Endi S. Dewata) - Move CAEngine.modifyAuthorityEntry() to AuthorityRepository (Endi S. Dewata) - Move CAEngine.addAuthorityRecord() to AuthorityRepository (Endi S. Dewata) - Move CAEngine.getAuthorityRecord() to AuthorityRepository (Endi S. Dewata) - Revert "defer moving these user tool pages from wiki." (Christina Fu) - Move AuthorityRepository instance to CAEngine (Endi S. Dewata) - Rename Authority to AuthorityRepository (Endi S. Dewata) - Update KeyClient to support archieval/retrieval with REST API v2 (Endi S. Dewata) - fixed unpaird blocks --- (Christina Fu) - fixed issue introduced by the comment between id line and the header line by moving it below the header [skip ci] (Christina Fu) - Fixed formatting for consistency (Louise McGarry) - Fixes in line with feedback (Louise McGarry) - Reviewed est files to align with doc requirements (Louise McGarry) - Updates to align with docs standards (Louise McGarry) - As it turns out, standalone KRA and OCSP are described in the downstream Installation guide secton 7.6. Setting up a standalone KRA or OCSP. (Christina Fu) - getting installing-ca-with-external-ca-signing-certificate.adoc ready to replace the section: 7.5. Setting up subsystems with an external CA in downstream install guide [skip ci] (Christina Fu) - Update KeyClient.modify_key_status() to support REST API v2 (Endi S. Dewata) - Renamed ServerSideKeygen-related files for upstream->downstream convergence: (Christina Fu) - Fixed issue where comment lines were between the 'id' line and the subject header line that it's supposed to anchor. Solution was to move the comments to after the subjet header. [skip ci] (Christina Fu) - Clean up log messages in pki ca-cert-create (Endi S. Dewata) - Clean up pki pkcs12-export output (Endi S. Dewata) - Add test for paging parameters (Endi S. Dewata) - Update pki *-find commands (Endi S. Dewata) - Update log messages in DBSearchResults (Endi S. Dewata) - Update log messages in AgentCertRequestServlet (Endi S. Dewata) - Update log messages in PKIServlet (Endi S. Dewata) - Do not set up VLV by default (Endi S. Dewata) - CASigningUnit hexstring serial number (Michal Travnicek) - downstream import processing: one small change for single line for script processing [skip ci] (Christina Fu) - Misc update to make it compatible with downstream docs once imported [skip ci] (Christina Fu) - Fix missing error messages (Endi S. Dewata) - Update pki.spec (MichalTravnicek) - fixed xref from old md files to new adoc files [skip ci] (Christina Fu) - Update KeyClient.list_requests() and list_keys() to support REST API v2 (Endi S. Dewata) - Update IPA tests to check pkispawn and pkidestroy logs (Endi S. Dewata) - Remmove "_{context}" in adoc id under pki/docs/installation/ - based on the latest changes in upstream rhcs-docs, "_{context}" needs to be removed from the file id [sip ci] (Christina Fu) - Update pki ca-cert-issue to support CRMF (Endi S. Dewata) - Update KRA tests (Endi S. Dewata) - Update pki ca-cert-request-submit to support CRMF (Endi S. Dewata) - Update pki nss-cert-request to support CRMF (Endi S. Dewata) - Fix deprecation warning in pki ca-cert-request-submit (Endi S. Dewata) - Update CACertClient.submitRequest() (Endi S. Dewata) - Add CertUtil.encodeCRMF() (Endi S. Dewata) - Rename CertUtil.unwrapPKCS10() into unwrapCSR() (Endi S. Dewata) - under pki/docs/installation, replace - Import admin key and certificate: - with - Import admin certificate and key into the client NSS database (by default ~/.dogtag/nssdb) with the following command: [skip ci] (Christina Fu) - under pki/docs/installation - remove more pki client-init calls [skip ci] (Christina Fu) - under pki/docs/installation, - replace the import admin cert and key intro line [skip ci] (Christina Fu) - under pki/docs/installation, - replace the "To use the admin certificate ..." line [skip ci] (Christina Fu) - under pki/docs/installation - remove all pki client-init calls [skip ci] (Christina Fu) - under pki/docs/installation, replace calls to pki client-cert-import ... with pki nss-cert-import ... [skip ci] (Christina Fu) - Add EST reenroll test with different CSR (Marco Fargetta) - Fix EST csr match condition (Marco Fargetta) - Update pki nss-cert-request (Endi S. Dewata) - misc adjustments in pki/docs/installation, including: - removing the word "temporary" for the DS bootstrap certs - adding dc=est to pki ldap tree [skip ci] (Christina Fu) - Convert TPSClientCLI.enrollToken() to Java (Endi S. Dewata) - squashing pki-ldap-tree.adoc into creating-ds-instance.adoc [skip ci] (Christina Fu) - Renaming enabling-ssl-connection-in-ds.adoc to getting-ds-cert-issued-by-actual-ca.adoc so that it fits in the downstream post-install section more nicely. [skip ci] (Christina Fu) - Convert TPSClientCLI.resetPIN() to Java (Endi S. Dewata) - Fix RHCS-5701: (Jack Magne) - Convert TPSClientCLI.formatToken() to Java (Endi S. Dewata) - removed test file [skip ci] (Christina Fu) - replacing "link:" with 'xref:" for links not begin with "http" - to allow asciidoc processor to do intelligent substitution (supposedly). [skip ci] (Christina Fu) - continue the test remove the file name between [] [skip ci] (Christina Fu) - doc convergence: This is a test for asciidoc include [skip ci] (Christina Fu) - xref ref test into subsection using downstream style of - [id=xyz] [skip ci] (Christina Fu) - desolving doc with simple command: exporting-ds-certificates.adoc - merge the command line into referencing docs [skip ci] (Christina Fu) - testing xref link to subsection of an adoc [skip ci] (Christina Fu) - Fix erroneous opsFlag in nss-key-create operation (Marco Fargetta) - Fix CMake libraries for EST (Marco Fargetta) - Update EST test for CSR subject check (Marco Fargetta) - Update EST doc for basic authentication subject check (Marco Fargetta) - Add EST subject check to basic authentication (Marco Fargetta) - Add EST test for enrollMatchTLSSubjSAN (Marco Fargetta) - Add enrollMatchTLSSubjSAN option in est installation doc (Marco Fargetta) - Add option to match CSR subject and SAN with TLS cert (Marco Fargetta) - Fix JRE dependency for pki-console (Endi S. Dewata) - ldaps-related setup cleanup, including: - copying the slightly adjusted installing-ca-clone-with-ldaps-connection.adoc to installing-ca-clone-with-temp-ldaps-connection.adoc for reference. Using the temporary bootstrap DS server cert shouldn't be a recommended case - modified installing-ca-clone-with-temp-ldaps-connection.adoc so that it assumes that the existing PKI instance is running withr real DS server cert, and issues a real DS server cert for the DS of the clone - modified all ldaps installation adoc files to reflect the changes - some adjustments to the already updated ldaps-related sections under pki/docs/installation/others - renamed enabling-temp-ssl-connection-in-ds.adoc to enabling-ssl-connection-in-ds-with-bootstrap-cert.adoc - renamed installing-ca-clone-with-temp-ldaps-connection.adoc to installing-ca-clone-with-ldaps-using-bootstrap-ds-certs.adoc [skip ci] (Christina Fu) - Add SELinux workaround note for cracklibCheck (#4974) (Pritam Singh) - Fix: RHCS-5675 (#4993) (jmagne) - Update dependency to JSS 5.7 (Endi S. Dewata) - Clean up TPSClientCLI.cpp (Endi S. Dewata) - Add test for reinstalling IPA (Endi S. Dewata) - Convert TPSClientCLI.invokeOperation() to Java (Endi S. Dewata) - removed the "moved to" .md files [skip ci] (Christina Fu) - remove the "moved to" files under pki/docs/installation [skip ci] (Christina Fu) - Cover two conditions: - using ds temp bootstrap certs - using certs issued by a real CA (Christina Fu) - defer moving these user tool pages from wiki. [skip ci] (Christina Fu) - Fix javac --release option (Endi S. Dewata) - Don't create audit signing cert by default (Endi S. Dewata) - Update CI for typo fixes (Marco Fargetta) - Fix typos for SSN messages (Marco Fargetta) - Update minimum CMake version (Endi S. Dewata) - Add actionw write permission to stale CI (Marco Fargetta) - Don't use pki_token_name as default token (Endi S. Dewata) - Fix Azure pipelines (Endi S. Dewata) - Increase number for CI stale actions (Marco Fargetta) - Refactor RA_Client::Execute() (Endi S. Dewata) - Remove hard-coded pkidbuser (Endi S. Dewata) - Update CI stale to v9.1.0 (Marco Fargetta) - Update dogtagpki-docs-convention-readme.adoc (Christina Fu) - Update dogtagpki-docs-convention-readme.adoc (Christina Fu) - under pki/docs/installation - adding the following three lines to the top of adoc files with all lower case file names: -- :_mod-docs-content-type: PROCEDURE -- \n -- [id="xxx_{context}"] where 'xxx' is the file name minus the .adoc extention [skip ci] (Christina Fu) - The initial Dogtag pki documentation convention readme file. - future contributors to pki/docs are expected to conform to the contentions listed in this file. - reviewers are expected to give a comment pointing any future doc PR to this file before giving any detailed reviews. [skip ci] (Christina Fu) - Add support for subsystem logging.properties (Endi S. Dewata) - pki/docs/installation adoc files renamed according to new conventions. - All lower case - ‘-’ instead of “_” - Adding “moved to” message to old files - Changing link references from old to new names - replaced "Secure-Connection" with "ldaps" (Christina Fu) - Update to backbone v1.6.0 (Marco Fargetta) - Update to underscore v1.13.7 (Marco Fargetta) - Update to jquery v3.7.1 (Marco Fargetta) - Add pki tps-client (Endi S. Dewata) - Split tpsclient into libpki-tps.so (Endi S. Dewata) - Enable certificate revocation check in NonBlockingSocketFactory (Marco Fargetta) - Enable stale action (Marco Fargetta) - replace "will be" with "is" (if singular) or "are" (if plural) under pki/docs/installation [skip ci] (Christina Fu) - - replace "will be deployed" with "is deployed" under pki/docs/installation - remove backticks surrounding words (instead of names) under pki/docs/installation - remove the extra ", for example" under pki/docs/installation [skip ci] (Christina Fu) - replacing "e.g." with "for example" with some additional rules: - if ')' is not followed by a punctuation, replace it with ',' - if ')' is followed by a punctuation, remove the ')' - ignore "e.g." inside asciidoc code blocks, e.g. acme/Installing-ACME-Responder-using-PKI-Server-ACME-CLI.adoc - adding a pair of backticks to surround the example [skip ci] (Christina Fu) - Refactor CRMFPopClient (part 2) (Endi S. Dewata) - Refactor CRMFPopClient (part 1) (Endi S. Dewata) - Clean up HTTPConnectorCLI.print_connector() (Endi S. Dewata) - Add stale automation for issues and PRs (Marco Fargetta) - Fix product_id and theme params in pki.spec (Endi S. Dewata) - Use Tomcat 9 on RHEL 10 (Endi S. Dewata) - adding missing note to assume export of CA signing cert to ca_signing.crt prior to cloning kra and ocsp with HSM [skip ci] (Christina Fu) - Added 'token' and 'pki_cert_chain_path' configuration parameters (Pritam Singh) - Added 'token' parameters (Pritam Singh) - Added 'token' parameters (Pritam Singh) - Added 'pki_cert_chain_path' configuration parameter (Pritam Singh) - Added 'pki_cert_chain_path' configuration parameter (Pritam Singh) - Fix expected backup folder permissions in CI (Endi S. Dewata) - avoid reference to the word "page" for downstream convergence. [skip ci] (Christina Fu) - Replace "This page describes the process" with "Follow this process" per downstream convergence. [skip ci] (Christina Fu) - Removed "Overview" per downstream convergence. [skip ci] (Christina Fu) - Update version number to 11.7.0-alpha1 (Endi S. Dewata) - Update PKIServer.create_logs_dir() (Endi S. Dewata) - adding [literal,subs="+quotes,verbatim"] line above code "...." blocks [skip ci] (Christina Fu) - replace md quote style (“```”) with adoc style ("....") [skip ci] (Christina Fu) - Update ACME docs [skip ci] (Endi S. Dewata) - Fix home directory owner in containers (Endi S. Dewata) - [skip ci] remove closing ='s from headers in adoc files under pki/docs/installation (Christina Fu) - Reduce failures in container tests (Endi S. Dewata) - [skip ci] - point DS setup link to ../others/Installation_Prerequisites.adoc (Christina Fu) - Use Maven with OpenJDK 17 on RHEL 9 (Endi S. Dewata) - Update pki.spec (Endi S. Dewata) - Using systemd for pkiuser in fedora (Marco Fargetta) - Update spec for compiler flags (Marco Fargetta) - Fix SSL alert in CI (Marco Fargetta) - Add test for ACME container with CA (Endi S. Dewata) - [skip ci] adopted content from 6.3. Setting the FQDN of [RHCS 10cc] for doc convergence. (Christina Fu) - Update version number to 11.6.0 (Endi S. Dewata) - Refactor PKCS10Client (part 2) (Endi S. Dewata) - Refactor PKCS10Client (part 1) (Endi S. Dewata) - Replace deprecated params in examples (Endi S. Dewata) - Add test for PKCS10Client (Endi S. Dewata) - Refactor NSSCertRequestCLI (Endi S. Dewata) - Refactor ClientCertRequestCLI (part 3) (Endi S. Dewata) - Refactor ClientCertRequestCLI (part 2) (Endi S. Dewata) - Refactor ClientCertRequestCLI (part 1) (Endi S. Dewata) - [skip ci] Moved the generic Prerequisites into others/Installation_Prerequisites.adoc and replace all Prerequisites section. (Christina Fu) - [skip ci] For doc convergence: commenting out links that could lead to requirement of too many files imported (Christina Fu) - Fix password check documentation (Marco Fargetta) - Add test for CA password policy enforcement (Marco Fargetta) - Update script for plicy password contraint (Marco Fargetta) - A new policy constraint to enforce p12 password quality. (Marco Fargetta) - Move ServerSide pkcs12 key derivation to enrollment (Marco Fargetta) - Rename default est group from estclient to EST Users (Marco Fargetta) - Update EST doc and CI to create group during installation (Marco Fargetta) - Update EST doc to separte RELM config from user management (Marco Fargetta) - Move realm DB set up for EST in a separate file (Marco Fargetta) - Refactor ClientCertRequestCLI.generateCrmfRequest() (Endi S. Dewata) - Refactor ClientCertRequestCLI.generatePkcs10Request() (Endi S. Dewata) - Refactory CryptoUtil.createPop() (Endi S. Dewata) - Refactory CryptoUtil.createSigner() (Endi S. Dewata) - Consolidate CryptoUtil.createCertificationRequest() (Endi S. Dewata) - Update ACME tests to create DS indexes (Endi S. Dewata) - Move CRMFPopClient.createCertRequest() to CryptoUtil (Endi S. Dewata) - Move CRMFPopClient.createCertTemplate() to CryptoUtil (Endi S. Dewata) - Move CRMFPopClient.createSigner() to CryptoUtil (Endi S. Dewata) - Move CRMFPopClient.createPop() to CryptoUtil (Endi S. Dewata) - Move CRMFPopClient.createCRMFRequest() to CryptoUtil (Endi S. Dewata) - Move CRMFPopClient.getWrappingParams() to CryptoUtil (Endi S. Dewata) - Move CRMFPopClient.createName() to CryptoUtil (Endi S. Dewata) - Move CRMFPopClient.createAVA() to CryptoUtil (Endi S. Dewata) - Move CRMFPopClient.isEncoded() to CryptoUtil (Endi S. Dewata) - Move CRMFPopClient.getKeyWrapAlgotihm() to CAInfoClient (Endi S. Dewata) - Add test for installing CA with obsolete admin cert (Endi S. Dewata) - Rebuild search indexes during cloning (Endi S. Dewata) - Fix missing sys.exit() in pki-server (Endi S. Dewata) - Update pkispawn to verify admin cert (Endi S. Dewata) - Add PKCS12.get_cert() (Endi S. Dewata) - Add pki pkcs12-cert-export --cert-format (Endi S. Dewata) - Update PKIDeployer.init_client_nssdb() (Endi S. Dewata) - Update pki.nssdb.convert_data() (Endi S. Dewata) - Clean up PKIDeployer.setup_admin_cert() (Endi S. Dewata) - Add tests for CLI help and error messages (Endi S. Dewata) - Fix CLI help messages (Endi S. Dewata) - Add test for pki-server instance-externalcert-add/del (Endi S. Dewata) - Fix pki_server_external_certs_path (Endi S. Dewata) - Fix SSNv2 CA workflows (Marco Fargetta) - Fix SSNv2 clone workflows (Marco Fargetta) - Clean up log messages in pki pkcs12-import (Endi S. Dewata) - Clean up log messages in pki-server instance-externalcert-add/del (Endi S. Dewata) - Refactor PKIInstance.add_external_cert() and delete_external_cert() (Endi S. Dewata) - Refactor PKIInstance.save_external_cert_data() (Endi S. Dewata) - Refactor PKIInstance.read_external_certs() (Endi S. Dewata) - Fix error message for exhausted range (Marco Fargetta) - Fix serial handling in PKIServer.renew_certificate() (Endi S. Dewata) - Fix pki-server subsystem-cert-find (Endi S. Dewata) - Update pkiconsole script (Endi S. Dewata) - Fix pki-server instance-find (Endi S. Dewata) - Fix request range creation bug for ssnv2 (Marco Fargetta) - Update test for CA with existing config (Endi S. Dewata) - Add tests for CA admin cert (Endi S. Dewata) - Add IPA renewal test (Endi S. Dewata) - Fix pki-server cert-fix (Endi S. Dewata) - Clean up log messages in pki-server cert-fix (Endi S. Dewata) - Clean up log messages in pki CLI (Endi S. Dewata) - Add pki-server password-set/unset (Endi S. Dewata) - Fix pki-server nss-create --password-file (Endi S. Dewata) - Clean up cert renewal doc [skip ci] (Endi S. Dewata) - Update cert renewal doc (Endi S. Dewata) - Update IPA tests to check CA database config (Endi S. Dewata) - [skip ci] - updated pki/docs/acme/ to rely on Installing_DS_Packages.adoc and Creating_DS_instance.adoc in pki/docs/others instead of pki.wiki's DS-Installation.asciidoc. - Deploying-DS-Container is not included in Creating_DS_instance.adoc. Will add later - removed version-specific link reference to DS-1.3-Installation in Creating_DS_instance.adoc (Christina Fu) - Fix: RHEL-45539 (#4795) (jmagne) - Split EST doc between installation and admin (Marco Fargetta) - Add doc for TLS mutual auth in EST (Marco Fargetta) - Fix build failure on Fedora Rawhide (Endi S. Dewata) - Fix typo in CertFixCLI (Endi S. Dewata) - Fix Python flake8 issues (Endi S. Dewata) - Update Python lint test (Endi S. Dewata) - Update pki CLI to use ArgumentParser (Endi S. Dewata) - Update pki-server to use ArgumentParser (Endi S. Dewata) - [skip ci] pki/docs/installation removed .md files that had been moved away a long time ago. (Christina Fu) - Updating version to v11.6.0-alpha3 (Marco Fargetta) - Use CLI.get_full_name() (Endi S. Dewata) - Add CLI.create_parser() (Endi S. Dewata) - Update CLI.execute() (Endi S. Dewata) - [skip ci] docs/installation/server md -> adoc conversion (Christina Fu) - [skip ci] docs/installation/server cleanup (Christina Fu) - docs/installation/[ocsp,kra.tks.tps] replaced .md files with "Converted/moved to" message (Christina Fu) - docs/installation/ca replaced "moved to" messages (Christina Fu) - Make sbin install dir configurable (Adam Williamson) - [skip ci] fixed top subject level on 3 adoc files under pki/docs/installation/kra (Christina Fu) - [skip ci] pki/docs/installation/tps - title format - add blank line above bullets - use Prerequisites links instead - replaced Markdown-style links with Asciidoc-style links (Christina Fu) - [skip ci] pki/docs/installation/tks (Christina Fu) - [skip ci] pki/docs/installation/tks phase 1 - title format - add blank line above bullets - use Prerequisites links instead existing links will be fixed in follow-up commit (Christina Fu) - [skip ci] pki/docs/installation/pki (Christina Fu) - [skip ci] pki/docs/installation/kra (Christina Fu) - cfu testing out the wiki pages ported over to the repo. (Christina Fu) - Replace libselinux restorecon API with CLI (Marco Fargetta) - Temporary workaround for Podman issue on Ubuntu 24 (Endi S. Dewata) - Fix est doc formatting (Marco Fargetta) - Fix logrotate error (Marco Fargetta) - [skip ci] fixed links (Christina Fu) - [skip ci] copied more files from https://github.com/dogtagpki/pki/wiki/ and fixed link. (Christina Fu) - [skip ci] copied over PKI-Client-CLI and Submitting-Certificate-Request-with-Key-Archival More adjustments are still needed. (Christina Fu) - [skip ci] copied Generating-Certificate-Request* and related docs from https://github.com/dogtagpki/pki/wiki/ to pki/docs/user/tools and pki/docs/user/tools/Generating-CSR (Christina Fu) - [skip ci] copied PKI-NSS-* from https://github.com/dogtagpki/pki/wiki/ to docs/user/tools/ (Christina Fu) - moved Certificate-Profiles.adoc under docs/design/Cert_Enrollment_Profiles moved docs/installation/others/CSR/Generating-Certificate-Request.adoc to docs/user/tools/Generating-CSR/Generating-Certificate-Request.adoc (Christina Fu) - Update CA-Certificate-Profiles.adoc (Christina Fu) - Create CA-Certificate-Profiles.adoc (Christina Fu) - Create Bootstrap-Profiles.adoc (Christina Fu) - Update Certificate-Profiles.adoc (Christina Fu) - Create Certificate-Profiles.adoc (Christina Fu) - Create Certificate-Profiles.adoc (Christina Fu) - Create Generating-Certificate-Request.adoc (Christina Fu) - Update Enabling-SSL-Connection-in-DS.adoc (Christina Fu) - Update Exporting-DS-Certificates.adoc (Christina Fu) - Update PKI-LDAP-Tree.adoc (Christina Fu) - Update PKI-NSS-CLI.adoc (Christina Fu) - Update changes for pkispawn/pkidestroy (Marco Fargetta) - Fix mail notification CI (Marco Fargetta) - Update Installing_Subordinate_CA.md (Christina Fu) - Update Installing_CA_with_HSM.md (Christina Fu) - Update Installing_CA_with_HSM.adoc (Christina Fu) - Update Installing_CA_with_External_CA_Signing_Certificate.md (Christina Fu) - Update Installing_CA_with_External_CA_Signing_Certificate.adoc (Christina Fu) - Update Installing_CA_with_Existing_Keys_in_Internal_Token.adoc (Christina Fu) - Update Installing_CA_with_Existing_Keys_in_HSM.md (Christina Fu) - Update Installing_CA_with_ECC.md (Christina Fu) - Update Installing_CA_with_Custom_CA_Signing_Key.md (Christina Fu) - Update Installing_CA_Clone_with_Secure_Database_Connection.adoc (Christina Fu) - Update ca-secure-ds-secondary.cfg (Christina Fu) - Update Installing_CA_Clone_with_HSM.md (Christina Fu) - Update Installing_CA_Clone_with_HSM.adoc (Christina Fu) - Update Installing_CA_Clone.md (Christina Fu) - Update Installing_CA_Clone.adoc (Christina Fu) - Update Installing_OCSP_with_Secure_Database_Connection.adoc (Christina Fu) - Update Creating_DS_instance.adoc (Christina Fu) - Create PKI-LDAP-Tree.adoc (Christina Fu) - Update Installing_DS_Packages.adoc (Christina Fu) - Update Creating_DS_instance.adoc (Christina Fu) - Update Creating_DS_instance.adoc (Christina Fu) - Update Installing_OCSP_with_Secure_Database_Connection.adoc (Christina Fu) - Update Installing_OCSP_with_HSM.adoc (Christina Fu) - Update Installing_OCSP_with_External_Certificates.adoc (Christina Fu) - Update Installing_OCSP_with_ECC.adoc (Christina Fu) - Update Installing_OCSP_with_Custom_Keys.adoc (Christina Fu) - Update Installing_OCSP_Clone_with_HSM.adoc (Christina Fu) - Update ocsp-standalone-step2.cfg (Christina Fu) - Update ocsp-standalone-step1.cfg (Christina Fu) - Update Installing_Standalone_OCSP.adoc (Christina Fu) - Update Installing_OCSP_with_Secure_Database_Connection.md (Christina Fu) - Update Installing_OCSP_with_Secure_Database_Connection.adoc (Christina Fu) - Update Installing_OCSP_with_HSM.md (Christina Fu) - Update Installing_OCSP_with_HSM.adoc (Christina Fu) - Update Installing_OCSP_with_External_Certificates.md (Christina Fu) - Update Installing_OCSP_with_Custom_Keys.adoc (Christina Fu) - Update ocsp-external-certs-step2.cfg (Christina Fu) - Update Installing_OCSP_with_External_Certificates.adoc (Christina Fu) - Update ocsp-external-certs-step1.cfg (Christina Fu) - Update Installing_OCSP_with_ECC.md (Christina Fu) - Update Installing_OCSP_with_ECC.adoc (Christina Fu) - Update Installing_OCSP_with_Custom_Keys.md (Christina Fu) - Update Installing_OCSP_with_Custom_Keys.adoc (Christina Fu) - Update Installing_OCSP_Clone_with_HSM.md (Christina Fu) - Update Installing_OCSP_Clone_with_HSM.adoc (Christina Fu) - Update Installing_OCSP.md (Christina Fu) - Update Installing_OCSP_Clone.md (Christina Fu) - Update Installing_OCSP_Clone.adoc (Christina Fu) - Update ocsp-clone.cfg (Christina Fu) - Update ocsp.cfg (Christina Fu) - Update Installing_OCSP_with_Secure_Database_Connection.md (Christina Fu) - Create Installing_OCSP_with_Secure_Database_Connection.adoc (Christina Fu) - Update Installing_OCSP_with_HSM.md (Christina Fu) - Create Installing_OCSP_with_HSM.adoc (Christina Fu) - Update Installing_OCSP_with_External_Certificates.md (Christina Fu) - Update Installing_OCSP_with_External_Certificates.md (Christina Fu) - Create Installing_OCSP_with_External_Certificates.adoc (Christina Fu) - Update Installing_Subordinate_CA.adoc (Christina Fu) - Update Installing_CA_with_Secure_Database_Connection.adoc (Christina Fu) - Update Installing_CA_with_HSM.adoc (Christina Fu) - Update Installing_CA_with_External_CA_Signing_Certificate.adoc (Christina Fu) - Update Installing_CA_with_Existing_Keys_in_Internal_Token.adoc (Christina Fu) - Update Installing_CA_with_Existing_Keys_in_HSM.adoc (Christina Fu) - Update Installing_CA_with_ECC.adoc (Christina Fu) - Update Installing_CA_with_Custom_CA_Signing_Key.adoc (Christina Fu) - Update Installing_CA_Clone_with_Secure_Database_Connection.adoc (Christina Fu) - Update Installing_CA_Clone_with_HSM.adoc (Christina Fu) - Update Installing_CA_Clone.adoc (Christina Fu) - Update Installing_CA.adoc (Christina Fu) - Update Installing_OCSP_with_Custom_Keys.adoc (Christina Fu) - Update Installing_OCSP_Clone_with_HSM.adoc (Christina Fu) - Update Installing_OCSP_Clone.adoc (Christina Fu) - Update Installing_OCSP.adoc (Christina Fu) - Create Installing_OCSP_with_ECC.adoc (Christina Fu) - Update Installing_OCSP_with_Custom_Keys.md (Christina Fu) - Create Installing_OCSP_with_Custom_Keys.adoc (Christina Fu) - Update Installing_OCSP.md (Christina Fu) - Update Installing_OCSP_Clone_with_HSM.md (Christina Fu) - Create Installing_OCSP_Clone_with_HSM.adoc (Christina Fu) - Update Installing_OCSP_Clone.md (Christina Fu) - Create Installing_OCSP_Clone.adoc (Christina Fu) - Update Installing_OCSP.md (Christina Fu) - Update Installing_OCSP.md (Christina Fu) - Create Installing_OCSP.adoc (Christina Fu) - Add pkispawn EST deployment documentation (Marco Fargetta) - Update pki.server.cli to use argparse (Endi S. Dewata) - Update drmtest.py to use argparse (Endi S. Dewata) - Update pki.cli.upgrade to use argparse (Endi S. Dewata) - Update pki.cli.pkcs12 to use argparse (Endi S. Dewata) - Update pki.cli.password to use argparse (Endi S. Dewata) - Update pki.server.cli.est to use argparse (Endi S. Dewata) - Update pki.server.cli.acme to use argparse (Endi S. Dewata) - Update pki.server.cli.tps to use argparse (Endi S. Dewata) - Update pki.server.cli.tks to use argparse (Endi S. Dewata) - Update pki.server.cli.ocsp to use argparse (Endi S. Dewata) - Update pki.server.cli.kra to use argparse (Endi S. Dewata) - Update pki.server.cli.ca to use argparse (Endi S. Dewata) - CI Restart network interface in podman container (Marco Fargetta) - Fix container restart issue (Marco Fargetta) - Update pki.server.cli.user to use argparse (Endi S. Dewata) - Update pki.server.cli.subsystem to use argparse (Endi S. Dewata) - Update pki.server.cli.instance to use argparse (Endi S. Dewata) - Update pki.server.cli.sd to use argparse (Endi S. Dewata) - Update pki.server.cli.http to use argparse (Endi S. Dewata) - Update pki.server.cli.db to use argparse (Endi S. Dewata) - Update pki.server.cli.cert to use argparse (Endi S. Dewata) - Update pki.server.cli.audit to use argparse (Endi S. Dewata) - Fix pki-server selftest-enable/disable (Endi S. Dewata) - Fix compiling option in RHEL-10 (Marco Fargetta) - Update pki.server.cli.webapp to use argparse (Endi S. Dewata) - Update pki.server.cli.upgrade to use argparse (Endi S. Dewata) - Update pki.server.cli.selftest to use argparse (Endi S. Dewata) - Update pki.server.cli.range to use argparse (Endi S. Dewata) - Update pki.server.cli.nuxwdog to use argparse (Endi S. Dewata) - Update pki.server.cli.id to use argparse (Endi S. Dewata) - Update pki.server.cli.config to use argparse (Endi S. Dewata) - Update Installing_Subordinate_CA.md (Christina Fu) - Update subca.cfg to include instance name and port numbers with default values (Christina Fu) - Create Installing_Subordinate_CA.adoc (Christina Fu) - Update ca-secure-ds.cfg to include instance name and port numbers with default values (Christina Fu) - Update Installing_CA_with_Secure_Database_Connection.md (Christina Fu) - Create Installing_CA_with_Secure_Database_Connection.adoc (Christina Fu) - Update Installing_CA_with_HSM.md (Christina Fu) - Update Installing_CA_with_External_CA_Signing_Certificate.md (Christina Fu) - Update Installing_CA_with_Existing_Keys_in_Internal_Token.md (Christina Fu) - Update Installing_CA_with_Existing_Keys_in_HSM.md (Christina Fu) - Update Installing_CA_with_ECC.md (Christina Fu) - Update Installing_CA_with_Custom_CA_Signing_Key.md (Christina Fu) - Create Installing_CA_with_HSM.adoc (Christina Fu) - Update pki.server.cli.password to use argparse (Endi S. Dewata) - Update pki.server.cli.nss to use argparse (Endi S. Dewata) - Update pki.server.cli.migrate to use argparse (Endi S. Dewata) - Update pki.server.cli.listener to use argparse (Endi S. Dewata) - Update pki.server.cli.jss to use argparse (Endi S. Dewata) - Update pki.server.cli.group to use argparse (Endi S. Dewata) - Update pki.server.cli.banner to use argparse (Endi S. Dewata) - Update ca-external-cert-step2.cfg to include instance name and port numbers with default values (Christina Fu) - Update ca-external-cert-step1.cfg to include instance name and port numbers with default values (Christina Fu) - Create Installing_CA_with_External_CA_Signing_Certificate.adoc (Christina Fu) - Update ca-existing-certs-step2.cfg to include instance name and port numbers with default values (Christina Fu) - Update ca-existing-certs-step1.cfg to include instance name and port numbers with default values (Christina Fu) - Create Installing_CA_with_Existing_Keys_in_Internal_Token.adoc (Christina Fu) - Create Installing_CA_with_Existing_Keys_in_HSM.adoc (Christina Fu) - Update Installing_CA_with_ECC.adoc (Christina Fu) - Update ca-ecc.cfg to include instance name and port numbers with default values (Christina Fu) - Create Installing_CA_with_ECC.adoc (Christina Fu) - Update Installing_CA_Clone.adoc (Christina Fu) - Update Installing_CA.adoc (Christina Fu) - Create Installing_CA_with_Custom_CA_Signing_Key.adoc (Christina Fu) - Update Python API to support REST API v2 (Endi S. Dewata) - Update Installing_CA_Clone_with_Secure_Database_Connection.md (Christina Fu) - Update Installing_CA_Clone_with_Secure_Database_Connection.adoc (Christina Fu) - Create Exporting-DS-Certificates.adoc (Christina Fu) - Create PKI-NSS-CLI.adoc (Christina Fu) - Update Installing_CA_Clone_with_Secure_Database_Connection.adoc (Christina Fu) - Update Enabling-SSL-Connection-in-DS.adoc (Christina Fu) - Create Enabling-SSL-Connection-in-DS.adoc (Christina Fu) - Create Installing_CA_Clone_with_Secure_Database_Connection.adoc (Christina Fu) - Update Installing_CA_Clone.md (Christina Fu) - Update Installing_CA.md (Christina Fu) - Update Installing_CA_Clone_with_HSM.md (Christina Fu) - Create Installing_CA_Clone_with_HSM.adoc (Christina Fu) - Update Installing-CA-with-RSA-PSS.adoc (Christina Fu) - Update Installing_CA_Clone.md (Christina Fu) - Create Installing_CA_Clone.adoc (Christina Fu) - Update Installing_CA.adoc (Christina Fu) - Update Installing-CA-with-Random-Serial-Numbers-v3.adoc (Christina Fu) - Update Installing_CA.adoc (Christina Fu) - Update FQDN_Configuration.adoc (Christina Fu) - Create FQDN_Configuration.adoc (Christina Fu) - Update Installing_DS_Packages.adoc (Christina Fu) - Update Creating_DS_instance.adoc (Christina Fu) - Create Creating_DS_instance.adoc (Christina Fu) - Create Installing_DS_Packages.adoc (Christina Fu) - Update Creating_DS_instance.adoc (Christina Fu) - Update Creating_DS_instance.adoc (Christina Fu) - Update Creating_DS_instance.adoc (Christina Fu) - Update Creating_DS_instance.adoc (Christina Fu) - Update Installing_CA.adoc (Christina Fu) - Update Installing_DS_Packages.adoc (Christina Fu) - Create Creating_DS_instance.adoc (Christina Fu) - Create Installing_DS_Packages.adoc (Christina Fu) - Replacing Installing_CA.md with link to Installing_CA.adoc message (Christina Fu) - [skip ci] (Christina Fu) - Update ca.cfg to include instance name and port numbers with default values (Christina Fu) - fixed ca.cfg link in Installing_CA.adoc (Christina Fu) - Create Installing_CA.adoc (Christina Fu) - Fix server tests (Endi S. Dewata) - Fix PKIServer.create() (Endi S. Dewata) - Updating version to v11.6.0-alpha2 (Marco Fargetta) - doc: update ACME PKI issuer documentation for authority ID support (Alexander Bokovoy) - fcf-protection only available for x86_64 (Marco Fargetta) - Add a test to specify authority ID in ACME configuration (Alexander Bokovoy) - ACME PKI issuer: add support for Authority ID or DN (Alexander Bokovoy) - Fix range update to legacy2 with clone (Marco Fargetta) - Fix test for request ID conflict with SSNv2 (Endi S. Dewata) - fix createUserNotice parameter order (jmisset-cb) - Address Test Port final TMS fixes for rhel7 to master branch, phase 2, RHCS-5403 (#4894) (jmagne) - Update basic CA test to check DS entries (Endi S. Dewata) - Add tests for conflicts for CA with SSNv2 (Endi S. Dewata) - Explicitely assign `theme` global property in pki.spec (Marco Fargetta) - Fix builddep in azure pipeline (Marco Fargetta) - Add SSNv2 test deploymend with range format error (Marco Fargetta) - Force SSNv2 to require configuration with 0x format (Marco Fargetta) - Fix JAVA_HOME on Fedora 42 (Endi S. Dewata) - Fix variable name in NSSDatabase.get_cert_info() (Endi S. Dewata) - Add fallback for Certificate.not_valid_before/after_utc (Endi S. Dewata) - Update SSNv1 and SSNv2 tests (Endi S. Dewata) - Relocate SSNv2 nextRange attribute (Endi S. Dewata) - Fix deprecation warnings in NSSDatabase (Endi S. Dewata) - Drop update-crypto-policies dependency (Endi S. Dewata) - Drop abrt-java-connector dependency (Endi S. Dewata) - Command file required for PrettyPrintCert (Marco Fargetta) - Update SSNv1 tests (Endi S. Dewata) - Fix mime type for authority chain rest API (Marco Fargetta) - Update test scripts for SSNv2 (Endi S. Dewata) - Relocate SSNv2 range objects for new CA instances (Endi S. Dewata) - Update Dockerfile to work with F41 (Marco Fargetta) - Fix pageSize in AgentCertRequestServlet (Marco Fargetta) - Remove duplicate test scripts (Endi S. Dewata) - Clean up log messages in PKISocketFactory (Endi S. Dewata) - Update ssnv2 tests to support new ranges object for legacy2 migration (Marco Fargetta) - Move legacy2 ranges in a new tree (Marco Fargetta) - Add tests for SSNv2 (Endi S. Dewata) - Rename SSNv1 tests (Endi S. Dewata) - Update CA clone test to check the logs (Endi S. Dewata) - Add legacy2 generator test to sequential tests (Marco Fargetta) - Add a new sequential number generator: legacy2 (Marco Fargetta) - Clean up Repository classes (Endi S. Dewata) - Add tests for next begin/end numbers (Endi S. Dewata) - Update test for CA with sequential serial numbers (Endi S. Dewata) - Add ca--next-range.sh scripts (Endi S. Dewata) - Add ca--range-objects.sh scripts (Endi S. Dewata) - Add ca--range-config.sh scripts (Endi S. Dewata) - Reverting the test-ca-certs.sh (Marco Fargetta) - Add test for CA clone with sequential serial numbers (Endi S. Dewata) - Bump commons-io:commons-io from 2.11.0 to 2.14.0 in /base/common (dependabot[bot]) - Add test for sequential serial number gaps (Endi S. Dewata) - Update test for CA with sequential serial numbers (Endi S. Dewata) - Add SerialNumberUpdateJob (Endi S. Dewata) - Move SerialNumberUpdateTask.updateSerialNumbers() to CAEngine (Endi S. Dewata) - Update IPA tests to check logs before removing server (Endi S. Dewata) - Update CA renewal tests to use pki ca-cert-issue (Endi S. Dewata) - Update CA DS connection test to use pki ca-cert-issue (Endi S. Dewata) - Fix profiles for EST certificate and re-enrollment (Marco Fargetta) - Update test for pki ca-user-show (Endi S. Dewata) - Fix broken publishing workflow due to Maven compiler properties (Endi S. Dewata) - Update IPA tests to check HTTPD error logs (Endi S. Dewata) - Update pki ca-cert-find for API v2 (Endi S. Dewata) - Add pki --api option (Endi S. Dewata) - Update rpminspect test (Endi S. Dewata) - Update IPA tests to check access logs (Endi S. Dewata) - Update caServerCert profile test to use pki ca-cert-issue (Endi S. Dewata) - Update test for CA with caDirPinUserCert profile (Endi S. Dewata) - Generate SSL certificate for EST subsystem (Marco Fargetta) - Update EST CI to consider the file generated (Marco Fargetta) - Fix EST sslserver key name (Marco Fargetta) - Update test for CA with caDirUserCert profile (Endi S. Dewata) - Enable registry for ACME (Endi S. Dewata) - Replace default_deployment_cfg with DEFAULT_DEPLOYMENT_CFG (Endi S. Dewata) - Remove redundant code in PKISubsystem.remove_logs() (Endi S. Dewata) - Remove unused Namespace class (Endi S. Dewata) - Remove unused Certutil class (Endi S. Dewata) - Remove unused File class (Endi S. Dewata) - Replace File.create() with Path.touch() (Endi S. Dewata) - Replace File.modify() with os.chmod() (Endi S. Dewata) - Replace File.copy() with PKIServer.copy() (Endi S. Dewata) - Replace File.exists() with os.path.exists() (Endi S. Dewata) - Remove unused Directory class (Endi S. Dewata) - Replace Directory.delete() with pki.util.rmtree() (Endi S. Dewata) - Replace Directory.create() with pki.util.makedirs() (Endi S. Dewata) - Replace Directory.exists() with os.path.exists() (Endi S. Dewata) - Revert DB setup to the connection method (Marco Fargetta) - Add est test for Postgresql realm (Marco Fargetta) - Remove setup from Postgresql realm authentication (Marco Fargetta) - Auto-create SSL server cert for ACME on separate instance (Endi S. Dewata) - Fix log message from GroupServlet (Marco Fargetta) - Add request format param for PKIDeployer.issue_cert() (Endi S. Dewata) - Add NSS database param for PKIDeployer.generate__request() (Endi S. Dewata) - Add token param for PKIDeployer.generate_csr() (Endi S. Dewata) - Update PKIDeployer.import_cert_chain() (Endi S. Dewata) - Add pki ca-cert-issue (Endi S. Dewata) - Fix problem reinstalling CA with custom ports (Endi S. Dewata) - Add IPA KRA test (Endi S. Dewata) - Add ServerConfig.get__connector() (Endi S. Dewata) - Rename ServerConfig.get_secure_port() to get_https_port() (Endi S. Dewata) - Rename ServerConfig.get_unsecure_port() to get_http_port() (Endi S. Dewata) - Add EST to pkidestroy (Marco Fargetta) - Fix basic IPA test (Endi S. Dewata) - Update param names for PKIDeployer.issue_cert() (Endi S. Dewata) - Update pkidestroy to support ACME (Endi S. Dewata) - Allow pkispawn to install only EST subsystem (Marco Fargetta) - Rename PKIDeployer.request_cert() to issue_cert() (Endi S. Dewata) - Rename PKIDeployer.get_cert_id() to get_cert_param_id() (Endi S. Dewata) - Clean up PKISubsystem.get_subsystem_cert() param name (Endi S. Dewata) - Merge NSSDatabase.create_request_with_wrapping_key() into create_request() (Endi S. Dewata) - Update PKIServer.remove() (Endi S. Dewata) - Update ACME tests to check server files and folders (Endi S. Dewata) - Modify pkispawn to deploy EST (Marco Fargetta) - Add test for ACME on separate instance (Endi S. Dewata) - Add default value for pkidestroy -i option (Endi S. Dewata) - Update PKIServer.remove_subsystem() to take subsystem name (Endi S. Dewata) - Update pkidestroy to ignore missing deployment.cfg (Endi S. Dewata) - Update pkispawn to support ACME (Endi S. Dewata) - Fix pki_ds_setup param (Endi S. Dewata) - Rename test for ACME with certbot into basic ACME (Endi S. Dewata) - Fix CA cloning test with secure DS connection (Endi S. Dewata) - Add ds-cert-import.sh --input option (Endi S. Dewata) - Rename DB_IMAGE to DS_IMAGE (Endi S. Dewata) - Drop ClonesConnectivyAndDataCheck from pki-healthcheck (Endi S. Dewata) - Fix rpminspect test (Endi S. Dewata) - Reorganize Tomcat 9.0 files (Endi S. Dewata) - Update Installing_EST.md (Chris Zinda) - Use Java 17 on RHEL 9 (Endi S. Dewata) - Use Java 21 on RHEL 10 (Andrew Hughes) - Fix routing for duplicated path (Marco Fargetta) - Fix pin cert enrollment in v2 APIs (Marco Fargetta) - Add TPS ConfigService to v2 APIs (Marco Fargetta) - Add TPS ProfileMappingService to v2 APIs (Marco Fargetta) - Fix missing location in TPS profile POST answer (Marco Fargetta) - Add pki nss-cert-find --subject and --issuer options (Endi S. Dewata) - Add TPS AuthenticatorService to v2 APIs (Marco Fargetta) - Add TPS TPSProfileService to v2 APIs (Marco Fargetta) - Add NonBlockingSocketFactory (Endi S. Dewata) - Remove redundant code in CRSEnrollment (Endi S. Dewata) - Update sub CA tests (Endi S. Dewata) - Update cert approval callback (Endi S. Dewata) - Remove server classes from common library (Marco Fargetta) - Add TPS TPSCertService to v2 APIs (Marco Fargetta) - Use gcc option -mbranch-protection=standard (Endi S. Dewata) - Fix CMake build (Marco Fargetta) - Replace JAX-RS with servlet status code in PKIExceptions (Marco Fargetta) - Add PKI Services to v2 APIs (Marco Fargetta) - Add TPS ConnectorService to v2 APIs (Marco Fargetta) - Add TKS TPSConnectorService to v2 APIs (Marco Fargetta) - Add KRA KeyRequestService to v2 APIs (Marco Fargetta) - Fix log and field access for KRA KeyServlet (Marco Fargetta) - Merge ds-container-remove.sh into ds-remove.sh (Endi S. Dewata) - Merge ds-container-create.sh into ds-create.sh (Endi S. Dewata) - Rename ds-container-certs-import.sh to ds-certs-import.sh (Endi S. Dewata) - Rename ds-container-stop.sh to ds-stop.sh (Endi S. Dewata) - Rename ds-container-start.sh to ds-start.sh (Endi S. Dewata) - Fix content type for authorisation error message (Marco Fargetta) - Add KRA KeyService to v2 APIs (Marco Fargetta) - Add KRASystemCertService to v2 APIs (Marco Fargetta) - Update test for HTTPS connector with PKCS #12 file (Endi S. Dewata) - Add CA KRAConnectorService to v2 APIs (Marco Fargetta) - Add KRA InfoService to v2 API (Marco Fargetta) - Revert the ACL check for profile APIs to v1 code. (Marco Fargetta) - Add CA ProfileService to v2 API (Marco Fargetta) - Rename JSSProtocolSocketFactory to DefaultSocketFactory (Endi S. Dewata) - Add pki -D option (Endi S. Dewata) - Fix test for HTTPS connector with NSS database (Endi S. Dewata) - Update pki nss-cert-show (Endi S. Dewata) - Add pki nss-key-show (Endi S. Dewata) - Update cert validation test (Endi S. Dewata) - Update SSLCertificateApprovalCallback.approve() (Endi S. Dewata) - Add tests for cert validation with PKI CLI (Endi S. Dewata) - Add CA CASystemCertService to v2 API (Marco Fargetta) - Add CA CAInstallerService to v2 API (Marco Fargetta) - Replace InternalCertificate with PK11Cert (Endi S. Dewata) - Replace TokenCertificate with PK11Cert (Endi S. Dewata) - Add CA AuthorityService to v2 API (Marco Fargetta) - Remove default cert approval callback in PKIClient (Endi S. Dewata) - Remove unused PKIClient.callback (Endi S. Dewata) - Remove unused PKIClient.crypto (Endi S. Dewata) - Add MainCLI.createCertApprovalCallback() (Endi S. Dewata) - Replace ConfigCertApprovalCallback with PKICertificateApprovalCallback (Endi S. Dewata) - Move PKIClient.statuses to PKICertificateApprovalCallback (Endi S. Dewata) - Move PKIClient.ignoredCertStatuses to PKICertificateApprovalCallback (Endi S. Dewata) - Move PKIClient.rejectedCertStatuses to PKICertificateApprovalCallback (Endi S. Dewata) - Clean up PKICertificateApprovalCallback (Endi S. Dewata) - Add FeatureService to v2 APIs (Marco Fargetta) - Add GroupService to v2 APIs (Marco Fargetta) - Remove unused Configurator (Endi S. Dewata) - Update TokenAuthentication.sendAuthRequest() (Endi S. Dewata) - Optimise the creation of servlet base object for v2 (Marco Fargetta) - Fix v2 routing regular expression (Marco Fargetta) - Add SecurityDomainService to Job v2 APIs (Marco Fargetta) - Add AuditService to Job v2 APIs (Marco Fargetta) - Move common methods for engine retrieve to PKIServlet (Marco Fargetta) - Bundle Jakarta Activation API (Endi S. Dewata) - Bundle Jakarta Annotation API (Endi S. Dewata) - Bundle JAXB API (Endi S. Dewata) - Clean up Azure pipeline (Endi S. Dewata) - Make v2 WebAnnotation and ACLFilter paths relatives (Marco Fargetta) - Rename v2 classes to be consistent with servlet name (Marco Fargetta) - Reorganise v2 APIs shared among subsystems (Marco Fargetta) - Update TPS servlets to WebAction annotation (Marco Fargetta) - Update CA servlets to WebAction annotation (Marco Fargetta) - Update UserServlet to WebAction annotation (Marco Fargetta) - Update SelfTestServlet to WebAction annotation (Marco Fargetta) - Update AccountServlet to WebAction annotation (Marco Fargetta) - Update JobServlet to WebAction annotation (Marco Fargetta) - Add routing based the annotation WebAction (Marco Fargetta) - Rename jboss-jaxrs JAR file (Endi S. Dewata) - Update CMake files (Endi S. Dewata) - Fix Azure pipeline failure (Endi S. Dewata) - Add RPM spec options for build and runtime dependencies (Endi S. Dewata) - Clean up RPM spec (Endi S. Dewata) - Add RPM spec option to build without Maven (Endi S. Dewata) - Add JobServlet to CA, KRA, OCSP, TKS and TPS v2 APIs (Marco Fargetta) - Add JobServletBase for Job v2 APIs (Marco Fargetta) - Fix method name in log message (Marco Fargetta) - Update Eclipse classpath (Endi S. Dewata) - Rename SSLClientCertAuthentication to SSLClientCertAuthManager (Endi S. Dewata) - Rename javax.annotations-api.jar to jakarta.annotation-api.jar (Endi S. Dewata) - Rename javax.activation.jar to jakarta.activation-api.jar (Endi S. Dewata) - Rename jaxb-api.jar to jakarta.xml.bind-api.jar (Endi S. Dewata) - Rename jaxrs-api.jar to jboss-jaxrs-2.0-api.jar (Endi S. Dewata) - Fix CMake build for missing libraries (Marco Fargetta) - Add SelfTestServlet to TPS v2 APIs (Marco Fargetta) - Add SelfTestServlet to TKS v2 APIs (Marco Fargetta) - Add SelfTestServlet to OCSP v2 APIs (Marco Fargetta) - Add SelfTestServlet to KRA v2 APIs (Marco Fargetta) - Add SelfTestServlet to CA v2 APIs (Marco Fargetta) - Add SelfTestServletBase for self test v2 APIs (Marco Fargetta) - Remove printStackTrace and JAX-RS classes from UserServletBase (Marco Fargetta) - Add UserServlet to TPS subsystem (Marco Fargetta) - Add UserServlet to TKS subsystem (Marco Fargetta) - Add UserServlet to OCSP subsystem (Marco Fargetta) - Add UserServlet to KRA subsystem (Marco Fargetta) - Add UserServlet to CA subsystem (Marco Fargetta) - Add UserServletBase for user management (Marco Fargetta) - Update CMake script (Endi S. Dewata) - Fix fontawesome4-fonts-web dependency (Endi S. Dewata) - Publish Maven artifacts to dogtagpki/repo (Endi S. Dewata) - Implement v2 AccountService for TPS (Marco Fargetta) - Implement v2 AccountService for TKS (Marco Fargetta) - Implement v2 AccountService for OCSP (Marco Fargetta) - Implement v2 AccountService for KRA (Marco Fargetta) - Implement v2 AccountService for CA (Marco Fargetta) - Reorganize Maven dependencies (Endi S. Dewata) - Fix Maven metadata file names (Endi S. Dewata) - Add support for bundling Jackson (Endi S. Dewata) - Add support for bundling JAX-RS 2.0 API (Endi S. Dewata) - Add support for bundling JBoss Logging (Endi S. Dewata) - Add support for bundling RESTEasy (Endi S. Dewata) - Consolidate links for resteasy-servlet-initializer.jar (Endi S. Dewata) - Consolidate symlinks (Endi S. Dewata) - Clean up CMake variables (Endi S. Dewata) - Enable SHA1 policy when PKICertImport is tested (Marco Fargetta) - Replace Resteasy Exception with PKI equivalent in v2 (Marco Fargetta) - Remove VLV search from RequestNotifier (Marco Fargetta) - Fix TPS test failure (Endi S. Dewata) - Clean up log messages in ConfigStore (Endi S. Dewata) - Fix IPA Clone checks (Marco Fargetta) - Remove default audit signing cert in containers (Endi S. Dewata) - Fix SPDX license (Endi S. Dewata) - Fixing race condition on close connection (Marco Fargetta) - Clean up container startup scripts (Endi S. Dewata) - Remove VLV search from RequestRepository (Marco Fargetta) - Remove default admin cert in containers (Endi S. Dewata) - Update pki-server ca-cert-create (Endi S. Dewata) - Update container tests to check server info (Endi S. Dewata) - Update CASubsystem.import_cert() (Endi S. Dewata) - Fix conf and logs paths in containers (Endi S. Dewata) - Add TPS container (Endi S. Dewata) - Add pki_authdb_url param (Endi S. Dewata) - Update tests to use pki nss-cert-import (Endi S. Dewata) - Split PKIDeployer.configure_tps() (Endi S. Dewata) - Move authdb methods into PKIDeployer (Endi S. Dewata) - Fix failure in test for LWCA with HSM (Endi S. Dewata) - Add TKS container (Endi S. Dewata) - Add test for CA container user service (Endi S. Dewata) - Add pki-server -user-add --cert option (Endi S. Dewata) - CVE-2023-4727 Fix token authentication bypass vulnerability (Endi S. Dewata) - Implement v2 TPS TokenService without vlv (Marco Fargetta) - Add ansible step for DS setup (Marco Fargetta) - Add test for CA migration to container (Endi S. Dewata) - Remove redundant default values in CS.cfg (Endi S. Dewata) - Fix runner-init.sh to support Podman in container (Endi S. Dewata) - Add pki-server ca-cert-import --csr option (Endi S. Dewata) - Make ACL filter configurable for method and path (Marco Fargetta) - Add handlers for all HTTP methods in PKIServlet (Marco Fargetta) - Remove redundant files in containers (Endi S. Dewata) - Fix pylint issues (Endi S. Dewata) - Fix cmake build of v2 REST APIs in TPS (Marco Fargetta) - Remove printStackTrace from REST v2 filters (Marco Fargetta) - Move current REST APIs to v1 package (Marco Fargetta) - Move REST endpoint to v1 (Marco Fargetta) - Add excption to PKIServlet logs (Marco Fargetta) - Fix sorkey array control and TPS ActivityServlet (Marco Fargetta) - Implement method for /tpm/v2/activities APIs (Marco Fargetta) - Move base class for REST servlet to server package (Marco Fargetta) - Clean up container startup scripts (Endi S. Dewata) - Fix nickname params in pki-kra-run (Endi S. Dewata) - Add test for CA container with existing config (Endi S. Dewata) - Fix pki-artifacts-save.sh (Endi S. Dewata) - Fix file owners during installation (Endi S. Dewata) - Add test for CA container system service (Endi S. Dewata) - Fix default config file owners in container image (Endi S. Dewata) - Allow non-root to run pkispawn/pkidestroy (Endi S. Dewata) - Create home directory for default PKI user (Endi S. Dewata) - Add basic CA container test (Endi S. Dewata) - Modify ServiceCheckChallenge to use paged search (Marco Fargetta) - Tidyup CMCRevReqServletFreeVLV (Marco Fargetta) - Modify CMCRevReqServlet to use paged search (Marco Fargetta) - Modify ChallengeRevocationServlet1 to use paged search (Marco Fargetta) - Split container data folder (Endi S. Dewata) - Add PKIServer.chown() (Endi S. Dewata) - Update os.chown() in pki.nssdb and pki.util (Endi S. Dewata) - Clean up log messages in pkispawn (Endi S. Dewata) - Add PKIServer.store_cert_request() (Endi S. Dewata) - Add PKIDeployer.create_cert_id() (Endi S. Dewata) - Update PKIDeployer.setup_system_certs() (Endi S. Dewata) - Update PKIDeployer.create_server_nssdb() (Endi S. Dewata) - Remove default value for pki_server_database_password (Endi S. Dewata) - Update sanitize_user_deployment_cfg() (Endi S. Dewata) - Update PKIConfigParser.compose_pki_master_dictionary() (Endi S. Dewata) - Update PKIConfigParser.read_pki_configuration_file() (Endi S. Dewata) - Update PKIConfigParser.validate() (Endi S. Dewata) - Move System.write_overrides() into PKIDeployer (Endi S. Dewata) - Move Systemd.set_override() into PKIDeployer (Endi S. Dewata) - Move enable_pki_logger() into PKIDeployer (Endi S. Dewata) - Remove unused Directory.modify() (Endi S. Dewata) - Remove unused Directory.copy() (Endi S. Dewata) - Remove unused Symlink class (Endi S. Dewata) - Remove obsolete [RA] section in default.cfg (Endi S. Dewata) - Add GH workflow for CA container tests (Endi S. Dewata) - Update container tests to use Podman (Endi S. Dewata) - Add serial and issuer to SSL logs and audits (Marco Fargetta) - Fix config file owners and permissions for containers (Endi S. Dewata) - Fix filter for lastSerial in KeyRepository and tidyup (Marco Fargetta) - Fix CertificateRepository wrong method id debug log (Marco Fargetta) - Update KeyRepository to Paged Search (Marco Fargetta) - Tidyup HashEnrollServlet (Marco Fargetta) - Replace VLV with paged based search in HashEnrollServlet (Marco Fargetta) - Update PKI server container (Endi S. Dewata) - Fix CA with secure ds CI failure (Marco Fargetta) - Fix CI ansible tests (Marco Fargetta) - Add options for ds-container-create.sh (Endi S. Dewata) - Add options for runner-init.sh (Endi S. Dewata) - Add options for ds-container-start.sh (Endi S. Dewata) - Add OCSP container (Endi S. Dewata) - Add KRA container (Endi S. Dewata) - Update ACME container test (Endi S. Dewata) - Update CA container test (Endi S. Dewata) - Update PKI Server container (Endi S. Dewata) - Restore pki_instance_configuration_path param (Endi S. Dewata) - Fix mispelled "extension" word (Marco Fargetta) - Remove unused preop.cert.rsalist (Endi S. Dewata) - Remove unused preop.cert..keysize.size (Endi S. Dewata) - Remove unused preop.cert..defaultSigningAlgorithm (Endi S. Dewata) - Remove unused preop.cert..signing.required (Endi S. Dewata) - Remove unused preop.cert..keysize.custom_size (Endi S. Dewata) - Remove unused preop.cert..subsystem (Endi S. Dewata) - Remove unused preop.cert..userfriendlyname (Endi S. Dewata) - Remove unused preop.cert..cncomponent.override (Endi S. Dewata) - Update CA container (Endi S. Dewata) - Add data folder for ACME container (Endi S. Dewata) - Clean up log messages (Endi S. Dewata) - Add support for deprecation info (Endi S. Dewata) - Update ACME container instance (Endi S. Dewata) - Update ACME container volumes (Endi S. Dewata) - Update ACME container deployment doc (Endi S. Dewata) - Merge PKIDeployer.retrieve_cert_chain() (Endi S. Dewata) - Update PKIDeployer.finalize_ocsp() (Endi S. Dewata) - Update NSSDatabase.import_pkcs7() (Endi S. Dewata) - Add NSSDatabase.create_pkcs7() (Endi S. Dewata) - Clean up CA container test (part 2) (Endi S. Dewata) - Clean up CA container test (part 1) (Endi S. Dewata) - Update pki-ca-run (Endi S. Dewata) - Add DS params for CA container (Endi S. Dewata) - Add NSSDatabase.get_pkcs7_certs() (Endi S. Dewata) - Update NSSDatabase.add_ca_cert() (Endi S. Dewata) - Remove unused preop.cert..signingalgorithm (Endi S. Dewata) - Remove unused preop.cert..keyalgorithm (Endi S. Dewata) - Update pki pkcs7-cert-import (Endi S. Dewata) - Merge preop.cert.audit_signing.type into PKIDeployer.get_cert_type() (Endi S. Dewata) - Remove unused preop.cert..nickname (Endi S. Dewata) - Remove unused preop.cert..dn (Endi S. Dewata) - Fix NSSDatabase.import_cert_chain() (Endi S. Dewata) - Remove cs.type param (Endi S. Dewata) - Update PKIDeployer.retrieve_cert_chain() (Endi S. Dewata) - Add PKIDeployer.get_cert_type() (Endi S. Dewata) - Drop pki-server-upgrade (Endi S. Dewata) - Remove unconfigurable instanceId param (Endi S. Dewata) - Fix log message in RecordPagedList (Marco Fargetta) - Update DS container to dirsrv for OCSP ansible test (Marco Fargetta) - Add PKIDeployer.get_cert_profile() (Endi S. Dewata) - Fix pki_security_domain_setup param (Endi S. Dewata) - Update IPA basic test (Endi S. Dewata) - Remove preop.cert..keytype param (Endi S. Dewata) - Add PKIDeployer.get_key_type() (Endi S. Dewata) - Add default values for passwordFile and passwordClass (Endi S. Dewata) - Fix pki-server subsystem-cert-export (Marco Fargetta) - Replace PasswordStore.create() with CMS.createPasswordStore() (Endi S. Dewata) - Remove redundant code in DBSubsystem.configureExcludedLdapAttrs() (Endi S. Dewata) - Update NuxwdogPasswordStore to implement PasswordStore (Endi S. Dewata) - Fix critical failure exception (Marco Fargetta) - Fix LDAP paged search with sort key (Marco Fargetta) - Invert last serial number find in range (Marco Fargetta) - Fix certs find in UniqueKeyConstraint (Marco Fargetta) - Update CertificateRepository to Paged Search (Marco Fargetta) - Fix pki-ca-run (Endi S. Dewata) - Fix error handling in pki nss-cert-export (Endi S. Dewata) - Update CA container (Endi S. Dewata) - Update installation tests with existing config files (Endi S. Dewata) - Update PKIDeployer.setup_admin_cert() (Endi S. Dewata) - Move KRA clone tests into separate workflow (Endi S. Dewata) - Update lewagon/wait-on-check-action (Endi S. Dewata) - Add option to remove config folder (Endi S. Dewata) - Convert UniqueKeyConstraint from VLV to paged search (Marco Fargetta) - Add stack-clash protection to native code (Marco Fargetta) - Fix file-based CRL publishing test (Marco Fargetta) - Add PKIServer.create_web_xml() (Endi S. Dewata) - Add PKIServer.create_context_xml() (Endi S. Dewata) - Add PKIServer.create_catalina_properties() (Endi S. Dewata) - Clean up PKIServer.create_logging_properties() (Endi S. Dewata) - Remove redundant code in PKIInstance.create() (Endi S. Dewata) - Add options for custom config and log folders (Endi S. Dewata) - Update TPS tests to check DS and PKI logs (Endi S. Dewata) - Update TKS tests to check DS and PKI logs (Endi S. Dewata) - Update OCSP tests to check DS and PKI logs (Endi S. Dewata) - Clean up instance_layout.py (Endi S. Dewata) - Remove temporary password file (Endi S. Dewata) - Replace Certutil.import_cert() with NSSDatabase.import_cert_chain() (Endi S. Dewata) - Replace Certutil.verify_certificate_exists() with NSSDatabase.get_cert() (Endi S. Dewata) - Replace File.copy_with_slot_substitution() with PKIServer.copyfile() (Endi S. Dewata) - Update PKIDeployer.configure_server_xml() (Endi S. Dewata) - Add PKIDeployer.configure_http_connectors() (Endi S. Dewata) - Add PKIDeployer.enable_proxy() (Endi S. Dewata) - Add PKIDeployer.enable_access_log()/disable_access_log() (Endi S. Dewata) - Add PKIServer.enable_rewrite() (Endi S. Dewata) - Update log messages in SecurityDomainProcessor.getDomainInfo() (Endi S. Dewata) - Update client NSS database objects (Endi S. Dewata) - Add ignore_duplicate param for PKISubsystem.add_crl_issuing_point() (Endi S. Dewata) - Add ignore_duplicate param for PKISubsystem.add_user_cert() (Endi S. Dewata) - Add ignore_duplicate param for PKISubsystem.add_user() (Endi S. Dewata) - Add PKIServer.actual_logs_dir property (Endi S. Dewata) - Add PKIServer.actual_conf_dir property (Endi S. Dewata) - Update PKIDeployer.setup_admin_cert() (part 3) (Endi S. Dewata) - Update PKIDeployer.setup_admin_cert() (part 2) (Endi S. Dewata) - Update PKIDeployer.setup_admin_cert() (part 1) (Endi S. Dewata) - Remove unused PK12util class (Endi S. Dewata) - Update PKIDeployer.export_admin_pkcs12() (Endi S. Dewata) - Update PKIDeployer.store_admin_cert() (Endi S. Dewata) - Split PKIDeployer.import_admin_cert() (Endi S. Dewata) - Update NSSDatabase.import_cert_chain() (Endi S. Dewata) - Update NSSDatabase.import_pkcs7() (Endi S. Dewata) - Update NSSDatabase.get_cert() (Endi S. Dewata) - Update PKIDeployer.create_server_nssdb() (Endi S. Dewata) - Drop unused ELdapException in LdapConnInfo (Endi S. Dewata) - Drop unused ELdapException in CertUserLocator (Endi S. Dewata) - Update publishing mappers to use DBException (Endi S. Dewata) - Update Mapper to use DBException (Endi S. Dewata) - Update LdapExpression to use DBException (Endi S. Dewata) - Update LdapConnModule to use DBException (Endi S. Dewata) - Update LdapPublishModule to use DBException (Endi S. Dewata) - Update Publisher to use DBException (Endi S. Dewata) - Update PublisherProcessor to use DBException (Endi S. Dewata) - Update CAPublisherProcessor to use DBException (Endi S. Dewata) - Remove redundant code in subsystem_layout.py (Endi S. Dewata) - Update CAEngine to use DBException (Endi S. Dewata) - Update LDAPConfigStorage to use DBException (Endi S. Dewata) - Update UpdateCRL to use DBException (Endi S. Dewata) - Update UpdateDir to use DBException (Endi S. Dewata) - Update PublisherAdminServlet to use DBException (Endi S. Dewata) - Update DirAclAuthz to use DBException (Endi S. Dewata) - Update PasswdUserDBAuthentication to use DBException (Endi S. Dewata) - Update DirBasedAuthentication to use DBException (Endi S. Dewata) - Update RequestListener to use DBException (Endi S. Dewata) - Remove unused IPublishRuleSet (Endi S. Dewata) - Convert IPolicy into Policy (Endi S. Dewata) - Merge IPolicyRule into PolicyRule (Endi S. Dewata) - Rename APolicyRule to PolicyRule (Endi S. Dewata) - Convert IRevocationPolicy into RevocationPolicy (Endi S. Dewata) - Convert IRenewalPolicy into RenewalPolicy (Endi S. Dewata) - Convert IEnrollmentPolicy into EnrollmentPolicy (Endi S. Dewata) - Merge IPolicySet into PolicySet (Endi S. Dewata) - Update LDAPSecurityDomainSessionTable to use DBException (Endi S. Dewata) - Update AuthorityMonitor to use DBException (Endi S. Dewata) - Update CrossCertPairSubsystem to use DBException (Endi S. Dewata) - Update LDAPProfileSubsystem to use DBException (Endi S. Dewata) - Update UGSubsystem to use DBException (Endi S. Dewata) - Update DBSubsystem to use DBException (Endi S. Dewata) - Update ELdapException to extend DBException (Endi S. Dewata) - Add DBRecordAlreadyExistsException (Endi S. Dewata) - Add LDAPExceptionConverter.toDBException() (Endi S. Dewata) - Rename EDBRecordNotFoundException to DBRecordNotFoundException (Endi S. Dewata) - Rename EDBNotAvailException to DBNotAvailableException (Endi S. Dewata) - Rename EDBException to DBException (Endi S. Dewata) - Update exception messages in LDAPExceptionConverter.toPKIException() (Endi S. Dewata) - Add exist_ok param for PKIServer.copyfile() (Endi S. Dewata) - Add exist_ok param for PKIServer.copy() (Endi S. Dewata) - Update log messages in PKIServer.store_passwords() (Endi S. Dewata) - Update log messages in PKIServer.symlink() (Endi S. Dewata) - Update log messages in PKIServer.makedirs() (Endi S. Dewata) - Update log messages in PKIServer.undeploy_webapp() (Endi S. Dewata) - Update log messages in PKIServer.deploy_webapp() (Endi S. Dewata) - Use standard logs dir (Endi S. Dewata) - Remove CrlIssuer from template with CRLDP (Marco Fargetta) - Replace LDAPSearchResult.nextElement() with next() (Endi S. Dewata) - Update pkidestroy and pki-server remove (Endi S. Dewata) - Disable upstream QE tests (Endi S. Dewata) - Add PKIDeployer.remove_server_nssdb() (Endi S. Dewata) - Add tests to check server files after removal (Endi S. Dewata) - Clean up PKIServer.create() and remove() (Endi S. Dewata) - Add template profile for ServerCert with CRL-DP extension (Marco Fargetta) - Fix instance removal in KRA OAEP test (Endi S. Dewata) - Add tests for file types, owners, and permissions (Endi S. Dewata) - Convert LdapBoundConnFactory.mConns into List (Endi S. Dewata) - Convert LdapAnonConnFactory.mConns into List (Endi S. Dewata) - Replace AnonConnection with LdapAnonConnection (Endi S. Dewata) - Remove redundant LdapBoundConnFactory.init() (Endi S. Dewata) - Remove redundant LdapBoundConnection.connectionFactory (Endi S. Dewata) - Remove redundant AnonConnection.getFacId() (Endi S. Dewata) - Update exception messages in LdapConnInfo (Endi S. Dewata) - Update LDAP minConns in CLIs (Endi S. Dewata) - Use standard conf dir (Endi S. Dewata) - Add PKISubsystem.set_config() (Endi S. Dewata) - Refactor validateSyntaxDNS to support wildcard DNS entries (Mikel Olasagasti Uranga) - Update docs to use standard conf dir (Endi S. Dewata) - Fix building flags for C++ code (Marco Fargetta) - Rename test for CA with non-default user (Endi S. Dewata) - Update test for file-based CRL publishing (Endi S. Dewata) - Update DBSearchResults.mRes (Endi S. Dewata) - Refactor DBSearchResults (Endi S. Dewata) - Add test for CA with caDirPinUserCert profile (Endi S. Dewata) - Fix IPA tests (Endi S. Dewata) - Update IPA tests to show DS logs (Endi S. Dewata) - Update CA tests to show DS logs (Endi S. Dewata) - Consolidate constants for LDAP-based profile auth (Endi S. Dewata) - Move SessionContext to pki-server.jar (Endi S. Dewata) - Move KeyRecoveryAuthority.mReplicaRepot to KRAEngine (Endi S. Dewata) - Move KeyRecoveryAuthority.mKeyDB to KRAEngine (Endi S. Dewata) - Refactor DBSubsystem (Endi S. Dewata) - Remove unused param in LdapBoundConnFactory.init() (Endi S. Dewata) - Remove unused param in LdapAnonConnFactory.init() (Endi S. Dewata) - Removed unused fields in LdapConnFactory (Endi S. Dewata) - Refactor LdapBoundConnFactory (Endi S. Dewata) - Refactor LdapAnonConnFactory (Endi S. Dewata) - Refactor CMSEngine.testLDAPConnection() (Endi S. Dewata) - Update Dockerfile for IPA tests (Endi S. Dewata) - Update tests to use standard conf dir (Endi S. Dewata) - Tidyup CertStatusUpdateTask (Marco Fargetta) - Convert CertStatusUpdate from VLV to paged search (Marco Fargetta) - Update KRATool to use java.util.logging (Endi S. Dewata) - Add test for KRA migration (Endi S. Dewata) - Update ds-container-create.sh (Endi S. Dewata) - Deprecate revoker tool (Endi S. Dewata) - Fix log message in PKISocketFactory (Marco Fargetta) - Implement method for /ca/v2/agent/certs APIs (Marco Fargetta) - Add test for key archival and retrieval in IPA (Endi S. Dewata) - Drop p7tool (Endi S. Dewata) - Add test for key archival and retrieval (Endi S. Dewata) - Update KeyRecoveryAuthority.doKeyRecovery() (Endi S. Dewata) - Remove .standalone param (Endi S. Dewata) - Drop p12tool (Endi S. Dewata) - Drop pki_existing param (Endi S. Dewata) - Update PKIDeployer.setup_admin_cert() (Endi S. Dewata) - Update CA tests to capture pkidestroy logs (Endi S. Dewata) - Add test for KRA with existing HSM (Endi S. Dewata) - Update pki-server status (Endi S. Dewata) - Add test for KRA with existing NSS database (Endi S. Dewata) - Update log messages in UGSubsystem.buildUser() (Endi S. Dewata) - Drop sslget (Endi S. Dewata) - Add test for KRA with existing certs (Endi S. Dewata) - Use gcc option _FORTIFY_SOURCE=3 (Endi S. Dewata) - Remove VLV query from EnrollServlet (Marco Fargetta) - Implement method for /ca/v2/certrequests APIs (Marco Fargetta) - Drop zlib dependency (Endi S. Dewata) - Remove unused .admin.cert param (Endi S. Dewata) - Remove unused FindMozLDAP.cmake (Endi S. Dewata) - Update log messages in PKIDeployer.setup_admin_cert() (Endi S. Dewata) - Clean up NSSDatabase.get_cert_info() (Endi S. Dewata) - Clean up pkispawn man page (Endi S. Dewata) - Remove unused Certutil.generate_certificate_request() (Endi S. Dewata) - Refactor PKIDeployer.create_admin_csr() (part 2) (Endi S. Dewata) - Refactor PKIDeployer.create_admin_csr() (part 1) (Endi S. Dewata) - Refactor PKIDeployer.setup_admin_cert() (part 3) (Endi S. Dewata) - Refactor PKIDeployer.setup_admin_cert() (part 2) (Endi S. Dewata) - Refactor PKIDeployer.setup_admin_cert() (part 1) (Endi S. Dewata) - Clean up keygen.py (Endi S. Dewata) - Clean up KRA test artifacts (Endi S. Dewata) - Update Java dependencies (Endi S. Dewata) - Merge IDM Console Framework (Endi S. Dewata) - Fix missing dnf builddep in Dockerfiles (Endi S. Dewata) - Update dependencies (Endi S. Dewata) - Add tests for adding multiple LWCAs (Endi S. Dewata) - Update CA tests to capture pkidestroy logs (Endi S. Dewata) - Update IPA tests to display logs (Endi S. Dewata) - Update version number to 11.6.0-alpha1 (Endi S. Dewata) - Update Sonar action for pull requests (Marco Fargetta) - Updating version number to 11.5.0 (Endi S. Dewata) - Add test for subca in ipa clone (Marco Fargetta) - Fix CI failures (Endi S. Dewata) - Remove AuthorityMonitor tracking update (Marco Fargetta) - Fix REGISTRY_NAMESPACE param (Endi S. Dewata) - Fix BASE_IMAGE param (Endi S. Dewata) - Tidyup /ca/v2/agent/certrequests APIs implementation (Marco Fargetta) - Implement POST method for /ca/v2/agent/certrequests APIs (Marco Fargetta) - Implement GET method for /ca/v2/agent/certrequests APIs (Marco Fargetta) - Adding filters for v2 APIs (Marco Fargetta) - Fix pki-server subsystem-show (Endi S. Dewata) - Add pki-server webapp-show (Endi S. Dewata) - Refactor PKIServer.get_webapps() (Endi S. Dewata) - Fix test for CA with request notification (Endi S. Dewata) - Update docker/login-action (Endi S. Dewata) - Update docker/build-push-action (Endi S. Dewata) - Update docker/setup-buildx-action (Endi S. Dewata) - Update actions/upload-artifact (Endi S. Dewata) - Update actions/setup-java (Endi S. Dewata) - Update actions/cache (Endi S. Dewata) - Update actions/checkout (Endi S. Dewata) - Add test for KRA with ECC (Endi S. Dewata) - Add pki-server ca-profile-mod (Endi S. Dewata) - Add pki-server ca-profile-find (Endi S. Dewata) - New list requests using paged search (Marco Fargetta) - Update log messages in CMSEngine (Endi S. Dewata) - Replace CRLIssuingPoint.mCA with CAEngine.getCA() (Endi S. Dewata) - Replace CRLIssuingPoint.getCertificateAuthority() with CAEngine.getCA() (Endi S. Dewata) - Refactor CAEngine.addCRLIssuingPoint() (Endi S. Dewata) - Split CertificateAuthority.processRequest() (Endi S. Dewata) - Clean up CA test artifacts (Endi S. Dewata) - Clean up log messages in CASigningUnit (Endi S. Dewata) - Refactor OCSPEngine.initSubsystem() (Endi S. Dewata) - Refactor CAEngine.initSubsystem() (Endi S. Dewata) - Replace CAAdminServlet.mCA with CAEngine.getCA() (Endi S. Dewata) - Split CertificateAuthority.generateSigningCert() (Endi S. Dewata) - Move CertificateAuthority.revokeAuthority() to CAEngine (Endi S. Dewata) - Add test for LWCA removal (Endi S. Dewata) - Add CertificateAuthority.certRepository (Endi S. Dewata) - Add CAEngine.validate() (Endi S. Dewata) - Replace IOCSPService.validate() with OCSPServlet.validate() (Endi S. Dewata) - Add CertificateAuthority.ocspResponderByName (Endi S. Dewata) - Add CertificateAuthority.fastSigning (Endi S. Dewata) - Split CertificateAuthority.sign() (Endi S. Dewata) - Updating version to v11.5.0-alpha7 (Marco Fargetta) - Updating version to v11.5.0-alpha6 (Marco Fargetta) - Move CertificateAuthority.initCertSigningUnit() to CAEngine (Endi S. Dewata) - Move CertificateAuthority.initCRLSigningUnit() to CAEngine (Endi S. Dewata) - Move CertificateAuthority.initOCSPSigningUnit() to CAEngine (Endi S. Dewata) - Move CertificateAuthority.init() to CAEngine (Endi S. Dewata) - Replace CAService.mCA with CAEngine.getCA() (Endi S. Dewata) - Replace LocalConnector.mSource with CAEngine.getCA() (Endi S. Dewata) - Replace ServiceGetCAChain.mCA with CAEngine.getCA() (Endi S. Dewata) - Replace GetCertStatus.mCA with CAEngine.getCA() (Endi S. Dewata) - Replace CertUserDBAuthentication.TOKEN_USERID with AuthToken.USER_ID (Endi S. Dewata) - Replace CertUserDBAuthentication.CRED_CERT with AuthManager.CRED_SSL_CLIENT_CERT (Endi S. Dewata) - Replace SubsystemInfo with SubsystemInfoConfig (Endi S. Dewata) - Rename SubsystemConfig to SubsystemInfoConfig (Endi S. Dewata) - Move CertificateAuthority.deleteCRLIssuingPoint() to CAEngine (Endi S. Dewata) - Move CertificateAuthority.addCRLIssuingPoint() to CAEngine (Endi S. Dewata) - Move CertificateAuthority.checkForNewerCert() to CAEngine (Endi S. Dewata) - Move CertificateAuthority.renewAuthority() to CAEngine (Endi S. Dewata) - Split CertificateAuthority.deleteAuthorityNSSDB() (Endi S. Dewata) - Move CertificateAuthority.deleteAuthority() to CAEngine (Endi S. Dewata) - Make CertRecordPagedList generic (Marco Fargetta) - Add HSM support for LWCA (Endi S. Dewata) - Updating version to v11.5.0-alpha5 (Marco Fargetta) - Fix support for cert bundle (Endi S. Dewata) - fix incorrect words (ut004527) - Remove redundant NSSDatabase.import_cert_chain() return values (Endi S. Dewata) - Add test for KRA with existing DS database (Endi S. Dewata) - Update CA container test (Endi S. Dewata) - Skip importing certs and requests when pki_ds_setup=False (Endi S. Dewata) - Add default ID length for RSNv3 (Endi S. Dewata) - Update list cert template and tidyup ListCerts (Marco Fargetta) - Modify ListCert to replace VLV with paged search (Marco Fargetta) - Using paged search for Search Certificate Web UI (Marco Fargetta) - Update pki-server ca-cert-import (Endi S. Dewata) - Update pki-server ca-cert-request-import (Endi S. Dewata) - Update PKIDeployer.setup_system_cert() to reuse existing key (Endi S. Dewata) - Update PKIDeployer.setup_system_cert() to reuse existing request (Endi S. Dewata) - Add PKISubsystem.csr_file() (Endi S. Dewata) - Clean up PKIDeployer.setup_system_cert() (Endi S. Dewata) - Clean up PKISubsystem.update_system_cert() (Endi S. Dewata) - Remove redundant PKIDeployer.update_system_cert() (Endi S. Dewata) - Clean up security_databases.py (Endi S. Dewata) - Clean up PKIDeployer.init_server_nssdb() (Endi S. Dewata) - Remove preop.admin.group param (Endi S. Dewata) - Add test for KRA clone with replicated DS (Endi S. Dewata) - Bump ansible from 7.0.0 to 8.5.0 in /tests/dogtag/pytest-ansible (dependabot[bot]) - Convert ca-cert-find server command to paged search (Marco Fargetta) - Update wait-on-check-action in publish job (Endi S. Dewata) - Clean up test for CA with existing DS (Endi S. Dewata) - Clean up test for CA clone with replicated DS (Endi S. Dewata) - Renaming the opetion ops-flag and ops-flag-mask (Marco Fargetta) - Add test for pki_*_opsFlag and pki_*_opsFlagMask (Marco Fargetta) - Add opsFlag for HSM key pair generation (Marco Fargetta) - Add opsFlagMask for HSM key pair generation (Marco Fargetta) - Update wait-for-build action to the new action version (Marco Fargetta) - Move PKIServerFactory into pki.server (Endi S. Dewata) - Update test for CA clone with replicated DS (Endi S. Dewata) - Update clone tests to check schema replication (Endi S. Dewata) - Add PKIDeployer.setup_replication() (Endi S. Dewata) - Fix ipa-artifacts-save.sh (Endi S. Dewata) - Remove unused pki_theme_* params (Endi S. Dewata) - Fix the update to 11.5.0 (Marco Fargetta) - Add pki-server -db-repl-enable (Endi S. Dewata) - Add pki-server -db-create (Endi S. Dewata) - Add pki-server -db-repl-agmt-add (Endi S. Dewata) - Update IPA clone test to check DS replication config (Endi S. Dewata) - Update CA clone tests to check DS replication config (Endi S. Dewata) - Log running threads in subsystem (Endi S. Dewata) - Split SubsystemDBReplicationSetupCLI.setupReplicationAgreements() (Endi S. Dewata) - Split LDAPConfigurator.setupReplicationAgreement() (Endi S. Dewata) - Refactor LDAPConfigurator.createReplicationManager() (Endi S. Dewata) - Clean up SubsystemDBReplicationAgreementInitCLI (Endi S. Dewata) - Add pki-server -db-repl-agmt-init (Endi S. Dewata) - Update test for CA cloning with replicated DS (Endi S. Dewata) - Fix Cert REST api v2 output format (Marco Fargetta) - Tidy up CertServlet (Marco Fargetta) - Implement v2 REST end-point for /ca/v2/certs (Marco Fargetta) - Implement GET verb for /ca/v2/certs/ REST end-point (Marco Fargetta) - Rename LDAPConfigurator.initializeConsumer() (Endi S. Dewata) - Add setter methods in LDAPAuthenticationConfig (Endi S. Dewata) - Update getter methods in LDAPConfig (Endi S. Dewata) - Update version number to 11.5.0-alpha4 (Endi S. Dewata) - Bug2253044-AKI-non-SHA1-support (Christina Fu) - Clean up PKISubsystem.update_system_cert() (Endi S. Dewata) - Clean up PKIDeployer.generate_csr() (Endi S. Dewata) - Clean up PKIDeployer.store_master_cert_request() (Endi S. Dewata) - Clean up PKIDeployer.create_cert_setup_request() (Endi S. Dewata) - Add pki-server -db-init (Endi S. Dewata) - Update test for installing CA with existing DS (Endi S. Dewata) - Clean up default security domain params (Endi S. Dewata) - Add PKIDeployer.create_cs_cfg() (Endi S. Dewata) - Update PKISubsystem.create_conf() (Endi S. Dewata) - Clean up subsystem_layout.py (Endi S. Dewata) - Simplify SubsystemDBReplicationCLI name (Endi S. Dewata) - Simplify PKIDeployer.setup_security_domain_manager() (Endi S. Dewata) - Simplify PKIDeployer.setup_security_domain() (Endi S. Dewata) - Remove unused Namespace.collision_detection() (Endi S. Dewata) - Remove unused PKIDeployer.verify_subsystem_does_not_exist() (Endi S. Dewata) - Update security domain tests (Endi S. Dewata) - acme: implement POST-as-GET for accounts (Fraser Tweedale) - acme: return proper error on malformed account payload (Fraser Tweedale) - Add pki-server -db-index-add/rebuild (Endi S. Dewata) - RHCS-4630 (part 2) Add SHA-2 support to Server-side Keygen (Christina Fu) - Add pki-server -create (Endi S. Dewata) - Update instance_layout.py (Endi S. Dewata) - Update PKIDeployer.configure_server_xml() (Endi S. Dewata) - Fix CRMFPopClient on FIPS environment (Marco Fargetta) - Update test for installing CA with existing DS (Endi S. Dewata) - Add change log for pki-server status (Endi S. Dewata) - Update DS connection test (Endi S. Dewata) - Update version number to 11.5.0-alpha3 (Endi S. Dewata) - Update instance_layout.py (Endi S. Dewata) - Restore support for cert bundle in pki_cert_chain_path (Endi S. Dewata) - Replace PKIDeployer.symlink.create() with PKIServer.symlink() (Endi S. Dewata) - Update SubsystemCLI.getEngineConfig() (Endi S. Dewata) - Fix PKISubsystem.type initialization (Endi S. Dewata) - Remove unused PKISubsystem.prefix (Endi S. Dewata) - Bug 2246422 ServerSideKeygen static SKID (#4597) (Christina Fu) - Update pki-server cert-import (Endi S. Dewata) - Update pki-ca-run (Endi S. Dewata) - Replace pki_user/pki_group with PKIServer.user/group (Endi S. Dewata) - Replace pki_subsystem with PKIDeployer.subsystem_type (Endi S. Dewata) - Rename PKIDeployer.subsystem_name to subsystem_type (Endi S. Dewata) - Replace pki_instance_name with PKIServer.name (Endi S. Dewata) - Update pki-server cert-create (Endi S. Dewata) - Add pki-server cert-request (Endi S. Dewata) - Implement CA Info REST v2 (Marco Fargetta) - Remove unused PKIServer.add_rewrite_valve() (Endi S. Dewata) - Remove unused PKIServer.remove_default_user_database() (Endi S. Dewata) - Remove unused PKIServer.remove_lockout_realm() (Endi S. Dewata) - Update PKIServer.create_server_xml() (Endi S. Dewata) - Update version number to 11.5.0-alpha2 (Endi S. Dewata) - Remove unused RequestQueue.findRequest() (Endi S. Dewata) - Move RequestQueue.findRequestBySourceId() to RequestRepository (Endi S. Dewata) - Move RequestQueue.findRequestsBySourceId() to RequestRepository (Endi S. Dewata) - Remove unnecessary workaround for certutil bug (Endi S. Dewata) - Clean up RemoveUserDatabase (Endi S. Dewata) - Update PKIDeployer.create_server_xml() (Endi S. Dewata) - Update ServerConfig.get_sslcert() (Endi S. Dewata) - Update ServerConfig.get_sslhost() (Endi S. Dewata) - Update test for installing CA with existing NSS database (Endi S. Dewata) - Drop critical_failure param from TPSConnector.deregister() (Endi S. Dewata) - Drop critical_failure param from KRAConnector.deregister() (Endi S. Dewata) - Fix permission issue in pki-server ca-cert-request-import (Endi S. Dewata) - Add InfoServlet (Endi S. Dewata) - Refactor InfoService (Endi S. Dewata) - Add PKIEngine, PKIWebListener, PKIServlet (Endi S. Dewata) - Enable RSNv3 by default (Endi S. Dewata) - Fix RSA key pairs generation in FIPS environment (Marco Fargetta) - Update PKIDeployer.import_system_cert_request() (Endi S. Dewata) - Clean up redundant code in configuration.py (Endi S. Dewata) - Fix dangling link to jaxb-api.jar (Endi S. Dewata) - Update PKIDeployer.setup_system_cert() (Endi S. Dewata) - Update KRA and OCSP tests (Endi S. Dewata) - Update basic installation tests (Endi S. Dewata) - Add getter/setter for passwordFile param (Endi S. Dewata) - Update pki nss-cert-import (Endi S. Dewata) - Refactor PKIDeployer.setup_security_domain() (Endi S. Dewata) - Fix issues with disabled security domain (Endi S. Dewata) - Remove redundant securitydomain.httpsagentport (Endi S. Dewata) - Remove redundant securitydomain.httpseeport (Endi S. Dewata) - Remove redundant service.securityDomainPort (Endi S. Dewata) - Clean up log messages in SecurityDomainService (Endi S. Dewata) - Clean up PKIDeployer.get_install_token() (Endi S. Dewata) - Clean up PKIDeployer.get_domain_info() (Endi S. Dewata) - Fix system certs renewal with HSM (Endi S. Dewata) - Update profile import (Endi S. Dewata) - Deprecate pki client-cert-del (Endi S. Dewata) - Update PKIServer.open_nssdb() (Endi S. Dewata) - Convert PKISubsystem.setup_temp_renewal() into get_cert_ski() (Endi S. Dewata) - Merge PKIInstance.nssdb_import_cert() into cert_import() (Endi S. Dewata) - Refactor pkidestroy scriptlets (Endi S. Dewata) - Refactor pkispawn scriptlets (Endi S. Dewata) - Add pki nss-cert-del (Endi S. Dewata) - Rename PKIWebListener to CMSWebListener (Endi S. Dewata) - Add test for CA system certs renewal (Endi S. Dewata) - Fix dependencies in top-level subpackage (Endi S. Dewata) - Remove runtime dependencies on Maven plugins (Endi S. Dewata) - Update Javadoc for LDAPConfig (Endi S. Dewata) - Clean up ca.crl.MasterCRL.enable configuration (Endi S. Dewata) - Update RPM spec file (Endi S. Dewata) - Update CA and IPA clone tests to check CRL params (Endi S. Dewata) - Add cert validity options/params for CLI and ACME (Endi S. Dewata) - Remove unused init-workflow.sh (Endi S. Dewata) - Remove cert healthcheck (Marco Fargetta) - Replace BASE64_DATABASE with DB_IMAGE (Endi S. Dewata) - Move subordinate CA tests into separate workflow (Endi S. Dewata) - Concert CSR file name to cert_id (Marco Fargetta) - Add CSR job in IPA cline test (Marco Fargetta) - Remove CSR from CS.cfg and store them in certs folder (Marco Fargetta) - Remove redundant 2nd attempt to wait for build (Endi S. Dewata) - Add test for IPA with sub CA (Endi S. Dewata) - Update dependency on Tomcat (Endi S. Dewata) - Add test for KRA clone with shared DS (Endi S. Dewata) - Add test for KRA clone with HSM (Endi S. Dewata) - Fix malformed signed audit params in CS.cfg (Endi S. Dewata) - Improve message error for subsystem certificate not found (Marco Fargetta) - Get cert from nssdb for all subsystems (Marco Fargetta) - Lightweight CA read issuer certificate from nssdb (Marco Fargetta) - Create subsystem without certificate in CS.cfg (Marco Fargetta) - Refactor CAEngine.addAuthorityEntry() (Endi S. Dewata) - chore: make test badges linkable to actual tests (Birger J. Nordølum) - Move CAEngine.readAuthority() to AuthorityMonitor (Endi S. Dewata) - Fix Javadoc warnings in LDAPConfigStorage (Endi S. Dewata) - Replace CAEngine.ensureAuthorityDNAvailable() with getCA() (Endi S. Dewata) - Add CAEngine.createCA() (Endi S. Dewata) - Add CAEngine.getAuthorityRecord() (Endi S. Dewata) - Add AuthorityRecord (Endi S. Dewata) - Add missing ServiceUnavailableException constructor (Endi S. Dewata) - Disable healthcheck CS.cfg certs match (Marco Fargetta) - Fix the configuration path for certs folder (Marco Fargetta) - cert-export read from config file or config folder (Marco Fargetta) - pki-server system certificate from nssdb (Marco Fargetta) - Move CAEngine.removeCA() to AuthorityMonitor (Endi S. Dewata) - Move CAEngine.addCA() to AuthorityMonitor (Endi S. Dewata) - Move CAEngine.trackUpdate() to AuthorityMonitor (Endi S. Dewata) - Move CAEngine.authorities to AuthorityMonitor (Endi S. Dewata) - Move CAEngine.keyRetrievers to AuthorityMonitor (Endi S. Dewata) - Move CAEngine.entryUSNs to AuthorityMonitor (Endi S. Dewata) - Move CAEngine.nsUniqueIds to AuthorityMonitor (Endi S. Dewata) - Move CAEngine.deletedNsUniqueIds to AuthorityMonitor (Endi S. Dewata) - Move CAEngine.foundHostCA to AuthorityMonitor (Endi S. Dewata) - Move CAEngine.loader to AuthorityMonitor (Endi S. Dewata) - Add test for caServerCert profile (Endi S. Dewata) - Remove not used DB session from certificate queries (Marco Fargetta) - Clean up log messages in UniqueSubjectNameConstraint (Endi S. Dewata) - Add profile filter to the CLI (Marco Fargetta) - Make profile REST API provide same information then XML API (Marco Fargetta) - Aes v11.4 (#4555) (#4574) (jmagne) - Add dependency to java-devel for pki-server package (Marco Fargetta) - Add Buildrequires for fontawesome (Chris Kelley) - Fix cmake compilation warnings. (Chris Kelley) - Restart the instance when new subsystems are deployed (Marco Fargetta) - Update cms.password.skipLdapConnTest default value (Endi S. Dewata) - Fix missing links for pki-console.jar and pki-console-theme.jar (Endi S. Dewata) - Convert PolicyConstraint.mConfig into PolicyConstraintConfig (Endi S. Dewata) - Convert PolicyDefault.mConfig into PolicyDefaultConfig (Endi S. Dewata) - Convert LdapConnModule.mConfig into LDAPPublishingConfig (Endi S. Dewata) - Merge common fields/methods in PolicyConstraint subclasses (Endi S. Dewata) - Add PolicyConstraintConfig (Endi S. Dewata) - Add PolicyDefaultConfig (Endi S. Dewata) - Add LDAPPublishingConfig (Endi S. Dewata) - Add PublishingQueueConfig (Endi S. Dewata) - Remove CMSEngine dependency in LdapConnFactory (Endi S. Dewata) - Update 01-FixSSKDirUserCertProfileAuth.py (parrjd) - Update TPSServlet to use @WebServlet (Endi S. Dewata) - Update TPSPhoneHome to use @WebServlet (Endi S. Dewata) - Update TPSGetConfigEntries to use @WebServlet (Endi S. Dewata) - Update TPSGetStatus to use @WebServlet (Endi S. Dewata) - Update TPSLogAdminServlet to use @WebServlet (Endi S. Dewata) - Update TPSUsrGrpAdminServlet to use @WebServlet (Endi S. Dewata) - Add links to Maven-built JAR files (Endi S. Dewata) - Merge common fields/methods in LdapConnFactory subclasses (Endi S. Dewata) - Improve test reliability (Endi S. Dewata) - Remove unnecessary BuildArch (Endi S. Dewata) - Unbundle the FontAwesome font (Jerry James) - Update to use SPDX licence (Chris Kelley) - Add TPSGetConfigEntries (Endi S. Dewata) - Add TPSGetStatus (Endi S. Dewata) - Add TPSLogAdminServlet (Endi S. Dewata) - Add TPSUsrGrpAdminServlet (Endi S. Dewata) - Rename TPSGetConfigEntries to TKSGetConfigEntries (Endi S. Dewata) - Update TKSGetStatus to use @WebServlet (Endi S. Dewata) - Update TPSGetConfigEntries to use @WebServlet (Endi S. Dewata) - Update TKSDownloadPKCS12 to use @WebServlet (Endi S. Dewata) - Update TKSMainPageServlet to use @WebServlet (Endi S. Dewata) - Update TKSPortsServlet to use @WebServlet (Endi S. Dewata) - Update TKSRandomData to use @WebServlet (Endi S. Dewata) - Update TKSSessionKey to use @WebServlet (Endi S. Dewata) - Update TKSCreateKeySetData to use @WebServlet (Endi S. Dewata) - Update TKSEncryptData to use @WebServlet (Endi S. Dewata) - Update ImportTransportCert to use @WebServlet (Endi S. Dewata) - Update TKSRegisterUser to use @WebServlet (Endi S. Dewata) - Update TKSCMSAdminServlet to use @WebServlet (Endi S. Dewata) - Update TKSACLAdminServlet to use @WebServlet (Endi S. Dewata) - Update TKSJobsAdminServlet to use @WebServlet (Endi S. Dewata) - Update TKSAuthAdminServlet to use @WebServlet (Endi S. Dewata) - Update TKSLogAdminServlet to use @WebServlet (Endi S. Dewata) - Update TKSUsrGrpAdminServlet to use @WebServlet (Endi S. Dewata) - Fix race condition during ACME order finalization (Fraser Tweedale) - Fix exception in ACMEFinalizeOrderService (Endi S. Dewata) - Fix race condition during ACME authz polling (Endi S. Dewata) - Add TKSGetStatus (Endi S. Dewata) - Add TPSGetConfigEntries (Endi S. Dewata) - Add TKSDownloadPKCS12 (Endi S. Dewata) - Add TKSMainPageServlet (Endi S. Dewata) - Add TKSPortsServlet (Endi S. Dewata) - Add TKSRandomData (Endi S. Dewata) - Add TKSSessionKey (Endi S. Dewata) - Add TKSCreateKeySetData (Endi S. Dewata) - Add TKSEncryptData (Endi S. Dewata) - Add TKSRegisterUser (Endi S. Dewata) - Add TKSACLAdminServlet (Endi S. Dewata) - Add TKSJobsAdminServlet (Endi S. Dewata) - Add TKSAuthAdminServlet (Endi S. Dewata) - Add TKSLogAdminServlet (Endi S. Dewata) - Add TKSUsrGrpAdminServlet (Endi S. Dewata) - Update OCSPTokenAuthenticateAdmin to use @WebServlet (Endi S. Dewata) - Update OCSPTokenAuthenticate to use @WebServlet (Endi S. Dewata) - Update OCSPGetCookie to use @WebServlet (Endi S. Dewata) - Update OCSPAdminUpdateDomainXML to use @WebServlet (Endi S. Dewata) - Update OCSPUpdateDomainXML to use @WebServlet (Endi S. Dewata) - Update OCSPGetStatus to use @WebServlet (Endi S. Dewata) - Update OCSPDownloadPKCS12 to use @WebServlet (Endi S. Dewata) - Update OCSPMainPageServlet to use @WebServlet (Endi S. Dewata) - Update OCSPHeaderServlet to use @WebServlet (Endi S. Dewata) - Update OCSPReadAddCAPage to use @WebServlet (Endi S. Dewata) - Update OCSPReadAddCRLPage to use @WebServlet (Endi S. Dewata) - Update OCSPIndexServlet to use @WebServlet (Endi S. Dewata) - Update OCSPReadCheckCertPage to use @WebServlet (Endi S. Dewata) - Add OCSPTokenAuthenticateAdmin (Endi S. Dewata) - Add OCSPTokenAuthenticate (Endi S. Dewata) - Add OCSPGetCookie (Endi S. Dewata) - Add OCSPAdminUpdateDomainXML (Endi S. Dewata) - Add OCSPUpdateDomainXML (Endi S. Dewata) - Add OCSPGetStatus (Endi S. Dewata) - Add OCSPDownloadPKCS12 (Endi S. Dewata) - Add OCSPMainPageServlet (Endi S. Dewata) - Add OCSPHeaderServlet (Endi S. Dewata) - Add OCSPReadAddCAPage (Endi S. Dewata) - Add OCSPReadAddCRLPage (Endi S. Dewata) - Add OCSPIndexServlet (Endi S. Dewata) - Add OCSPReadCheckCertPage (Endi S. Dewata) - Update test for IPA clone (Endi S. Dewata) - Remove unnecessary blank line in CRL (Endi S. Dewata) - Update OCSPOCSPServlet to use @WebServlet (Endi S. Dewata) - Update RemoveCAServlet to use @WebServlet (Endi S. Dewata) - Update AddCAServlet to use @WebServlet (Endi S. Dewata) - Update OCSPGetConfigEntries to use @WebServlet (Endi S. Dewata) - Update CheckCertServlet to use @WebServlet (Endi S. Dewata) - Update OCSPPortsServlet to use @WebServlet (Endi S. Dewata) - Update AddCRLServlet to use @WebServlet (Endi S. Dewata) - Update ListCAServlet to use @WebServlet (Endi S. Dewata) - Update OCSPGetOCSPInfo to use @WebServlet (Endi S. Dewata) - Update OCSPAdminServlet to use @WebServlet (Endi S. Dewata) - Update OCSPAuthAdminServlet to use @WebServlet (Endi S. Dewata) - Update OCSPLogAdminServlet to use @WebServlet (Endi S. Dewata) - Update OCSPCMSAdminServlet to use @WebServlet (Endi S. Dewata) - Update OCSPUsrGrpAdminServlet to use @WebServlet (Endi S. Dewata) - Update OCSPJobsAdminServlet to use @WebServlet (Endi S. Dewata) - Update OCSPACLAdminServlet to use @WebServlet (Endi S. Dewata) - Add OCSPOCSPServlet (Endi S. Dewata) - Add OCSPGetConfigEntries (Endi S. Dewata) - Add OCSPPortsServlet (Endi S. Dewata) - Add OCSPGetOCSPInfo (Endi S. Dewata) - Add OCSPAuthAdminServlet (Endi S. Dewata) - Add OCSPLogAdminServlet (Endi S. Dewata) - Add OCSPUsrGrpAdminServlet (Endi S. Dewata) - Add OCSPJobsAdminServlet (Endi S. Dewata) - Add OCSPACLAdminServlet (Endi S. Dewata) - Fix exception handling in DefStore (Endi S. Dewata) - Fix exception handling in LdapCrlPublisher (Endi S. Dewata) - Update log messages in PKIRealm and ProxyRealm (Endi S. Dewata) - Update log messages in OCSPServlet (Endi S. Dewata) - Update log messages in AddCRLServlet (Endi S. Dewata) - Update log messages in OCSPPublisher (Endi S. Dewata) - Add PublishingPublisherInstancesConfig (Endi S. Dewata) - Add PublishingPublisherPluginsConfig (Endi S. Dewata) - Remove unused RequestList (Endi S. Dewata) - Remove unused SearchEnumeration (Endi S. Dewata) - Refactor RequestQueue.listRequestsByStatus() (Endi S. Dewata) - Refactor RequestQueue.findRequestBySourceId() (Endi S. Dewata) - Remove unused RequestQueue.listRequests() (Endi S. Dewata) - Remove unused RequestListByStatus (Endi S. Dewata) - Fix unspecified revoke requests (Marco Fargetta) - Replace BASE64_OS with BASE_IMAGE (Endi S. Dewata) - Refactor RequestRepository.listRequestsByFilter() (Endi S. Dewata) - Refactor LDAPConfigStorage to use LdapBoundConnFactory (Endi S. Dewata) - Refactor CAProfileImportCLI to use LdapBoundConnFactory (Endi S. Dewata) - Add LdapConnFactory.approvalCallback (Endi S. Dewata) - Add LdapConnFactory.socketListener (Endi S. Dewata) - Add LdapConnFactory.auditor (Endi S. Dewata) - Read IPs from SSLEngine session (Marco Fargetta) - Bug2229930-crlCertValid-leaf-only (Christina Fu) - Convert IPolicyProcessor into PolicyProcessor class (Endi S. Dewata) - Add pki-server -user-mod --password (Endi S. Dewata) - Remove unused certificate from ansible CI (Marco Fargetta) - Add CI test for OCSP self crl check (Marco Fargetta) - Add additional tests for OCSP (Marco Fargetta) - Add ProfilePolicyConfig to wrap profile policy config (Endi S. Dewata) - Add ProfilePolicySetConfig to wrap profile policy set config (Endi S. Dewata) - Rename ProfilePoliciesConfig to ProfilePolicySetsConfig (Endi S. Dewata) - Update ProfileOutput.init() to use ProfileOutputConfig (Endi S. Dewata) - Update ProfileInput.init() to use ProfileInputConfig (Endi S. Dewata) - Add pki-server ca-crl-ip-mod (Endi S. Dewata) - Add wrapper methods for ca.ocspUseCacheIncludeExpiredCerts (Endi S. Dewata) - Add wrapper methods for ca.ocspUseCacheCheckDeltaCache (Endi S. Dewata) - Add wrapper methods for ca.ocspUseCacheIssuingPointId (Endi S. Dewata) - Add wrapper methods for ca.ocspUseCache (Endi S. Dewata) - Add wrapper methods for ca.crl..startingCrlNumber (Endi S. Dewata) - Add wrapper methods for ca.crl.pageSize (Endi S. Dewata) - Add pki nss-cert-show --output-format option (Endi S. Dewata) - Add pki-server ca-crl-ip-find/show (Endi S. Dewata) - Add pki-server ca-crl-show (Endi S. Dewata) - Update code for finalizing installation to use PKIDeployer.instance (Endi S. Dewata) - Update code for setting up shared secret to use PKIDeployer.instance (Endi S. Dewata) - Update code for setting up connectors to use PKIDeployer.instance (Endi S. Dewata) - Update code for setting up users to use PKIDeployer.instance (Endi S. Dewata) - Update code for setting up system certs to use PKIDeployer.instance (Endi S. Dewata) - Update code for setting up SELinux to use PKIDeployer.instance (Endi S. Dewata) - Add PKIDeployer.update_sslserver_cert_nickname() (Endi S. Dewata) - Update code for setting up security domain to use PKIDeployer.instance (Endi S. Dewata) - Update code for generating cert requests to use PKIDeployer.instance (Endi S. Dewata) - Update code for verifying subsystems to use PKIDeployer.instance (Endi S. Dewata) - Update code for importing existing certs to use PKIDeployer.instance (Endi S. Dewata) - Update PKIDeployer.init_server_nssdb() to use self.instance (Endi S. Dewata) - Update PKIDeployer.update_external_certs_conf() to use self.instance (Endi S. Dewata) - Update PKIDeployer.create_server_xml() to use self.instance (Endi S. Dewata) - Add PKIDeployer.instance (Endi S. Dewata) - Move the callback to PKISocketFactory and fix startup (Marco Fargetta) - Improve OCSP exception handling (Marco Fargetta) - Modify the callback location (Marco Fargetta) - Update log message for revoked certificate (Marco Fargetta) - Modify local variable names (Marco Fargetta) - Add comment for the option ocsp.store.ldapStore.validateConnCertWithCRL (Marco Fargetta) - Use AKI/SKI to match peer certificate with CA CRL (Marco Fargetta) - Rename checkSubsystemConnection to validateConnCertWithCRL (Marco Fargetta) - OCSP default CRL check and CA cert validation (Marco Fargetta) - Move callback reference from CMS to CMSEngine (Marco Fargetta) - Add crl check for OCSP acting as server (Marco Fargetta) - Make crl check for connection optional (Marco Fargetta) - Add callback for CRL validation at application level (Marco Fargetta) - Modify init order for OCSP subsystem (Marco Fargetta) - Update cert and CSR path validation (Endi S. Dewata) - Add pki.nssdb.internal_token() (Endi S. Dewata) - Remove unused preop.clone.pkcs7 (Endi S. Dewata) - Simplify PKIDeployer.finalize_ocsp() (Endi S. Dewata) - Simplify PKIDeployer.finalize_kra() (Endi S. Dewata) - Add log messages in FileConfigStorage (Endi S. Dewata) - Improve exception handling for OCSP validation (Marco Fargetta) - Fix OCSP ldap responder output with correct logic (Marco Fargetta) - FIx OCSP DefStore for unknown CA error (Marco Fargetta) - Fix OCSP verification of requests hashes (Marco Fargetta) - Bug2221818-ocsp-unknownCA-addendum2 (Christina Fu) - Bug2221818-ocsp-unknownCA-addendum (Christina Fu) - Internal OCSP CA identification using request hash (Marco Fargetta) - For unknown certificates OCSP should have unknown CertStatus (part 2) (Chris Kelley) - For unknown certificates OCSP should have unknown CertStatus (Chris Kelley) - Move pki nss-cert-find --cert option to pki nss-cert-show (Endi S. Dewata) - Update log messages in TPSProcessor (Endi S. Dewata) - Fix servlet name for GetApprovalStatus (Endi S. Dewata) - Add test for subordinate CA clone with HSM (Endi S. Dewata) - Remove hierarchy.select param (Endi S. Dewata) - Update PKIDeployer to validate pki_cert_chain_path (Endi S. Dewata) - Clean up cert chain retrieval (Endi S. Dewata) - Add PKIDeployer.retrieve_cert_chain() (Endi S. Dewata) - Add pki nss-cert-find --cert option (Endi S. Dewata) - Convert IDBObj implementations into DBRecord subclasses (Endi S. Dewata) - Move CertUtil to org.dogtagpki.util.cert (Endi S. Dewata) - Add NSSDatabase.export_pkcs7() (Endi S. Dewata) - Update pki pkcs7-export (Endi S. Dewata) - Consolidate SystemCertData.token initialization (Endi S. Dewata) - Add test for CA clone with replicated DS (Endi S. Dewata) - Add test for subordinate CA clone (Endi S. Dewata) - Remove unused preop issuing CA params (Endi S. Dewata) - Clean up PKIDeployer.finalize_ocsp() (Endi S. Dewata) - Clean up PKIDeployer.finalize_kra() (Endi S. Dewata) - Clean up PKIDeployer.setup_admin_cert() (Endi S. Dewata) - Clean up PKIDeployer.setup_system_cert() (Endi S. Dewata) - Restore default value for pki_share_db (Endi S. Dewata) - Fix incorrect default signing algorithm (Endi S. Dewata) - Update NSSExtensionGenerator.createSANExtension() (Endi S. Dewata) - Bug2228209-pkidbuser-wrong-o-in-pkispawn (Christina Fu) - Add test for CA clone with shared DS (Endi S. Dewata) - Drop Tomcat JSS dependency (Endi S. Dewata) - Add test for cert enrollment with caDirUserCert profile (Endi S. Dewata) - Refactor PKIDeployer.import_master_config() (Endi S. Dewata) - Add PKIDeployer.request_ranges() (Endi S. Dewata) - Health check verify all clones (Marco Fargetta) - Update tests for CA with non-default algorithms (Endi S. Dewata) - Replace deprecated ssl.PROTOCOL_TLS in pki/client.py (Chris Kelley) - Clean up PKIDeployer.import_master_config() (Endi S. Dewata) - Add PKIDeployer.import_master_config() (Endi S. Dewata) - Add test for CA with RSA algorithm (Endi S. Dewata) - Update test for CA clone with HSM (Endi S. Dewata) - Clean up tests for CA with ECC and RSA/PSS (Endi S. Dewata) - Enable healthcheck for IPA clone (Marco Fargetta) - Add support for cloning with CSR files (Endi S. Dewata) - Clean up CLI log messages (Endi S. Dewata) - Merge PKIDeployer.configure_system_cert() into update_system_cert() (Endi S. Dewata) - Remove PKIDeployer.validate_system_cert() (Endi S. Dewata) - Relocate system certs validation (Endi S. Dewata) - Clean up log messages in PKIDeployer (Endi S. Dewata) - Fix missing CSR files in CMC tests (Endi S. Dewata) - spec: set ExclusiveArch on any OS with java_arches (Chris Kelley) - Fix ..tokenname normalization (Endi S. Dewata) - Clean up dbs.enableRandomSerialNumbers initialization (Endi S. Dewata) - Update CA clone test (Endi S. Dewata) - Drop subsystem.select param (Endi S. Dewata) - Fix preop.module.token normalization (Endi S. Dewata) - Fix CASigningUnit.init() and OCSPSigningUnit.init() (Endi S. Dewata) - Replace FlatFileAuth.getPropertyB() with ConfigStore.getBoolean() (Endi S. Dewata) - Replace FlatFileAuth.getPropertyS() with ConfigStore.getString() (Endi S. Dewata) - Add PKIDeployer.import_server_pkcs12() (Endi S. Dewata) - Add PKIDeployer.import_clone_pkcs12() (Endi S. Dewata) - Add PKIDeployer.install_cert_chain() (Endi S. Dewata) - Add PKIDeployer.import_ds_ca_cert() (Endi S. Dewata) - Update KRATokenAuthenticateAdmin to use @WebServlet (Endi S. Dewata) - Update KRATokenAuthenticate to use @WebServlet (Endi S. Dewata) - Update KRAGetCookie to use @WebServlet (Endi S. Dewata) - Update KRAJobsAdminServlet to use @WebServlet (Endi S. Dewata) - Update KRAGrantRecovery to use @WebServlet (Endi S. Dewata) - Update KRAIndexServlet to use @WebServlet (Endi S. Dewata) - Update KRAListRequests to use @WebServlet (Endi S. Dewata) - Update KRASearchKey to use @WebServlet (Endi S. Dewata) - Update KRASearchKeyForRecovery to use @WebServlet (Endi S. Dewata) - Update KRAHeaderServlet to use @WebServlet (Endi S. Dewata) - Add KRATokenAuthenticateAdmin (Endi S. Dewata) - Add KRATokenAuthenticate (Endi S. Dewata) - Add KRAGetCookie (Endi S. Dewata) - Add KRAJobsAdminServlet (Endi S. Dewata) - Add KRAGrantRecovery (Endi S. Dewata) - Add KRAListRequests (Endi S. Dewata) - Add KRASearchKey (Endi S. Dewata) - Add KRASearchKeyForRecovery (Endi S. Dewata) - Add KRAIndexServlet (Endi S. Dewata) - Add KRAHeaderServlet (Endi S. Dewata) - Rename ListRequests to CAListRequests (Endi S. Dewata) - Update KRAAdminUpdateDomainXML to use @WebServlet (Endi S. Dewata) - Update KRAUpdateDomainXML to use @WebServlet (Endi S. Dewata) - Update KRAGetStatus to use @WebServlet (Endi S. Dewata) - Update KRADownloadPKCS12 to use @WebServlet (Endi S. Dewata) - Update KRAUpdateNumberRange to use @WebServlet (Endi S. Dewata) - Update KRAMainPageServlet to use @WebServlet (Endi S. Dewata) - Update DisplayBySerial to use @WebServlet (Endi S. Dewata) - Update SrchKeyForRecovery to use @WebServlet (Endi S. Dewata) - Update SrchKey to use @WebServlet (Endi S. Dewata) - Update KRALogAdminServlet to use @WebServlet (Endi S. Dewata) - Update PKI_VERSION in tomcat.conf (Endi S. Dewata) - Add KRAAdminUpdateDomainXML (Endi S. Dewata) - Add KRAUpdateDomainXML (Endi S. Dewata) - Add KRAGetStatus (Endi S. Dewata) - Add KRADownloadPKCS12 (Endi S. Dewata) - Add KRAMainPageServlet (Endi S. Dewata) - Add KRALogAdminServlet (Endi S. Dewata) - Update KRAAdminServlet to use @WebServlet (Endi S. Dewata) - Update KRACMSAdminServlet to use @WebServlet (Endi S. Dewata) - Update KRAUsrGrpAdminServlet to use @WebServlet (Endi S. Dewata) - Update KRAACLAdminServlet to use @WebServlet (Endi S. Dewata) - Update KRAAuthAdminServlet to use @WebServlet (Endi S. Dewata) - Update KRAPolicyAdminServlet to use @WebServlet (Endi S. Dewata) - Update KeyQueryReq to use @WebServlet (Endi S. Dewata) - Update GetAsyncPk12 to use @WebServlet (Endi S. Dewata) - Update GetPk12 to use @WebServlet (Endi S. Dewata) - Update KRAConnectorServlet to use @WebServlet (Endi S. Dewata) - Update KRADynamicVariables to use @WebServlet (Endi S. Dewata) - Update KRARegisterUser to use @WebServlet (Endi S. Dewata) - Update KRAPortsServlet to use @WebServlet (Endi S. Dewata) - Update KRAGetConfigEntries to use @WebServlet (Endi S. Dewata) - Update DisplayBySerialForRecovery to use @WebServlet (Endi S. Dewata) - Add KRAUsrGrpAdminServlet (Endi S. Dewata) - Add KRAACLAdminServlet (Endi S. Dewata) - Add KRAAuthAdminServlet (Endi S. Dewata) - Add KRAConnectorServlet (Endi S. Dewata) - Add KRADynamicVariables (Endi S. Dewata) - Add KRARegisterUser (Endi S. Dewata) - Add KRAPortsServlet (Endi S. Dewata) - Add KRAGetConfigEntries (Endi S. Dewata) - Rename KRAConnectorServlet to CAConnectorServlet (Endi S. Dewata) - Add PKIDeployer.init_subsystem() (Endi S. Dewata) - Add PKIDeployer.init_server_nssdb() (Endi S. Dewata) - Add PKIDeployer.init_system_cert_params() (Endi S. Dewata) - Add PKIDeployer.init_client_nssdb() (Endi S. Dewata) - Add pki_http_enable param (Endi S. Dewata) - Add Implementation-Version to Manifests via pom.xml (Chris Kelley) - Clean up log messages in KRARemoteRequestHandler (Endi S. Dewata) - Clean up log messages in LDAPDatabase (Endi S. Dewata) - Refactor set_signing_algs_for_pss() (Endi S. Dewata) - Adding useful OCSP debug messages (Christina Fu) - Clean up keygen.py (Endi S. Dewata) - Remove redundant code in subsystem_layout.py (Endi S. Dewata) - Merge webapp_deployment.py into subsystem_layout.py (Endi S. Dewata) - Replace pki_instance_configuration_path with PKIServer.conf_dir (Endi S. Dewata) - Replace pki_server_database_path with PKIServer.nssdb_dir (Endi S. Dewata) - Remove unused IAuthInfo (Endi S. Dewata) - Replace pki_instance_path param with PKIServer.base_dir (Endi S. Dewata) - Update minConns for PasswdUserDBAuthentication (Endi S. Dewata) - Merge IPasswdUserDBAuthentication into PasswdUserDBAuthentication (Endi S. Dewata) - Update pkispawn to use PKIServerFactory (Endi S. Dewata) - Update pkidestroy to use PKIServerFactory (Endi S. Dewata) - Hard-code version number in pom.xml (Endi S. Dewata) - Remove PKIDeployer.tomcat_instance_subsystems() (Endi S. Dewata) - Remove PKIDeployer.pki_instance_subsystems() (Endi S. Dewata) - Add PKIServer.remove_subsystem() (Endi S. Dewata) - Add PKIServer.add_subsystem() (Endi S. Dewata) - Add PKIDeployer.remove_selinux_contexts() (Endi S. Dewata) - Add PKIDeployer.create_selinux_contexts() (Endi S. Dewata) - Remove non-configurable pki_source_subsystem_path param (Endi S. Dewata) - Remove non-configurable pki_instance_log_path param (Endi S. Dewata) - Remove unused pki_registry_path param (Endi S. Dewata) - Remove non-configurable pki_instance_registry_path param (Endi S. Dewata) - Remove non-configurable pki_subsystem_registry_path param (Endi S. Dewata) - Remove non-configurable pki_systemd_service param (Endi S. Dewata) - Remove unused pki_systemd_target param (Endi S. Dewata) - Remove non-configurable pki_systemd_target_wants param (Endi S. Dewata) - Remove non-configurable pki_systemd_service_link param (Endi S. Dewata) - Remove non-configurable pki_cgroup_systemd_service_path param (Endi S. Dewata) - Remove non-configurable pki_cgroup_systemd_service param (Endi S. Dewata) - Remove non-configurable pki_cgroup_cpu_systemd_service_path param (Endi S. Dewata) - Remove non-configurable pki_cgroup_cpu_systemd_service param (Endi S. Dewata) - Remove redundant creation of work subfolders (Endi S. Dewata) - Update fapolicy rules (Endi S. Dewata) - Create temporary files to be shared between uses in /tmp (Rob Crittenden) - Remove non-configurable pki_path param (Endi S. Dewata) - Remove non-configurable pki_log_path param (Endi S. Dewata) - Remove non-configurable pki_configuration_path param (Endi S. Dewata) - Remove non-configurable pki_source_conf_path param (Endi S. Dewata) - Remove unused pki_source_setup_path param (Endi S. Dewata) - Remove non-configurable pki_source_server_path param (Endi S. Dewata) - Remove unused pki_source_context_xml param (Endi S. Dewata) - Remove non-configurable pki_source_tomcat_conf param (Endi S. Dewata) - Remove unused pki_tomcat_webapps_path params (Endi S. Dewata) - Remove unused pki_tomcat_common_webapps_path param (Endi S. Dewata) - Remove non-configurable pki_source_cs_cfg param (Endi S. Dewata) - Remove unused pki_source_registry param (Endi S. Dewata) - Remove non-configurable pki_subsystem_path param (Endi S. Dewata) - Remove non-configurable pki_subsystem_log_path param (Endi S. Dewata) - Remove non-configurable pki_subsystem_configuration_path param (Endi S. Dewata) - Remove non-configurable pki_subsystem_database_link param (Endi S. Dewata) - Remove non-configurable pki_subsystem_conf_link param (Endi S. Dewata) - Remove non-configurable pki_subsystem_logs_link param (Endi S. Dewata) - Remove non-configurable pki_subsystem_registry_link param (Endi S. Dewata) - Fix NPE in UsrGrpAdminServlet (Endi S. Dewata) - Add index param for ServerConfig.add_connector() (Endi S. Dewata) - Remove non-customizable pki_source_emails param (Endi S. Dewata) - Remove non-customizable pki_source_flatfile_txt param (Endi S. Dewata) - Remove non-customizable pki_source_profiles param (Endi S. Dewata) - Remove non-customizable pki_source_proxy_conf param (Endi S. Dewata) - Remove non-customizable pki_source_admincert_profile param (Endi S. Dewata) - Remove non-customizable pki_source_caauditsigningcert_profile param (Endi S. Dewata) - Remove non-customizable pki_source_cacert_profile param (Endi S. Dewata) - Remove non-customizable pki_source_caocspcert_profile param (Endi S. Dewata) - Remove non-customizable pki_source_servercert_profile param (Endi S. Dewata) - Remove non-customizable pki_source_subsystemcert_profile param (Endi S. Dewata) - Remove non-customizable pki_subsystem_emails_path param (Endi S. Dewata) - Remove non-customizable pki_subsystem_profiles_path param (Endi S. Dewata) - Build PKI console with Maven (Endi S. Dewata) - Simplify Packit copr_build config (Chris Kelley) - Clean up Azure pipelines (Endi S. Dewata) - Relocate console resources (Endi S. Dewata) - Move default pki_http_port and pki_https_port into default.cfg (Endi S. Dewata) - Add get_current_version to Packit jobs (Chris Kelley) - Build RPM with Maven (Endi S. Dewata) - Move default pki_instance_name into default.cfg (Endi S. Dewata) - Clean up CMake files (Endi S. Dewata) - Replace WITHOUT_TEST with RUN_TESTS (Endi S. Dewata) - Fix pki-tomcat.jar and pki-tomcat-9.0.jar (Endi S. Dewata) - Split pki-tomcat.jar (Endi S. Dewata) - Handle removal of ConfigParser.readfp() in Python 3.12 (Adam Williamson) - Replace tomcatjss.jar (Endi S. Dewata) - Update POM files (Endi S. Dewata) - Clean up JAR paths in CMake files (Endi S. Dewata) - Migrate EST tests to ansible (Marco Fargetta) - Merge libtps.so into tpsclient (Endi S. Dewata) - Add packit copr_build job on commit (Chris Kelley) - Auto-initialize EST application (Endi S. Dewata) - Update Tomcat dependency (Endi S. Dewata) - Move HttpInput to pki-server (Endi S. Dewata) - Update build.sh output (Endi S. Dewata) - Move jquery-3.5.1.js into ROOT webapp (Endi S. Dewata) - Move patternfly-4.35.2.css into ROOT webapp (Endi S. Dewata) - Move Web UI main page into ROOT webapp (Endi S. Dewata) - Use try-with-resources in DefStore (Chris Kelley) - Remove unnecessary else clause from nsNKeyOutput (Chris Kelley) - Drop pki-servlet-engine dependency (Endi S. Dewata) - Fix additional packit repos (Chris Kelley) - Auto-initialize ACME application (Endi S. Dewata) - Fix PKIServer.undeploy_webapp() (Endi S. Dewata) - Fix PKIServer.deploy_webapp() (Endi S. Dewata) - Code cleanup in UsrGrpAdminServlet (Chris Kelley) - Revert "Conditionalise use of resteasy-servlet-initializer" (Chris Kelley) - Conditionalise use of resteasy-servlet-initializer (Chris Kelley) - Allow packit to access @pki/master for dependency resolution (Chris Kelley) - Drop DRMTool (Endi S. Dewata) - Auto-initialize JAX-RS applications (Endi S. Dewata) - Add dependency on resteasy-servlet-initializer (Endi S. Dewata) - Update README.md (Chris Kelley) - Disable cf-protection test (Chris Kelley) - Fix typo in .packit.yaml (Chris Kelley) - Add COPR_REPO default value (Endi S. Dewata) - Revert "Upstream some spec file changes from Fedora" (Chris Kelley) - Add packit job for scratch builds for PRs (Chris Kelley) - Upstream some spec file changes from Fedora (Chris Kelley) - Introduce Packit config and upstream some spec updates (Chris Kelley) - Revert RESTMessage.toString() (Endi S. Dewata) - Remove redundant CMake variables (Endi S. Dewata) - Add SCEPConfig (Endi S. Dewata) - Remove unused PKIClient.createProxy() (Endi S. Dewata) - Update ExamineRecovery to use @WebServlet (Endi S. Dewata) - Update KeyProcessReq to use @WebServlet (Endi S. Dewata) - Update GetApprovalStatus to use @WebServlet (Endi S. Dewata) - Update GenerateKeyPairServlet to use @WebServlet (Endi S. Dewata) - Update TokenKeyRecoveryServlet to use @WebServlet (Endi S. Dewata) - Update RecoverBySerial to use @WebServlet (Endi S. Dewata) - Update GetTransportCert to use @WebServlet (Endi S. Dewata) - Update DisplayTransport to use @WebServlet (Endi S. Dewata) - Update GrantAsyncRecovery to use @WebServlet (Endi S. Dewata) - Update GrantRecovery to use @WebServlet (Endi S. Dewata) - Update KeyClient to use JAX-RS client API (Endi S. Dewata) - Update KeyRequestClient to use JAX-RS client API (Endi S. Dewata) - Add RESTMessage.toString() (Endi S. Dewata) - Update log messages in SymKeyGenService (Endi S. Dewata) - Update log messages in KeyRequestService (Endi S. Dewata) - Update log messages in KRAService (Endi S. Dewata) - Code cleanup in PKILogger (Chris Kelley) - Remove getNickName() from KeyRecoveryAuthority (Chris Kelley) - Update CACertClient to use JAX-RS client API (Endi S. Dewata) - Update CACertRequestClient to use JAX-RS client API (Endi S. Dewata) - Update CAAgentCertClient to use JAX-RS client API (Endi S. Dewata) - Update CAAgentCertRequestClient to use JAX-RS client API (Endi S. Dewata) - Add KeyRequestClient (Endi S. Dewata) - Remove unused KeyClient.kraInfoClient (Endi S. Dewata) - Add CACertRequestClient (Endi S. Dewata) - Add CAAgentCertClient (Endi S. Dewata) - Add CAAgentCertRequestClient (Endi S. Dewata) - Update UserClient to use JAX-RS client API (Endi S. Dewata) - Clean up servlet methods in CMSAdminServlet (Chris Kelley) - Code clean up in CertRecordProcessor (Chris Kelley) - Code cleanup in CertRecord (Chris Kelley) - Fix NPE in CMSEngine.shutdown() (Endi S. Dewata) - Update PKIInstance.execute() (Endi S. Dewata) - Update pkidaemon (Endi S. Dewata) - Update ServerConfig.create_listener() (Endi S. Dewata) - Update AuditClient to use JAX-RS client API (Endi S. Dewata) - Update CA ProfileClient to use JAX-RS client API (Endi S. Dewata) - Update TPSConnectorClient to use JAX-RS client API (Endi S. Dewata) - Update TPS ProfileMappingClient to use JAX-RS client API (Endi S. Dewata) - Update TPS ProfileClient to use JAX-RS client API (Endi S. Dewata) - Update TokenClient to use JAX-RS client API (Endi S. Dewata) - Update AuthorityClient to use JAX-RS client API (Endi S. Dewata) - Use the system Python 3 for scripts (Chris Kelley) - Fix missing ROLE_ASSUME events (Endi S. Dewata) - Update admin cert profile in tests (Endi S. Dewata) - Remove unused Velocity templates (Endi S. Dewata) - Update pki ca-cert-request-submit (Endi S. Dewata) - Clean up test for CA with CMC shared token (Endi S. Dewata) - Fix regex in in NSSDatabase.get_trust() (Endi S. Dewata) - Fix stdout/stderr encoding in NSSDatabase.get_trust() (Endi S. Dewata) - Update test for CA with CMC shared token (Endi S. Dewata) - Update CMCRequest to support hex revRequest.serial (Endi S. Dewata) - Upstream some spec file changes to reduce diff (Chris Kelley) - Code clean up in Job (Chris Kelley) - Add Client.delete() that takes query params (Endi S. Dewata) - Add Client.target() (Endi S. Dewata) - Fix TKSEngineConfig.getTPSConnectorIDs() (Endi S. Dewata) - Fix ProfileMappingService.createProfileMappingData() (Endi S. Dewata) - Create separate build for ACME tests (Endi S. Dewata) - Update ConnectorClient to use JAX-RS client API (Endi S. Dewata) - Update TPSCertClient to use JAX-RS client API (Endi S. Dewata) - Update ConfigClient to use JAX-RS client API (Endi S. Dewata) - Update KRAInfoClient to use JAX-RS client API (Endi S. Dewata) - Update CAInfoClient to use JAX-RS client API (Endi S. Dewata) - Update AuthenticatorClient to use JAX-RS client API (Endi S. Dewata) - Update KRAConnectorClient to use JAX-RS client API (Endi S. Dewata) - Update FeatureClient to use JAX-RS client API (Endi S. Dewata) - Update SecurityDomainClient to use JAX-RS client API (Endi S. Dewata) - Update ActivityClient to use JAX-RS client API (Endi S. Dewata) - Update GroupClient to use JAX-RS client API (Endi S. Dewata) - Update log messages in ConnectorService (Endi S. Dewata) - Add PKIClient.entity() (Endi S. Dewata) - Fix pki tps-connector-show (Endi S. Dewata) - Deprecate sslget (Endi S. Dewata) - Bug2190283-part2_LdapSimpleMap_Invalid_cast_warning (Christina Fu) - Refactor SecurityDomainSessionTable.removeEntry() (Endi S. Dewata) - Refactor SecurityDomainSessionTable.addEntry() (Endi S. Dewata) - Add PKIClient.delete() (Endi S. Dewata) - Add PKIClient.patch() (Endi S. Dewata) - Add PKIClient.put() (Endi S. Dewata) - Add PKIClient.post() with Entity (Endi S. Dewata) - Add PKIClient.get() with GenericType (Endi S. Dewata) - Add PKIClient.target() (Endi S. Dewata) - Add Client.getTargetPath() (Endi S. Dewata) - Consolidate PKIClient.get()/post() (Endi S. Dewata) - Update log messages in CRLIssuingPoint (Endi S. Dewata) - Replace sslget examples with curl (Endi S. Dewata) - Fix IPA build job (Endi S. Dewata) - Update build scripts (Endi S. Dewata) - Update SelfTestClient (Endi S. Dewata) - Drop legacy CSR header/footer (Endi S. Dewata) - Refactor CertUtil.parseCRMF() (Endi S. Dewata) - Refactor CertUtil.parseCSR() (Endi S. Dewata) - Refactor PKIProcessor.fillCertInfoArray() (Endi S. Dewata) - Remove redundant Response._fCert (Endi S. Dewata) - Remove unused code in SelfTestCLI (Endi S. Dewata) - Update log messages in SelfTestService (Endi S. Dewata) - Code clean up in UserSubjectNameDefault (Chris Kelley) - Remove redundant code in JssSubsystem (Endi S. Dewata) - Update dependencies (Endi S. Dewata) - Update CI to validate CSR and cert without subject (Endi S. Dewata) - Update pki nss-cert-request to support empty subject (Endi S. Dewata) - Fix bug in TPSConnectorClient.getConnector() (Chris Kelley) - Conditionally set empty subject name (Chris Kelley) - Introduce a retry to wait-for-build.yml (Chris Kelley) - Add support for query params in PKIClient (Endi S. Dewata) - Replace ArgBlock.decodePKCS10() with CertUtil.decodePKCS10() (Endi S. Dewata) - Replace ArgBlock.unwrap() with CertUtil.unwrapPKCS10() (Endi S. Dewata) - Fixed constant in WBaseManualCertRequestPage (Endi S. Dewata) - Extract the waiting for build step into a new workflow (Chris Kelley) - Move CertUtils.parseCRMF() into CertUtil (Endi S. Dewata) - Move CertUtils.decodePKCS10() to CertUtil (Endi S. Dewata) - Move CertUtils.unwrapPKCS10() to CertUtil (Endi S. Dewata) - Update CMC servlets to use @WebServlet (Endi S. Dewata) - Fix bug in AgentCertService.revokeCert (Chris Kelley) - Add key attribute options for pki nss-key-create (Endi S. Dewata) - Fix remaining broken tests (Chris Kelley) - Remove references to unused JUnit4 libraries (Chris Kelley) - Replace subclasses of TestCase with JUnit 5 style tests (Chris Kelley) - Refactor com.netscape.test.TestRunner to use the JUnit 5 runner (Chris Kelley) - Add new servlets for CA (Endi S. Dewata) - Merge IEmailFormProcessor into EmailFormProcessor (Endi S. Dewata) - Merge IEmailTemplate into EmailTemplate (Endi S. Dewata) - Merge IEmailResolverKeys into EmailResolverKeys (Endi S. Dewata) - Convert IEmailResolver into EmailResolver (Endi S. Dewata) - Move IEmailResolver to pki-ca (Endi S. Dewata) - Move ReqCertEmailResolver to pki-ca (Endi S. Dewata) - Remove redundant ExtPrettyPrint (Endi S. Dewata) - Remove redundant CrlPrettyPrint (Endi S. Dewata) - Remove redundant CertPrettyPrint (Endi S. Dewata) - Add SAN option for pki nss-cert commands (Endi S. Dewata) - Add NSSDatabase methods (Endi S. Dewata) - Add CryptoUtil methods (Endi S. Dewata) - Consolidate header/footer constants (Endi S. Dewata) - Move CertDateCompare to pki-java (Endi S. Dewata) - Fix Javadoc warnings (Endi S. Dewata) - Fix build warnings (Endi S. Dewata) - Remove redundant PrettyPrintFormat (Endi S. Dewata) - Replace pki-server subsystem-cert-validate with pki-server cert-validate (Endi S. Dewata) - Revert "Bug2190283-AddCRLServlet-SEVERE-NOT-SUPPORTED-messages" (Chris Kelley) - Revert "Disable OCSP direct pushing during upgrade" (Chris Kelley) - Change JUnit dependency from JUnit4 to JUnit5 (Chris Kelley) - Add setters/getters for ProfileConfig (Endi S. Dewata) - Fix JUnit tests before attempting to migrate to JUnit5 (Chris Kelley) - Remove old beaker tests (Chris Kelley) - Update CADynamicVariables to use @WebServlet (Endi S. Dewata) - Update CADynamicVariablesAdmin to use @WebServlet (Endi S. Dewata) - Update CADynamicVariablesAgent to use @WebServlet (Endi S. Dewata) - Update QueryBySerial to use @WebServlet (Endi S. Dewata) - Update SearchRevokeCert to use @WebServlet (Endi S. Dewata) - Update CADisplayBySerial to use @WebServlet (Endi S. Dewata) - Update CADisplayBySerialAgent to use @WebServlet (Endi S. Dewata) - Update SearchCert to use @WebServlet (Endi S. Dewata) - Update UpdateDirectory to use @WebServlet (Endi S. Dewata) - Update ListRequests to use @WebServlet (Endi S. Dewata) - Disable OCSP direct pushing during upgrade (Marco Fargetta) - Bug2190283-AddCRLServlet-SEVERE-NOT-SUPPORTED-messages (Christina Fu) - Refactor SubsystemCertValidateCLI.validate_certificate() (Endi S. Dewata) - Update root CA and sub CA tests (Endi S. Dewata) - Remove AIA extension from root CA signing cert (Endi S. Dewata) - Move CertUtils.verifySystemCertValidityByNickname() to CertUtil (Endi S. Dewata) - Update jaxb jar location in classpath (Chris Kelley) - Fix Javadoc warnings (Endi S. Dewata) - Replace CertUtils.verifySystemCertByNickname() with CertUtil.verifyCertificateUsage() (Endi S. Dewata) - Replace CertUtils.getCertificateUsage() with CertUtil.toCertificateUsage() (Endi S. Dewata) - Fix NPE in CMSEngine.shutdownAuthzSubsystem() (Endi S. Dewata) - Move ClientCertValidateCLI.verifySystemCertByNickname() to CertUtil (Endi S. Dewata) - Refactor ClientCertValidateCLI.verifySystemCertByNickname() (Endi S. Dewata) - Move ClientCertValidateCLI.getCertificateUsage() into CertUtil (Endi S. Dewata) - Move CertUtils.printRequestContent() into Request (Endi S. Dewata) - Replace CertUtils.toLowerCaseSubsystemType() with String.toLowerCase() (Endi S. Dewata) - Fix NPE in CMSEngine.shutdownJobsScheduler() (Endi S. Dewata) - Add SelfTestPluginConfig (Endi S. Dewata) - Remove duplicate algorithm in OCSPAdminServlet.getSigningAlgConfig() (Endi S. Dewata) - Refactor AAclAuthz.addACLs() (Endi S. Dewata) - Add PKISubsystem.get_subsystem_index() (Endi S. Dewata) - Clean up log messages in OCSPAdminServlet.getSigningAlgConfig() (Endi S. Dewata) - Rename ServerXml to ServerConfig (Endi S. Dewata) - Add RevocationCheckingConfig (Endi S. Dewata) - Fix OAEP config in CRSEnrollment (Endi S. Dewata) - Add EngineConfig.getUseOAEPKeyWrap() (Endi S. Dewata) - Add server-webapp module (Endi S. Dewata) - Update KRASystemCertClient (Endi S. Dewata) - Update CASystemCertClient (Endi S. Dewata) - Update JobClient (Endi S. Dewata) - Update LoginClient (Endi S. Dewata) - Update InfoClient (Endi S. Dewata) - Update ServerKeygenUserKeyDefault to use CAEngineConfig (Endi S. Dewata) - Update Job classes to use Job.engine (Endi S. Dewata) - Update CRSEnrollment.init() to use CAConfig (Endi S. Dewata) - Update test for CA admin user (Endi S. Dewata) - Add pki-server -user-role-del (Endi S. Dewata) - Add pki-server -user-role-add (Endi S. Dewata) - Add pki-server -user-role-find (Endi S. Dewata) - Refactor CertRequestResource (Endi S. Dewata) - Refactor CertResource (Endi S. Dewata) - Replace BASE64_REPO secret with COPR_REPO variable (Endi S. Dewata) - Add new servlets for CA (Endi S. Dewata) - Replace PKISocketFactory.engine with auditor (Endi S. Dewata) - Remove unused Auditor.engine (Endi S. Dewata) - Move Auditor.getGroups() into CMSEngine (Endi S. Dewata) - Add test for CA admin user (Endi S. Dewata) - Add pki-server -user-cert-del (Endi S. Dewata) - Update DoRevokeProxyServlet to use @WebServlet (Endi S. Dewata) - Update BulkIssuanceProxyServlet to use @WebServlet (Endi S. Dewata) - Update ProfileSubmitProxyServlet to use @WebServlet (Endi S. Dewata) - Update CATokenAuthenticateAdmin to use @WebServlet (Endi S. Dewata) - Update CATokenAuthenticate to use @WebServlet (Endi S. Dewata) - Update CAGetCookie to use @WebServlet (Endi S. Dewata) - Update DoRevoke to use @WebServlet (Endi S. Dewata) - Update GetInfo to use @WebServlet (Endi S. Dewata) - Update CAOCSPServlet to use @WebServlet (Endi S. Dewata) - Update MasterCAGetInfo to use @WebServlet (Endi S. Dewata) - Update DoRevokeAgent to use @WebServlet (Endi S. Dewata) - Update ProfileListServlet to use @WebServlet (Endi S. Dewata) - Update ProfileListAgentServlet to use @WebServlet (Endi S. Dewata) - Update CAPortsServlet to use @WebServlet (Endi S. Dewata) - Remove trailing spaces in pki-server -user-show output (Endi S. Dewata) - Update log messages in UGSubsystem.buildUser() (Endi S. Dewata) - Refactor UGSubsystem.removeUserCert() (Endi S. Dewata) - Add KRAPolicyConfig (Endi S. Dewata) - Add CAPolicyConfig (Endi S. Dewata) - Add new servlets for CA (Endi S. Dewata) - Only BuildRequires xmvn-tools on distros that have it (Chris Kelley) - Small cleanup in AtoB.java to re-trigger the CI. (Chris Kelley) - Make use of xmvn-resolve conditional on it being installed (Chris Kelley) - Refactor HttpClient to not create unnecessary sockets and streams (Chris Kelley) - Add ServerConfig.get_service() (Endi S. Dewata) - Update log messages in Python clients (Endi S. Dewata) - Update log messages in SecurityDomainProcessor (Endi S. Dewata) - Update up log messages in ProxyRealm (Endi S. Dewata) - Fix invalid paths in pki-acme-run (Endi S. Dewata) - Use try-with-resources in more places in HttpClient (Chris Kelley) - Add pki_ds_url param (Endi S. Dewata) - Update version number to 11.5.0-alpha1 (Endi S. Dewata) - Update Maven JAR file names (Endi S. Dewata) - Add --verbose/debug options for pki-server ca-config commands (Endi S. Dewata) - Use try-with-resources in client and logging classes (Chris Kelley) - Use lazy loading in DirAclAuthz (Endi S. Dewata) - Fix pylint failures in upstream CI. (Chris Kelley) - Clean up AAclAuthz (Endi S. Dewata) - Update CA test with existing DS (Endi S. Dewata) - Updating version to v11.4.0 (Chris Kelley) - Publish to GitHub Maven registry (Endi S. Dewata) - Fix adding user in TPS UI (Chris Kelley) - Restore certificate search functionality to the TPS UI (Chris Kelley) - Add DirAclAuthz.loadACLs() (Endi S. Dewata) - Convert AAclAuthz.mACLs into Map (Endi S. Dewata) - Replace AAclAuthz.aclResElements() with getACLs() (Endi S. Dewata) - Update AAclAuthz.getTargetNames() to return Set (Endi S. Dewata) - Update AuthzManager.getACLs() to return Collection (Endi S. Dewata) - Merge ServletUtils into CAProcessor (Endi S. Dewata) - Add AuthorizationConfig.getSourceType() (Endi S. Dewata) - Add AuthzSubsystem.addACLInfo() (Endi S. Dewata) - Code clean up in CryptoUtil (Chris Kelley) - Remove code in web UI to retrieve Links from requests (Chris Kelley) - Fix maven compile (Marco Fargetta) - Remove obsolete references to jss-symkey.jar (Endi S. Dewata) - Remove obsolete references to pki-symkey (Endi S. Dewata) - Update ListCerts to use @WebServlet (Endi S. Dewata) - Update ListCertsAgent to use @WebServlet (Endi S. Dewata) - Update SrchCerts to use @WebServlet (Endi S. Dewata) - Update SrchCertsAgent to use @WebServlet (Endi S. Dewata) - Update CAGetStats to use @WebServlet (Endi S. Dewata) - Update ProfileSelectServlet to use @WebServlet (Endi S. Dewata) - Update ProfileSelectAgentServlet to use @WebServlet (Endi S. Dewata) - Update GetCertFromRequest to use @WebServlet (Endi S. Dewata) - Update GetCertFromRequestAgent to use @WebServlet (Endi S. Dewata) - Update DisplayCertFromRequest to use @WebServlet (Endi S. Dewata) - Update DisplayCertFromRequestAgent to use @WebServlet (Endi S. Dewata) - Update UpdateDir to use @WebServlet (Endi S. Dewata) - Update CAGetOCSPInfo to use @WebServlet (Endi S. Dewata) - Update EnrollServlet to use @WebServlet (Endi S. Dewata) - Update CertBasedEnrollServlet to use @WebServlet (Endi S. Dewata) - Update BulkIssuanceServlet to use @WebServlet (Endi S. Dewata) - Update AdminEnrollServlet to use @WebServlet (Endi S. Dewata) - Update CAJobsAdminServlet to use @WebServlet (Endi S. Dewata) - Update IPA tests (Endi S. Dewata) - Add new servlets for CA (Endi S. Dewata) - Remove unnecessary else clauses from 50 more classes (Chris Kelley) - Move LogFile constants to LoggerConfig (Endi S. Dewata) - Add getters for LoggerConfig (Endi S. Dewata) - Update LogEventListener.init() to take LoggerConfig (Endi S. Dewata) - Simplify TPS installation config examples (Endi S. Dewata) - Update pki.spec to use Maven dependencies (Endi S. Dewata) - Update version numbers in pom.xml and azure-pipelines.yml (Endi S. Dewata) - Fix audit log (Marco Fargetta) - Remove CMSExtensionsMap singleton (Endi S. Dewata) - Remove LogSubsystem singleton (Endi S. Dewata) - Remove OidLoaderSubsystem singleton (Endi S. Dewata) - Remove X500NameSubsystem singleton (Endi S. Dewata) - Remove AuthzSubsystem singleton (Endi S. Dewata) - Remove JobsScheduler singleton (Endi S. Dewata) - Update CAAuthAdminServlet to use @WebServlet (Endi S. Dewata) - Update CAGetConfigEntries to use @WebServlet (Endi S. Dewata) - Update CAGetStatus to use @WebServlet (Endi S. Dewata) - Update CADownloadPKCS12 to use @WebServlet (Endi S. Dewata) - Update CAAdminUpdateDomainXML to use @WebServlet (Endi S. Dewata) - Update CAUpdateDomainXML to use @WebServlet (Endi S. Dewata) - Update RARegisterUser to use @WebServlet (Endi S. Dewata) - Update CARegisterUser to use @WebServlet (Endi S. Dewata) - Remove hard-coded port in pki-healthcheck (Endi S. Dewata) - Update pki-server http-connector-find (Endi S. Dewata) - Allow graceful handling of CADogtagCertsConfigCheck with no certs (Chris Kelley) - Add CAAuthAdminServlet (Endi S. Dewata) - Add CAGetConfigEntries (Endi S. Dewata) - Add CAGetStatus (Endi S. Dewata) - Add CADownloadPKCS12 (Endi S. Dewata) - Add CAAdminUpdateDomainXML (Endi S. Dewata) - Add CAUpdateDomainXML (Endi S. Dewata) - Add RARegisterUser (Endi S. Dewata) - Add CARegisterUser (Endi S. Dewata) - Update Monitor to use @WebServlet (Endi S. Dewata) - Update UpdateConnector to use @WebServlet (Endi S. Dewata) - Update CRSEnrollment to use @WebServlet (Endi S. Dewata) - Update DynamicProfileSCEPServlet to use @WebServlet (Endi S. Dewata) - Update RASCEPServlet to use @WebServlet (Endi S. Dewata) - Update CALogAdminServlet to use @WebServlet (Endi S. Dewata) - Update CAUsrGrpAdminServlet to use @WebServlet (Endi S. Dewata) - Update CAACLAdminServlet to use @WebServlet (Endi S. Dewata) - Update CAMainPageServlet to use @WebServlet (Endi S. Dewata) - Update UpdateOCSPConfig to use @WebServlet (Endi S. Dewata) - Update GetCAChain to use @WebServlet (Endi S. Dewata) - Update GetCRL to use @WebServlet (Endi S. Dewata) - Update CertQueryReq to use @WebServlet (Endi S. Dewata) - Update RenewalServlet to use @WebServlet (Endi S. Dewata) - Update CertProcessReq to use @WebServlet (Endi S. Dewata) - Update DoUnrevoke to use @WebServlet (Endi S. Dewata) - Fix pkispawn error with custom SKI (Marco Fargetta) - Move SignedAuditLogger.INSTANCE into Auditor (Endi S. Dewata) - Update OCSPAuthority to use Auditor (Endi S. Dewata) - Update KeyRecoveryAuthority to use Auditor (Endi S. Dewata) - Update TokenKeyRecoveryService to use Auditor (Endi S. Dewata) - Update SymKeyGenService to use Auditor (Endi S. Dewata) - Update SecurityDataRecoveryService to use Auditor (Endi S. Dewata) - Update SecurityDataProcessor to use Auditor (Endi S. Dewata) - Update NetkeyKeygenService to use Auditor (Endi S. Dewata) - Update EnrollmentService to use Auditor (Endi S. Dewata) - Update AsymKeyGenService to use Auditor (Endi S. Dewata) - Update CMCOutputTemplate to use Auditor (Endi S. Dewata) - Update CRSEnrollment to use Auditor (Endi S. Dewata) - Update SubsystemGroupUpdater to use Auditor (Endi S. Dewata) - Update EnrollInput to use Auditor (Endi S. Dewata) - Update CAEnrollProfile to use Auditor (Endi S. Dewata) - Update EnrollProfile to use Auditor (Endi S. Dewata) - Update CRLIssuingPoint to use Auditor (Endi S. Dewata) - Update CAService to use Auditor (Endi S. Dewata) - Update ProfileSubmitCMCServlet to use Auditor (Endi S. Dewata) - Update CMCUserSignedAuth to use Auditor (Endi S. Dewata) - Update AuthManager to use Auditor (Endi S. Dewata) - Update CertificateAuthority to use Auditor (Endi S. Dewata) - Update RollingLogFile to use Auditor (Endi S. Dewata) - Update LogEventListener to use Auditor (Endi S. Dewata) - Initialize Auditor before LogSubsystem (Endi S. Dewata) - Update pki.spec (Endi S. Dewata) - Add DynamicProfileSCEPServlet (Endi S. Dewata) - Add RASCEPServlet (Endi S. Dewata) - Add CALogAdminServlet (Endi S. Dewata) - Add CAUsrGrpAdminServlet (Endi S. Dewata) - Add CAACLAdminServlet (Endi S. Dewata) - Add CAMainPageServlet (Endi S. Dewata) - Update DisplayCRL to use @WebServlet (Endi S. Dewata) - Update UpdateCRL to use @WebServlet (Endi S. Dewata) - Update ProcessCertReq to use @WebServlet (Endi S. Dewata) - Update ProfileProcessServlet to use @WebServlet (Endi S. Dewata) - Update GetSubsystemCert to use @WebServlet (Endi S. Dewata) - Update RevocationServlet to use @WebServlet (Endi S. Dewata) - Update DoUnrevokeTPS to use @WebServlet (Endi S. Dewata) - Update CMCRevReqServlet to use @WebServlet (Endi S. Dewata) - Update DoRevokeTPS to use @WebServlet (Endi S. Dewata) - Update CheckRequest to use @WebServlet (Endi S. Dewata) - Update CAHeaderServlet to use @WebServlet (Endi S. Dewata) - Update KRAConnectorServlet to use @WebServlet (Endi S. Dewata) - Update ProfileReviewServlet to use @WebServlet (Endi S. Dewata) - Update ProfileApproveServlet to use @WebServlet (Endi S. Dewata) - Update CertSearchReqs to use @WebServlet (Endi S. Dewata) - Update ReasonToRevoke to use @WebServlet (Endi S. Dewata) - Update CAIndexServlet to use @WebServlet (Endi S. Dewata) - Update PublisherAdminServlet to use @WebServlet (Endi S. Dewata) - Update PKISecureRandomSpi to use Auditor (Endi S. Dewata) - Add PKISecureRandomSpi.engine (Endi S. Dewata) - Update CA and KRA repositories to use PKISecureRandom (Endi S. Dewata) - Update PKIClientSocketListener to use Auditor (Endi S. Dewata) - Update PKIServerSocketListener to use Auditor (Endi S. Dewata) - Add PKIClientSocketListener.engine (Endi S. Dewata) - Add CMSEngine.initClientSocketListener() (Endi S. Dewata) - Add CMSEngine.initServerSocketListener() (Endi S. Dewata) - Add CMSEngine.testLDAPConnections() (Endi S. Dewata) - Add setter/getter for PKISocketFactory.secure (Endi S. Dewata) - Initialize PKISocketFactory.engine (Endi S. Dewata) - Add LdapConnFactory.engine (Endi S. Dewata) - Move LdapConnFactory to pki-server (Endi S. Dewata) - Add DBSubsystem.engine (Endi S. Dewata) - Add UGSubsystem.engine (Endi S. Dewata) - Add PKISocketFactory.engine (Endi S. Dewata) - Remove CMS.engine (Endi S. Dewata) - Update HttpConnection to use Auditor (Endi S. Dewata) - Add HttpConnector.init() (Endi S. Dewata) - Add getters for ConnectorConfig (Endi S. Dewata) - Update SessionTimer to use Auditor (Endi S. Dewata) - Update AdminServlet to use Auditor (Endi S. Dewata) - Update TPSProcessor to use Auditor (Endi S. Dewata) - Update CMSServlet to use Auditor (Endi S. Dewata) - Update PKISocketFactory to use Auditor (Endi S. Dewata) - Add CAHeaderServlet (Endi S. Dewata) - Update log messages in EnrollDefault.getSigningCert() (Endi S. Dewata) - Fix KRA test with sequential serial numbers (Endi S. Dewata) - Fix Connector initialization in CAService.getConnector() (Endi S. Dewata) - Remove unused CertUtils.signedAuditLogger (Endi S. Dewata) - Update SubsystemService to use Auditor (Endi S. Dewata) - Update Processor to use Auditor (Endi S. Dewata) - Update ACLInterceptor to use Auditor (Endi S. Dewata) - Update SelfTestSubsystem to use Auditor (Endi S. Dewata) - Update PKIProcessor to use Auditor (Endi S. Dewata) - Update PKIRealm to use Auditor (Endi S. Dewata) - Move CMSEngine.signedAuditLogger to Auditor (Endi S. Dewata) - Update ProfileAdminServlet to use @WebServlet (Endi S. Dewata) - Update ProfileSubmitServlet to use @WebServlet (Endi S. Dewata) - Update ProfileSubmitSSLClientServlet to use @WebServlet (Endi S. Dewata) - Update RegistryAdminServlet to use @WebServlet (Endi S. Dewata) - Update CAAdminServlet to use @WebServlet (Endi S. Dewata) - Update GetBySerial to use @WebServlet (Endi S. Dewata) - Update GetAdminBySerial to use @WebServlet (Endi S. Dewata) - Update GetAdminCertBySerial to use @WebServlet (Endi S. Dewata) - Update GetAgentBySerial to use @WebServlet (Endi S. Dewata) - Update CAPolicyAdminServlet to use @WebServlet (Endi S. Dewata) - Update GetCertChain to use @WebServlet (Endi S. Dewata) - Update GetCertChainAdmin to use @WebServlet (Endi S. Dewata) - Update CAUpdateNumberRange to use @WebServlet (Endi S. Dewata) - Update CACMSAdminServlet to use @WebServlet (Endi S. Dewata) - Update rpminspect test (Endi S. Dewata) - Bug2176233_part2_StatusChange_holdRevocationUntilLastCredential (Christina Fu) - Bug2092522_StatusChange per config for revokeCert and revokeExpiredCert (Christina Fu) - Add ProfileSubmitSSLClientServlet (Endi S. Dewata) - Add GetAgentBySerial (Endi S. Dewata) - Add GetAdminBySerial (Endi S. Dewata) - Add GetAdminCertBySerial (Endi S. Dewata) - Add GetCertChainAdmin (Endi S. Dewata) - Remove unused RESTServlet (Endi S. Dewata) - Remove unused references to o=NetscapeCertificateServer (Endi S. Dewata) - Move DBSubsystem constants into DatabaseConfig (Endi S. Dewata) - Add SessionTimer.engine (Endi S. Dewata) - Add HttpConnection.engine (Endi S. Dewata) - Add HttpConnection.init() (Endi S. Dewata) - Add HttpConnFactory.engine (Endi S. Dewata) - Add HttpConnFactory.init() (Endi S. Dewata) - Consolidate PasswordStore.id (Endi S. Dewata) - Convert IPasswordStore into PasswordStore class (Endi S. Dewata) - Convert ILdapExpression into LdapExpression class (Endi S. Dewata) - Merge ILdapConnModule into LdapConnModule (Endi S. Dewata) - Convert ILdapConnFactory into LdapConnFactory class (Endi S. Dewata) - Remove unused IPluginImpl (Endi S. Dewata) - Remove unused LdapCertMapResult (Endi S. Dewata) - Remove unused ILdapPlugin (Endi S. Dewata) - Remove unused ILdapPluginImpl (Endi S. Dewata) - Drop PKISocketFactory dependency on CMS.getCMSEngine() (Endi S. Dewata) - Remove unused ILdapCrlMapper (Endi S. Dewata) - Remove unused ILdapCertMapper (Endi S. Dewata) - Convert ILdapMapper into Mapper class (Endi S. Dewata) - Convert ILdapPublisher into Publisher class (Endi S. Dewata) - Clean up Eclipse classpath (Endi S. Dewata) - Add setter/getter for PKISocketFactory.clientCertNickname (Endi S. Dewata) - Move PKIClientSocketListener out of PKISocketFactory (Endi S. Dewata) - Add Repository.engine (Endi S. Dewata) - Consolidate loggers in PKISocketFactory (Endi S. Dewata) - Remove CSCfgDatabase.engine (Endi S. Dewata) - Refactor RequestRecord.loadExtDataFromRequest() (Endi S. Dewata) - Convert DBSubsystem.isExcludedLdapAttr() into getExcludedLdapAttr() (Endi S. Dewata) - Convert DBSubsystem.excludedLdapAttrs into Set (Endi S. Dewata) - Move CMSEngine.isExcludedLdapAttr() to DBSubsystem (Endi S. Dewata) - Move RequestRepository.createRequestID(ephemeral) into KeyRequestDAO (Endi S. Dewata) - Move KeyCertUtil.setAuthInfoAccess() into JssSubsystem (Endi S. Dewata) - Move CertUtils.parsePKCS10() into CAEngine (Endi S. Dewata) - Move CertUtils.verifySystemCertByTag() into CMSEngine (Endi S. Dewata) - Move CertUtils.verifySystemCerts() into CMSEngine (Endi S. Dewata) - Rename KeyRetrieverRunner thread to KeyRetriever (Endi S. Dewata) - Rename profileChangeMonitor to ProfileChangeMonitor (Endi S. Dewata) - Move KeyCertUtil.signCert() to JssSubsystem (Endi S. Dewata) - Add PKIProcessor.engine (Endi S. Dewata) - Add SelfTest.engine (Endi S. Dewata) - Add JssSubsystem.engine (Endi S. Dewata) - Replace JssSubsystem.mInstance with CMSEngine.jssSubsystem (Endi S. Dewata) - Move ServletUtils.getACLMethod() to CAProcessor (Endi S. Dewata) - Add GenericPolicyProcessor.engine (Endi S. Dewata) - Add Processor.init() (Endi S. Dewata) - Move Subsystem.engine initialization into CMSEngine.loadSubsystems() (Endi S. Dewata) - Update log messages in profile services (Endi S. Dewata) - Add PKIServerSocketListener.engine (Endi S. Dewata) - Add RequestNotifier.engine (Endi S. Dewata) - Add LogEventListener.engine (Endi S. Dewata) - Add Auditor.engine (Endi S. Dewata) - Move Auditor.auditor into CMSEngine (Endi S. Dewata) - Update log messages in PKIDeployer.leave_security_domain() (Endi S. Dewata) - Update log messages in UpdateDomainXML (Endi S. Dewata) - Update log messages in ProfileProcessServlet (Endi S. Dewata) - Fix unnecessary else clauses in 50 more classes (Chris Kelley) - Add pki-server -group-member-del (Endi S. Dewata) - Add --member param for pki-server -group-find (Endi S. Dewata) - Remove unnecessary else clauses from 50 more classes. (Chris Kelley) - Code cleanup in CRLIssuingPoint (Chris Kelley) - Remove unnecessary else clauses to tidy up logic (Chris Kelley) - Re-enable the licence check. (Chris Kelley) - Add pki-server sd-subsystem-del (Endi S. Dewata) - Add pki-server sd-subsystem-find (Endi S. Dewata) - Rename pki-server sd-host-add to pki-server sd-subsystem-add (Endi S. Dewata) - Add --subsystem param for pki-server sd-host-add (Endi S. Dewata) - Add pki-server ca-cert-request-import (Endi S. Dewata) - Add pki-server -user-cert-find (Endi S. Dewata) - Move ServletUtils.initializeAuthz() into CMSServlet (Endi S. Dewata) - Simplify CMSEngine.excludedLdapAttrsList (Endi S. Dewata) - Simplify CMSEngine.isExcludedLdapAttr() (Endi S. Dewata) - Move RequestQueue.recover() into CMSEngine (Endi S. Dewata) - Refactor MailNotification (Endi S. Dewata) - Update pki-server ca-cert help messages (Endi S. Dewata) - Update CLIException.code (Endi S. Dewata) - Tidy up in AVAPattern (Chris Kelley) - Refactor CMSGateway (Endi S. Dewata) - Store CMSEngine in Processor (Endi S. Dewata) - Clean up log messages in CMSServlet (Endi S. Dewata) - Code cleanup in JssSubsystem (Chris Kelley) - Fix token filtering in TPS UI (Chris Kelley) - Add Resender.engine (Endi S. Dewata) - Add Connector.engine (Endi S. Dewata) - Add RequestListener.engine (Endi S. Dewata) - Convert IRequestListener into RequestListener class (Endi S. Dewata) - Add PWsdrCache.engineConfig (Endi S. Dewata) - Move PWCBsdr to pki-ca (Endi S. Dewata) - Add DBSubsystem.engineConfig (Endi S. Dewata) - Add CertUserLocator.engine (Endi S. Dewata) - Convert CertUserLocator into class (Endi S. Dewata) - Add Job.engine (Endi S. Dewata) - Add ACLInterceptor.getCMSEngine() (Endi S. Dewata) - Add SystemInfoServlet.getCMSEngine() (Endi S. Dewata) - Move CMSRequestDAO.authz into KeyRequestDAO (Endi S. Dewata) - Update GroupAccessEvaluator to use AccessEvaluator.engine (Endi S. Dewata) - Add LDAPSecurityDomainSessionTable.engine (Endi S. Dewata) - Add Processor.engine (Endi S. Dewata) - Add AccessEvaluator.engine (Endi S. Dewata) - Add AuthzManager.engine (Endi S. Dewata) - Merge IMailNotification into MailNotification (Endi S. Dewata) - Remove unused PKIRealm.getName() (Endi S. Dewata) - Add PKIRealm.engine (Endi S. Dewata) - Code clean up in DisplayBySerial (Chris Kelley) - Bump ansible from 2.9.13 to 7.0.0 in /tests/dogtag/pytest-ansible (dependabot[bot]) - Remove serialVersionUID from classes that don't implement Serializable (Chris Kelley) - Merge timeToLive fields into SecurityDomainSessionTable (Endi S. Dewata) - Convert ISecurityDomainSessionTable into SecurityDomainSessionTable class (Endi S. Dewata) - Rename SecurityDomainSessionTable to MemorySecurityDomainSessionTable (Endi S. Dewata) - Remove unused SystemConfigService (Endi S. Dewata) - Convert SystemConfigService.csState into local variable (Endi S. Dewata) - Remove unused SubsystemService.engine (Endi S. Dewata) - Convert GroupAccessEvaluator.mUG into local variable (Endi S. Dewata) - Merge description fields into AccessEvaluator (Endi S. Dewata) - Merge type fields into AccessEvaluator (Endi S. Dewata) - Convert IAccessEvaluator into AccessEvaluator class (Endi S. Dewata) - Convert SecurityDomainProcessor.random into local variable (Endi S. Dewata) - Convert GroupMemberProcessor.userGroupManager into local variable (Endi S. Dewata) - Merge config fields into AuthzManager (Endi S. Dewata) - Merge implName fields into AuthzManager (Endi S. Dewata) - Merge name fields into AuthzManager (Endi S. Dewata) - Convert IAuthzManager into AuthzManager class (Endi S. Dewata) - Introduce pki-rpminspect profile for rpminspect (Chris Kelley) - Add AuthManager.engine (Endi S. Dewata) - Merge TPSEngine classes into one class (Chris Kelley) - Fix adding Profile/Profile Mapping in TPS UI (Chris Kelley) - Update CertificateRepository (Endi S. Dewata) - Update KeyRepository (Endi S. Dewata) - Update RequestRepository (Endi S. Dewata) - Add SecureRandomFactory (Endi S. Dewata) - Rename RandomConfig to SecureRandomConfig (Endi S. Dewata) - Move CertificateRepository to pki-ca (Endi S. Dewata) - Add Subsystem.engine (Endi S. Dewata) - Fix CMSEngine.startupSubsystems() (Endi S. Dewata) - Update Subsystem.init() for consistency (Endi S. Dewata) - Remove unused methods in IAuthority (Endi S. Dewata) - Merge ICrossCertPairSubsystem into CrossCertPairSubsystem (Endi S. Dewata) - Move CMSAdminServlet.importXCert() into CACMSAdminServlet (Endi S. Dewata) - Drop server.xml template (Endi S. Dewata) - Use Python XML to add secure connector (Endi S. Dewata) - Merge ISubsystem into Subsystem (Endi S. Dewata) - Rename BaseSubsystem to Subsystem (Endi S. Dewata) - Split IAuthority from ISubsystem (Endi S. Dewata) - Use Python XML to configure unsecure connector (Endi S. Dewata) - Update CMSServlet subclasses to use getCMSEngine() (Endi S. Dewata) - Update AdminServlet subclasses to use getCMSEngine() (Endi S. Dewata) - Convert DynamicVariablesServlet.mCrlurl into local variable (Endi S. Dewata) - Add AdminServlet.getCMSEngine() (Endi S. Dewata) - Add CMSServlet.getCMSEngine() (Endi S. Dewata) - Fix index calculation in replace_params() (Endi S. Dewata) - Add PKIClientAuthenticator (Endi S. Dewata) - Use Python XML to remove UserDatabase (Endi S. Dewata) - Use Python XML to add RewriteValve (Endi S. Dewata) - Make xmvn conditional on archs which support it (Chris Kelley) - Move CMSServlet.generateSalt() into JssSubsystem (Endi S. Dewata) - Convert AdminServlet.mUG into local variable (Endi S. Dewata) - Convert CMSServlet.mUG into local variable (Endi S. Dewata) - Use Python XML to configure listeners (Endi S. Dewata) - Use Python XML to remove default LockOutRealm (Endi S. Dewata) - Merge ITransportKeyUnit into TransportKeyUnit (Endi S. Dewata) - Drop ISubsystem from TransportKeyUnit (Endi S. Dewata) - Merge IStatsSubsystem into StatsSubsystem (Endi S. Dewata) - Update IPolicyProcessor.getAuthority() to return IAuthority (Endi S. Dewata) - Remove unused ProfileSubsystem (Endi S. Dewata) - Remove redundant attributes in CMSServlet (Endi S. Dewata) - Update KeyService to use PKIService.getCMSEngine() (Endi S. Dewata) - Update KeyRequestService to use PKIService.getCMSEngine() (Endi S. Dewata) - Update AuditService to use PKIService.getCMSEngine() (Endi S. Dewata) - Update FeatureService to use PKIService.getCMSEngine() (Endi S. Dewata) - Update SelfTestService to use PKIService.getCMSEngine() (Endi S. Dewata) - Rename pki-cms.jar to pki-server.jar (Endi S. Dewata) - Update JobService to use PKIService.getCMSEngine() (Endi S. Dewata) - Update GroupService to use PKIService.getCMSEngine() (Endi S. Dewata) - Update UserService to use PKIService.getCMSEngine() (Endi S. Dewata) - Add PKIService.getCMSEngine() (Endi S. Dewata) - Use Python XML to update Tomcat admin port (Endi S. Dewata) - Change -flto to -fno-lto (Chris Kelley) - Add -flto compiler flag (Chris Kelley) - Remove unused pki_subsystem_signed_audit_log_path param (Endi S. Dewata) - Remove non-customizable pki_instance_database_link param (Endi S. Dewata) - Remove non-customizable pki_tomcat_tmpdir_path param (Endi S. Dewata) - Remove non-customizable pki_instance_logs_link param (Endi S. Dewata) - Remove non-customizable pki_instance_conf_link param (Endi S. Dewata) - Remove non-customizable pki_tomcat_bin_link param (Endi S. Dewata) - Update RESTEasy dependency (Endi S. Dewata) - Add ACME tests with postgresql back-end (Marco Fargetta) - Restore some codeBase permissions in pki.policy (Chris Kelley) - Add pki_registry_enable (Endi S. Dewata) - Fix OCSP tests (Endi S. Dewata) - Add pki securitydomain-leave (Endi S. Dewata) - Add test for CA installation with non-default user (Endi S. Dewata) - Fix pki-server run (Endi S. Dewata) - Rename pki-certsrv.jar to pki-common.jar (Endi S. Dewata) - Fix pki.policy (Endi S. Dewata) - Add PKISubsystem.create_registry() and remove_registry() (Endi S. Dewata) - Add PKIInstance.create_registry() and remove_registry() (Endi S. Dewata) - Add PKISubsystem.default_cfg (Endi S. Dewata) - Move C flags definitions into RPM spec (Endi S. Dewata) - Fix Eclipse classpath (Endi S. Dewata) - Reorganize CA tests (Endi S. Dewata) - Add PKIDeployer.store_config() and store_manifest() (Endi S. Dewata) - Add PKIDeployer.create_server_xml() (Endi S. Dewata) - Remove unused War class (Endi S. Dewata) - Remove remaining slot-related code (Endi S. Dewata) - Add test for CA with Nuxwdog (Endi S. Dewata) - pkidaemon improvements (Endi S. Dewata) - Remove unused standalone slot variables (Endi S. Dewata) - Publish pki-server image (Endi S. Dewata) - Relocate pki-certsrv.jar (Endi S. Dewata) - Fix JAXB and JAF dependencies (Endi S. Dewata) - Fix RPM build warnings (Endi S. Dewata) - Add verbose/debug options for pki-server-nuxwdog (Endi S. Dewata) - Adopt HTTP 1.1 for http based connections (Marco Fargetta) - Remove profile subsystem slot variable (Endi S. Dewata) - Remove HTTP proxy slot variables (Endi S. Dewata) - Fix pkidestroy failures (Endi S. Dewata) - Remove access log slot variables (Endi S. Dewata) - Add missing --ignore-banner options (Endi S. Dewata) - Fix token status transition in TPS web UI (Chris Kelley) - Resolve jar paths using xmvn (Marian Koncek) - Remove AJP connector slot variables (Endi S. Dewata) - Update pom.xml to latest Jackson/jaxb-api versions (Chris Kelley) - Fix rpminspect issues by adding some compiler flags (Chris Kelley) - Swap KRA basic and RSNv3 tests (Endi S. Dewata) - Update ServerConfig.get_listener() (Endi S. Dewata) - Add PKISubsystem.create_sysconfig() and remove_sysconfig() (Endi S. Dewata) - Remove unused slot variables (Endi S. Dewata) - Replace PKI_STANDALONE with direct substitution (Endi S. Dewata) - Replace PKI_AJP_HOST_IPv4 with direct substitution (Endi S. Dewata) - Replace PKI_AJP_HOST_IPv6 with direct substitution (Endi S. Dewata) - Replace PKI_DS_SECURE_CONNECTION with direct substitution (Endi S. Dewata) - Replace PKI_ENABLE_RANDOM_SERIAL_NUMBERS with direct substitution (Endi S. Dewata) - Replace PKI_INSTANCE_NAME with direct substitution (Endi S. Dewata) - Replace PKI_INSTANCE_PATH with direct substitution (Endi S. Dewata) - Replace PKI_AJP_REDIRECT_PORT with direct substitution (Endi S. Dewata) - Replace PKI_AJP_SECRET with direct substitution (Endi S. Dewata) - Replace PKI_AJP_PORT with direct substitution (Endi S. Dewata) - Replace SERVER_KEYGEN with direct substitution (Endi S. Dewata) - Replace TOMCAT_SERVER_PORT with direct substitution (Endi S. Dewata) - Code cleanup in User.java (Chris Kelley) - Replace PKI_SECURE_PORT with direct substitution (Endi S. Dewata) - Replace PKI_UNSECURE_PORT with direct substitution (Endi S. Dewata) - Replace PKI_HOSTNAME with direct substitution (Endi S. Dewata) - Remove unused slot variables (Endi S. Dewata) - Remove redundant pki_target_tomcat_conf_instance_id (Endi S. Dewata) - Remove redundant pki_target_cs_cfg (Endi S. Dewata) - Add new --attributes option to -user-add (Chris Kelley) - Convert pki_target_server_xml into variable (Endi S. Dewata) - Remove unused params (Endi S. Dewata) - Convert pki_target_flatfile_txt into variable (Endi S. Dewata) - Convert pki_target_proxy_conf into variable (Endi S. Dewata) - Convert pki_target_admincert_profile into variable (Endi S. Dewata) - Convert pki_target_caauditsigningcert_profile into variable (Endi S. Dewata) - Convert pki_target_cacert_profile into variable (Endi S. Dewata) - Convert pki_target_caocspcert_profile into variable (Endi S. Dewata) - Convert pki_target_servercert_profile into variable (Endi S. Dewata) - Convert pki_target_subsystemcert_profile into variable (Endi S. Dewata) - Convert pki_source_registry_cfg into variable (Endi S. Dewata) - Convert pki_target_registry_cfg into variable (Endi S. Dewata) - Convert pki_target_phone_home_xml into variable (Endi S. Dewata) - Convert pki_shared_pfile into variable (Endi S. Dewata) - Remove redundant pki_shared_password_conf (Endi S. Dewata) - Remove redundant pki_self_signed_subject (Endi S. Dewata) - Remove unused pki_subsystem_configuration_password_conf_link (Endi S. Dewata) - Remove unused pki_registry_initscript_command (Endi S. Dewata) - Remove single-use pki_default_deployment_cfg_replica (Endi S. Dewata) - Convert pki_manifest into variable (Endi S. Dewata) - Convert pki_manifest_spawn_archive into variable (Endi S. Dewata) - Convert pki_user_deployment_cfg_replica into variable (Endi S. Dewata) - Convert pki_user_deployment_cfg_spawn_archive into variable (Endi S. Dewata) - Update PKISubsystem.validate_system_cert() (Endi S. Dewata) - Fix cert rest API with json (Marco Fargetta) - Merge Instance class into PKIDeployer (Endi S. Dewata) - Remove unused PKI_INSTANCE_ROOT slot (Endi S. Dewata) - Strip debug symbols from executables (Chris Kelley) - Downgrade dependency to Python 3.6 (Endi S. Dewata) - Remove profile.*.config in CS.cfg (Endi S. Dewata) - Remove configurationRoot in CS.cfg (Endi S. Dewata) - Update build scripts (Endi S. Dewata) - Add server backup and restore test (Endi S. Dewata) - Consolidate container image cache (Endi S. Dewata) - Update JS front end to use string map for properties (Chris Kelley) - Remove unnecessary inner classes from *Data classes (Chris Kelley) - Fix certificate display in TPS web UI (Chris Kelley) - Remove instanceRoot in CS.cfg (Endi S. Dewata) - Clean up TPSPhoneHome.getConfigPath() (Endi S. Dewata) - Downgrade dependency to Jackson 2.10 (Endi S. Dewata) - Update EST test to use libEST container (Endi S. Dewata) - Replace PKI_SUBSYSTEM_TYPE with actual value (Endi S. Dewata) - Fix installation warnings due to links creation (Endi S. Dewata) - Move Python lint test into separate workflow (Endi S. Dewata) - Update SCEP test to use SSCEP container (Endi S. Dewata) - Fix installation warnings due to file creation (Endi S. Dewata) - Fix installation warnings due to directory creation (Endi S. Dewata) - Remove unused CertificateAuthority fields (Endi S. Dewata) - Move CertificateAuthority.ensureAuthorityDNAvailable() to CAEngine (Endi S. Dewata) - Add fapolicy rules to allow execution of generated java code (Marco Fargetta) - Move CertificateAuthority.getNonces() to CAEngine (Endi S. Dewata) - Move CertificateAuthority.getCertificateRepository() to CAEngine (Endi S. Dewata) - Move CertificateAuthority.setMaxSerial() to CAEngine (Endi S. Dewata) - Move CertificateAuthority.getMaxSerial() to CAEngine (Endi S. Dewata) - Move CertificateAuthority.setStartSerial() to CAEngine (Endi S. Dewata) - Move CertificateAuthority.getStartSerial() to CAEngine (Endi S. Dewata) - Move CertificateAuthority.getIssuanceProtPrivKey() to CAEngine (Endi S. Dewata) - Merge ICertificateAuthority into CertificateAuthority (Endi S. Dewata) - Move CloneRedirect to pki-ca (Endi S. Dewata) - Add CAGenPendingTemplateFiller (Endi S. Dewata) - Add CAIndexServlet (Endi S. Dewata) - Clean up publish job (Endi S. Dewata) - Publish pki-ca and pki-acme images (Endi S. Dewata) - Switch to Quay.io (Endi S. Dewata) - Add authorization to limit setTokenStatus to allowed admins (Christina Fu) - Provide better error handling for missing CLI arguments (Chris Kelley) - Remove default container registry (Endi S. Dewata) - Add support for container registry configuration (Endi S. Dewata) - Merge IArgBlock into ArgBlock (Endi S. Dewata) - Move AuthCredentials to pki-server (Endi S. Dewata) - Remove unused ITKSAuthority (Endi S. Dewata) - Merge IOCSPAuthority into OCSPAuthority (Endi S. Dewata) - Add TKSCMSAdminServlet (Endi S. Dewata) - Add OCSPCMSAdminServlet (Endi S. Dewata) - Clean up SSLClientCertAuthentication (Endi S. Dewata) - Clean up ChallengePhraseAuthentication (Endi S. Dewata) - Remove obsolete RA code in SSLClientCertAuthentication (Endi S. Dewata) - Remove obsolete RA code in ChallengePhraseAuthentication (Endi S. Dewata) - Move SSLClientCertAuthentication to pki-ca (Endi S. Dewata) - Move ChallengePhraseAuthentication to pki-ca (Endi S. Dewata) - Refactor AuthSubsystem (Endi S. Dewata) - Fix test for KRA with RSA OAEP (Endi S. Dewata) - Clean up Dockerfile (Endi S. Dewata) - Modify csconfig.py checks to allow for N certs with same nickname (Chris Kelley) - Remove XML from CAInfo and KRAInfo, and move OAEP config to subsystem (Marco Fargetta) - Add CI test for KRA started with OAEP (Marco Fargetta) - Fix keyWrap.useOAEP configuration and other improvement (Marco Fargetta) - Fix: Bug 2122409 - pki-tomcat/kra unable to decrypt when using RSA-OAEP padding in RHEL9 with FIPS enabled (Jack Magne) - Move CA-specific methods to CAServlet (Endi S. Dewata) - Clean up Dockerfile (Endi S. Dewata) - Tidy up logic CrossCertPairSubsystem (Chris Kelley) - Replace redundant CMSServlet.getX509Certificate() (Endi S. Dewata) - Replace redundant CMSServlet.isCertFromCA() (Endi S. Dewata) - Remove redundant CMSServlet.certAuthority (Endi S. Dewata) - Replace CMSServlet.mAuthority in OCSP (Endi S. Dewata) - Replace CMSServlet.mAuthority in KRA (Endi S. Dewata) - Replace CMSServlet.mAuthority in ChallengeRevocationServlet1 (Endi S. Dewata) - Replace CMSServlet.mAuthority in CMCRevReqServlet (Endi S. Dewata) - Replace CMSServlet.mAuthority in DisplayBySerial (Endi S. Dewata) - Replace CMSServlet.mAuthority in DisplayCRL (Endi S. Dewata) - Replace CMSServlet.mAuthority in DoRevoke (Endi S. Dewata) - Replace CMSServlet.mAuthority in DoRevokeTPS (Endi S. Dewata) - Replace CMSServlet.mAuthority in DoUnrevoke (Endi S. Dewata) - Replace CMSServlet.mAuthority in DoUnrevokeTPS (Endi S. Dewata) - Replace CMSServlet.mAuthority in GetBySerial (Endi S. Dewata) - Replace CMSServlet.mAuthority in GetCAChain (Endi S. Dewata) - Replace CMSServlet.mAuthority in GetCRL (Endi S. Dewata) - Replace CMSServlet.mAuthority in GetEnableStatus (Endi S. Dewata) - Replace CMSServlet.mAuthority in GetInfo (Endi S. Dewata) - Replace CMSServlet.mAuthority in RenewalServlet (Endi S. Dewata) - Replace CMSServlet.mAuthority in RevocationServlet (Endi S. Dewata) - Replace CMSServlet.mAuthority in GetCertChain (Endi S. Dewata) - Replace CMSServlet.mAuthority in CheckRequest (Endi S. Dewata) - Replace CMSServlet.mAuthority in ProcessCertReq (Endi S. Dewata) - Replace CMSServlet.mAuthority in ListCerts (Endi S. Dewata) - Replace CMSServlet.mAuthority in Monitor (Endi S. Dewata) - Replace CMSServlet.mAuthority in ReasonToRevoke (Endi S. Dewata) - Replace CMSServlet.mAuthority in SrchCerts (Endi S. Dewata) - Replace CMSServlet.mAuthority in UpdateCRL (Endi S. Dewata) - Replace CMSServlet.mAuthority in UpdateDir (Endi S. Dewata) - Update SharedSecret to use CAEngine (Endi S. Dewata) - Move SharedSecret to pki-ca (Endi S. Dewata) - Remove unused CMC params (Endi S. Dewata) - Update publish workflow (Endi S. Dewata) - Remove unused legacy DefaultRevocation (Endi S. Dewata) - Remove unused legacy IKeyRecoveryPolicy (Endi S. Dewata) - Remove unused legacy IKeyArchivalPolicy (Endi S. Dewata) - Merge IKeyRecoveryAuthority into KeyRecoveryAuthority (Endi S. Dewata) - Update CMCAuth to use CAEngine (Endi S. Dewata) - Clean up ProcessCertReq.processX509() (Endi S. Dewata) - Clean up IndexTemplateFiller.getTemplateParams() (Endi S. Dewata) - Clean up UsrGrpAdminServlet.service() (Endi S. Dewata) - Remove unused CMSServlet.mLogCategory (Endi S. Dewata) - Replace BASE64_MATRIX with BASE64_OS (Endi S. Dewata) - Move CMSEngine.getSharedTokenClass() to CAEngine (Endi S. Dewata) - Update Maven dependencies to Jackson v2.14.1 (Chris Kelley) - Fix ACME test failures due to certbot changes (Endi S. Dewata) - Relocate CMCAuth (Endi S. Dewata) - Clean up exception handling in CMCAuth (Endi S. Dewata) - Refactor AuthManager.init() (Endi S. Dewata) - Consolidate AuthManager.getAuthenticationConfig() implementations (Endi S. Dewata) - Consolidate AuthManager.getConfigParams() implementations (Endi S. Dewata) - Consolidate AuthManager.getConfigStore() implementations (Endi S. Dewata) - Consolidate AuthManager.getImplName() implementations (Endi S. Dewata) - Consolidate AuthManager.getName() implementations (Endi S. Dewata) - Convert AuthManager into class (Endi S. Dewata) - Merge ProfileAuthenticator into AuthManager (Endi S. Dewata) - Move ProfileAuthenticator.populate() into AuthManager (Endi S. Dewata) - Move ProfileAuthenticator.isSSLClientRequired() into AuthManager (Endi S. Dewata) - Move ProfileAuthenticator.isValueWriteable() into AuthManager (Endi S. Dewata) - Move ProfileAuthenticator.getValueDescriptor() into AuthManager (Endi S. Dewata) - Move ProfileAuthenticator.getValueNames() into AuthManager (Endi S. Dewata) - Move ProfileAuthenticator.getText() into AuthManager (Endi S. Dewata) - Move ProfileAuthenticator.getName() into AuthManager (Endi S. Dewata) - Move ProfileAuthenticator.getConfigStore() into AuthManager (Endi S. Dewata) - Move ProfileAuthenticator.init() into AuthManager (Endi S. Dewata) - Move ProfileAuthenticator.AUTHENTICATED_NAME into AuthManager (Endi S. Dewata) - Drop default COPR repo (Endi S. Dewata) - Add publish job (Endi S. Dewata) - Replace OS_VERSION variable with BASE_IMAGE (Endi S. Dewata) - Rename fedora-runner image to pki-base (Endi S. Dewata) - Code cleanup in LdapAuthInfo (Chris Kelley) - Fix Eclipse warning due to missing encoding (Endi S. Dewata) - Consolidate build jobs (Endi S. Dewata) - EST: add commentary to example profile config (Fraser Tweedale) - Fix est documentation (Marco Fargetta) - Update tests and docs to use pki pkcs12-import (Endi S. Dewata) - Simplify TKS tests (Endi S. Dewata) - Simplify KRA tests (Endi S. Dewata) - Remove unnecessary Boolean literal (Chris Kelley) - Add test for lightweight CA with HSM (Endi S. Dewata) - Replace actions/upload-artifact@v2 with actions/upload-artifact@v3 (Endi S. Dewata) - Clean up installation log messages (Endi S. Dewata) - Call apt-get update before apt-get install (Endi S. Dewata) - Use try-with-resources in generate(Dual)CRMFRequest (Chris Kelley) - Run Eclipse formatter against generate(Dual)CRMFRequest (Chris Kelley) - Add test for lightweight CA (Endi S. Dewata) - Add --owner option for kra-key-find (#4242) (Pritam Singh) - Update pki-ca-authority to display hex serial number (Endi S. Dewata) - Add test for CA clone with HSM (Endi S. Dewata) - Update version number to 11.4.0-alpha1 (Endi S. Dewata) - Update cloning examples and tests (Endi S. Dewata) - Use DS container in CI tests (Endi S. Dewata) - Update basic TPS test (Endi S. Dewata) - Fix pki.spec to allow optional theme (Endi S. Dewata) - Fix padding for the unwrap (Marco Fargetta) - Replace the SymKey clone with wrap and unwrap (Marco Fargetta) - Fix SonarCloud several code smell (Marco Fargetta) - Move the symmetric key to wrap the reponse (Marco Fargetta) - In case of OAEP move the secret key instead of clone (Marco Fargetta) - Fix key length for padding algorithms (Marco Fargetta) - Fix key length (Marco Fargetta) - ADd rsaes_oaep among the key wrapping algorithms (Marco Fargetta) - Tidyup CRSEnrollment (Marco Fargetta) - Add OAEP parameters (Marco Fargetta) - Add AES in SCEP protocol (Marco Fargetta) - Update dependencies in pki.spec (Endi S. Dewata) - Update version number to 11.3.0-beta1 (Endi S. Dewata) - Add CI test and doc for EST (Marco Fargetta) - EST: set properties of RealmBase subclass instances (Fraser Tweedale) - EST: enable use of RealmBase realm subclasses (Fraser Tweedale) - Adopt PKI ProxyRealm for authentication (Marco Fargetta) - EST: convey to-be-renewed cert to authorizer (Fraser Tweedale) - EST: pkispawn: handle already-existing rewrite.config (Fraser Tweedale) - EST: compare CSR Subject and SAN to cert being renewed (Fraser Tweedale) - EST: treat backend authnz failure as internal error (Fraser Tweedale) - EST: add RewriteValve to server.xml when using `pki-server create` (Fraser Tweedale) - EST: set up rewrite.config when using `pki-server create` (Fraser Tweedale) - EST: improve DogtagRABackend compat with older CA versions (Fraser Tweedale) - EST: fix some incorrect visibilities (Fraser Tweedale) - EST: provide client cert in request authz data (Fraser Tweedale) - EST: implement ExternalProcessRequestAuthorizer (Fraser Tweedale) - EST: propagate authorizer output to backend (Fraser Tweedale) - EST: add authorization interface (Fraser Tweedale) - EST: require authenticated user for enrollment (Fraser Tweedale) - EST: support issuing from specified LWCA (Fraser Tweedale) - EST: format Content-Type header for libest compatibility (Fraser Tweedale) - EST: explain the simpleenroll vs simplereenroll correspondence (Fraser Tweedale) - EST: tighten ESTBackend interface to JSS X509CertImpl (Fraser Tweedale) - EST: implement /simplereenroll and labeled enrollment (Fraser Tweedale) - EST: improve logging/reporting of certificate encoding failures (Fraser Tweedale) - EST: implement /simple[re]enroll in DogtagRABackend (Fraser Tweedale) - EST: extract ServletContextListener (Fraser Tweedale) - EST: tighten exceptions thrown by ESTBackend (Fraser Tweedale) - EST: implement /cacerts in Dogtag RA backend (Fraser Tweedale) - EST: implement backend configuration (Fraser Tweedale) - EST: handle dubious Accept headers (Fraser Tweedale) - EST: map exceptions to proper HTTP responses (Fraser Tweedale) - EST: add RewriteValve to server.xml (Fraser Tweedale) - EST: remove ProxyRealm from app Context (temporary?) (Fraser Tweedale) - EST: add pki-server est-* CLI commands (+ man page) (Fraser Tweedale) - EST: implement stub RA backend (Fraser Tweedale) - EST: add ESTApplication (servlet application) (Fraser Tweedale) - EST: create 'est' subsystem (Fraser Tweedale) - EST: implement EST frontend and integrated backend (Fraser Tweedale) - Remove redundant service.* params (Endi S. Dewata) - Use ternary operator in AuthorityKeyIdentifierExtDefault (Chris Kelley) - Restore standalone OCSP installation test (Endi S. Dewata) - Remove unused logAudit.* and logError.* params (Endi S. Dewata) - Update HSM token name in docs for clarity (Endi S. Dewata) - Add test for sub CA with HSM (Endi S. Dewata) - Clean up infrastructure_layout.py (part 3) (Endi S. Dewata) - Clean up infrastructure_layout.py (part 2) (Endi S. Dewata) - Clean up infrastructure_layout.py (part 1) (Endi S. Dewata) - Remove redundant subsystem folder creation (Endi S. Dewata) - Update ipa-artifacts-save.sh to include ipaserver-kra-install.log (Endi S. Dewata) - Add test for CA with existing HSM (Endi S. Dewata) - Replace actions/checkout@v2 with actions/checkout@v3 (Endi S. Dewata) - Clean up test for CA with existing NSS database (Endi S. Dewata) - Clean up test for CA with existing certs (Endi S. Dewata) - Update HSM password in tests and docs (Endi S. Dewata) - Replace unnecessary else clauses with ternary operator. (Chris Kelley) - Remove unused GetDomainXML (Endi S. Dewata) - Use try-with-resource in CRMFPopClient (Endi S. Dewata) - Use try-with-resource in CMCRequest (Endi S. Dewata) - Use try-with-resource in AuditVerify (Endi S. Dewata) - Fix temporary SSL server key removal (Endi S. Dewata) - Remove redundant assignments (Endi S. Dewata) - Add test for installing TPS with HSM (Endi S. Dewata) - Fix recent issue with using pkiconsole with a client auth certificate. (#3986) (jmagne) - Bug2040525-pkiconsole-nssdb-path (Christina Fu) - Bug2142909-clientCiphers-CS-actingAsClient-master (Christina Fu) - Add test for installing TKS with HSM (Endi S. Dewata) - Prevent banner from being displayed during spawn of KRA/OCSP (Chris Kelley) - Disable not usable profiles (#4230) (Marco Fargetta) - Test whether a PKCS#11 has already been added during deployment (Rob Crittenden) - Add test for installing OCSP with HSM (Endi S. Dewata) - Fix Azure pipeline failures on F37 (Endi S. Dewata) - Update ACME test to validate database (Endi S. Dewata) - Fix pylint failures on F37 (Endi S. Dewata) - Add test for installing KRA with HSM (Endi S. Dewata) - Add search constraints for CA database pruning (Endi S. Dewata) - Use try-with-resource in AuthorityKeyExportCLI (Endi S. Dewata) - Use try-with-resource in CMSTemplate (Endi S. Dewata) - Use try-with-resource in CMSFile (Endi S. Dewata) - Use try-with-resource in GeneratePKIArchiveOptions (Endi S. Dewata) - Use try-with-resource in NSSExtensionGenerator (Endi S. Dewata) - Use try-with-resource in NuxwdogPasswordStore (Endi S. Dewata) - Use try-with-resource in NSCCommentExt (Endi S. Dewata) - Add CA database pruning (Endi S. Dewata) - Split SubsystemRangeUpdateCLI (Endi S. Dewata) - Fix database image variables (Endi S. Dewata) - Fix ds-container-create.sh (Endi S. Dewata) - Remove unused COPR_REPO variables (Endi S. Dewata) - Add RequestRepository.removeRequest() (Endi S. Dewata) - Add ProfilePoliciesConfig (Endi S. Dewata) - Update pki-server ca-profile-import (Endi S. Dewata) - Update log messages in CertRecordProcessor (Endi S. Dewata) - Update log messages in CRLRepository (Endi S. Dewata) - Update log messages in CRLIssuingPoint (Endi S. Dewata) - Add AuthzManagerConfig.getPluginName() and getRealmName() (Endi S. Dewata) - Refactor SubsystemRangeUpdateCLI (Endi S. Dewata) - Add constants for default ID generators (Endi S. Dewata) - Split SubsystemRangeCLI (Endi S. Dewata) - Use try-with-resource in CRSEnrollment (Endi S. Dewata) - Use try-with-resource in FlatFileAuth (Endi S. Dewata) - Pass in user/group when calling keygen so permissions are correct (Rob Crittenden) - Generate a CSR in the owned temp directory and move to final location (Rob Crittenden) - Consolidate CI initialization jobs (Endi S. Dewata) - Add IDGenerator enum (Endi S. Dewata) - Update REST API path for JobResource.startJob() (Endi S. Dewata) - Bug2131010-dropping-DHE-ciphersuites (Christina Fu) - Update CertificateRepository.updateStatus() to take CertId (Endi S. Dewata) - Update log messages in LDAPSession (Endi S. Dewata) - Update log messages in DateMapper (Endi S. Dewata) - Update pki ca-cert-request and kra-key-request (Endi S. Dewata) - Introduce new scripts to automate the build process (Chris Kelley) - Add pki-builder-deps (Endi S. Dewata) - PKI system with DS down (#4180) (Marco Fargetta) - Update test-cert-key-archival.sh (Endi S. Dewata) - Add job owner (Endi S. Dewata) - Add token to the NSS nickname when modifying certificate trust (Rob Crittenden) - Provide all passwords to certutil when modifying certificate trust (Rob Crittenden) - Corrected typo in a comment. (Matthew Davis) - Ticket 1496 Fixed imports of missing certs (Matthew Davis) - Merge common code into Job.init() (Endi S. Dewata) - Update CRMFPopClient to display hex request ID (Endi S. Dewata) - Replace deprecated set-output with new $GITHUB_OUPUT variable. (Chris Kelley) - Update to non-deprecated versions of CI build actions. (Chris Kelley) - ProxyRealm: setContainer() on RealmBase instances (Fraser Tweedale) - Update to non-deprecated versions of CI build actions. (Chris Kelley) - Add cache for pki-deps image (Endi S. Dewata) - Remove unused system and transaction logs (Endi S. Dewata) - Update CRL test (Endi S. Dewata) - Add ProfileOutputConfig (Endi S. Dewata) - Add ProfileOutputsConfig (Endi S. Dewata) - Add ProfileInputConfig (Endi S. Dewata) - Add ProfileInputsConfig (Endi S. Dewata) - Add pki -job-show (Endi S. Dewata) - Add pki-deps image (Endi S. Dewata) - Limit the group membership add to existing users (#4171) (Marco Fargetta) - Update JobsConfig.getJobConfig() (Endi S. Dewata) - Rename JobService.createJobData() to createJobInfo() (Endi S. Dewata) - Refactor ConfigStore.getSubStoreNames() (Endi S. Dewata) - Add ConnectorConfig (Endi S. Dewata) - Add ConnectorsConfig (Endi S. Dewata) - Add pki -job-find (Endi S. Dewata) - Remove unused pkicreate, pkiremove, os params (Endi S. Dewata) - Move ipa-runner image into main Dockerfile (Endi S. Dewata) - Move IServant into separate file (Endi S. Dewata) - Move serviceIssue into separate file (Endi S. Dewata) - Move serviceRenewal into separate file (Endi S. Dewata) - Move getCertsForChallenge into separate file (Endi S. Dewata) - Move getCertStatus into separate file (Endi S. Dewata) - Move serviceCheckChallenge into separate file (Endi S. Dewata) - Move serviceRevoke into separate file (Endi S. Dewata) - Move serviceUnrevoke into separate file (Endi S. Dewata) - Move serviceGetCAChain into separate file (Endi S. Dewata) - Move serviceGetCRL into separate file (Endi S. Dewata) - Move serviceGetRevocationInfo into separate file (Endi S. Dewata) - Move serviceGetCertificates into separate file (Endi S. Dewata) - Move serviceCert4Crl into separate file (Endi S. Dewata) - Move serviceUnCert4Crl into separate file (Endi S. Dewata) - Move CMSEngine.mainLogger to SelfTestSubsystem (Endi S. Dewata) - Fix sonarcloud-pull.yml (part 2) (Endi S. Dewata) - Fix sonarcloud-pull.yml (Endi S. Dewata) - Move @RolesAllowed from JobService to JobResource (Endi S. Dewata) - Replace pkicreate.secure_port with ServerConfig.get_secure_port() (Endi S. Dewata) - Rename ServerConfiguration to ServerConfig (Endi S. Dewata) - Move CMSEngine.logQueue to LogQueue (Endi S. Dewata) - Add roles configuration option to PKIInMemoryRealm (#4167) (Marco Fargetta) - Add pki-builder image (Endi S. Dewata) - Fix RPM build warnings due to absolute symlinks (Endi S. Dewata) - Move the realm developed for ACME to the server package (#4161) (Marco Fargetta) - Remove unused preop params (Endi S. Dewata) - Replace preop.subsystem.name with pki_subsystem_name (Endi S. Dewata) - Remove pcre dependency (Chris Kelley) - Rename container image tarballs (Endi S. Dewata) - Clean up Dockerfiles (Endi S. Dewata) - Add pki-server -redeploy (Endi S. Dewata) - Add test for CA CRL database (Endi S. Dewata) - Add CRLExtensionConfig (Endi S. Dewata) - Rename CRLIssuingPointExtensionsConfig to CRLExtensionsConfig (Endi S. Dewata) - Add single-stage CA Dockerfile (Endi S. Dewata) - Move LogQueue.mLogQueue to CMSEngine.logQueue (Endi S. Dewata) - Move Logger.mLogger to CMSEngine.mainLogger (Endi S. Dewata) - Merge ILogEvent to LogEvent (Endi S. Dewata) - Convert ILogEventListener into LogEventListener (Endi S. Dewata) - Merge ILogEventFactory into LogEventFactory (Endi S. Dewata) - Rename LogFactory to LogEventFactory (Endi S. Dewata) - Merge ILogSubsystem into LogSubsystem (Endi S. Dewata) - Add LoggerConfig (Endi S. Dewata) - Add LoggersConfig (Endi S. Dewata) - Add LoggerPluginsConfig (Endi S. Dewata) - Add LoggingConfig (Endi S. Dewata) - Replace PublisherAdminServlet.mAuth with publishingConfig (Endi S. Dewata) - Add LDAPAuthenticationConfig.getBindPasswordPrompt() (Endi S. Dewata) - Add LDAPAuthenticationConfig.getBindPassword() (Endi S. Dewata) - Add LDAPAuthenticationConfig.getBindDN() (Endi S. Dewata) - Add LDAPAuthenticationConfig.getClientCertNickname() (Endi S. Dewata) - Add LDAPAuthenticationConfig.getAuthType() (Endi S. Dewata) - Convert ICMSCRLExtension into CMSCRLExtension (Endi S. Dewata) - Merge ICMSCRLExtensions into CMSCRLExtensions (Endi S. Dewata) - Refactor CRLIssuingPoint.processRevokedCerts() (Endi S. Dewata) - Replace pki-start-wait.sh with curl --retry (Endi S. Dewata) - Fix pki pkcs12-key-del to show hex key ID (Endi S. Dewata) - Update test for user cert publishing (Endi S. Dewata) - Add pki -job-start (Endi S. Dewata) - Allow manual job execution (Endi S. Dewata) - Enable role-based security for REST API (Endi S. Dewata) - Provide the token password when appropriate in nss-key-find (Rob Crittenden) - Update log messages in Job classes (Endi S. Dewata) - Remove redundant code in Job classes (Endi S. Dewata) - Remove unused subsystem ROOT webapps (Endi S. Dewata) - Clean up acl.properties (Endi S. Dewata) - Add JobConfig.getCron() (Endi S. Dewata) - Add JobConfig.getPluginName() and setPluginName() (Endi S. Dewata) - Add JobConfig.isEnabled() (Endi S. Dewata) - Add JobsConfig.removeJobConfig() (Endi S. Dewata) - Add JobsConfig.createJobConfig() (Endi S. Dewata) - Add JobConfig (Endi S. Dewata) - Refactor ConfigStore.makeSubStore() (Endi S. Dewata) - Add JobsConfig (Endi S. Dewata) - Add JobPluginsConfig (Endi S. Dewata) - Add JobsSchedulerConfig (Endi S. Dewata) - Update Job.init() to take JobsScheduler param (Endi S. Dewata) - Add test for CA with request notification (Endi S. Dewata) - Update RequestInQListener to use hex request ID (Endi S. Dewata) - Fix request in queue notifications (Endi S. Dewata) - Update log messages in RequestInQListener and RequestInQueueJob (Endi S. Dewata) - Update user cert publishing test (Endi S. Dewata) - Reorganize test for IPA clone (Endi S. Dewata) - Reorganize test for IPA ACME (Endi S. Dewata) - Reorganize test for basic IPA (Endi S. Dewata) - Reorganize test for TPS clone (Endi S. Dewata) - Reorganize test for TPS with external certs (Endi S. Dewata) - Reorganize test for TPS on separate instance (Endi S. Dewata) - Reorganize test for basic TPS (Endi S. Dewata) - Reorganize test for TKS clone (Endi S. Dewata) - Reorganize test for TKS with external certs (Endi S. Dewata) - Reorganize test for TKS on separate instance (Endi S. Dewata) - Reorganize test for basic TKS (Endi S. Dewata) - Reorganize test for OCSP with LDAP-based CRL publishing (Endi S. Dewata) - Reorganize test for OCSP with direct CRL publishing (Endi S. Dewata) - Reorganize test for OCSP clone (Endi S. Dewata) - Reorganize test for OCSP with CMC (Endi S. Dewata) - Reorganize test for OCSP with external certs (Endi S. Dewata) - Reorganize test for OCSP on separate instance (Endi S. Dewata) - Reorganize test for basic OCSP (Endi S. Dewata) - Reorganize test for server container (Endi S. Dewata) - Reorganize test for server upgrade (Endi S. Dewata) - Reorganize test for HTTPS connector with NSS database (Endi S. Dewata) - Reorganize test for HTTPS connector with PKCS #12 file (Endi S. Dewata) - Reorganize test for HTTPS connector with JKS file (Endi S. Dewata) - Reorganize test for HTTPS connector with PEM files (Endi S. Dewata) - Reorganize test for basic server (Endi S. Dewata) - Reorganize test for rpminspect (Endi S. Dewata) - Reorganize test for PKI PKCS12 CLI (Endi S. Dewata) - Reorganize test for PKI PKCS11 CLI (Endi S. Dewata) - Reorganize test for PKI PKCS7 CLI (Endi S. Dewata) - Reorganize test for PKI NSS CLI with Extensions (Endi S. Dewata) - Reorganize test for PKI NSS CLI with HSM (Endi S. Dewata) - Reorganize test for PKI NSS CLI with AES (Endi S. Dewata) - Reorganize test for PKI NSS CLI with ECC (Endi S. Dewata) - Reorganize test for PKI NSS CLI with RSA (Endi S. Dewata) - Reorganize test for PKICertImport (Endi S. Dewata) - Fix Java home directory (Endi S. Dewata) - Update CA container to skip system certs import (Endi S. Dewata) - Update log messages in AccountService (Endi S. Dewata) - Update log messages in CertRequestService (Endi S. Dewata) - Update log messages in RequestNotifier (Endi S. Dewata) - Update log messages in RunListeners (Endi S. Dewata) - Update log messages in LdapEnrollmentListener (Endi S. Dewata) - Update log messages in PublisherProcessor (Endi S. Dewata) - Update log messages in RevocationRequestListener (Endi S. Dewata) - Update log messages in RevocationProcessor (Endi S. Dewata) - Update log messages in EnrollServlet (Endi S. Dewata) - Update log messages in CAEnrollProfile (Endi S. Dewata) - Update log messages in EnrollProfile (Endi S. Dewata) - Reorganize test for ACME container (Endi S. Dewata) - Reorganize test for ACME server switchover (Endi S. Dewata) - Reorganize test for ACME with certbot (Endi S. Dewata) - Reorganize test for KRA with RSNv3 (Endi S. Dewata) - Reorganize test for standalone KRA (Endi S. Dewata) - Reorganize test for KRA clone (Endi S. Dewata) - Reorganize test for KRA with CMC (Endi S. Dewata) - Reorganize test for KRA with external certs (Endi S. Dewata) - Reorganize test for KRA on separate instance (Endi S. Dewata) - Reorganize test for basic KRA (Endi S. Dewata) - Update CA container to skip security domain setup (Endi S. Dewata) - Fix Azure pipeline (Endi S. Dewata) - Fix TPS UI elements broken by XML -> JSON migration (Chris Kelley) - Update CA container to support existing admin user (Endi S. Dewata) - Add PKIDeployer.setup_security_domain() (Endi S. Dewata) - Add PKIDeployer.setup_security_domain_manager() (Endi S. Dewata) - Add pki-server sd-create --name option (Endi S. Dewata) - Consolidate PKISubsystem.configure_security_domain() calls (Endi S. Dewata) - Clean up CA test name (Endi S. Dewata) - Clean up installation summary (Endi S. Dewata) - Update CA container to support existing database user (Endi S. Dewata) - Use ExcludeArch on older platforms (Endi S. Dewata) - Reorganize test for SCEP responder (Endi S. Dewata) - Reorganize test for CA with LDAP-based CRL publishing (Endi S. Dewata) - Reorganize test for CA with file-based CRL publishing (Endi S. Dewata) - Reorganize test for CA with CA cert publishing (Endi S. Dewata) - Reorganize test for CA with sequential serial numbers (Endi S. Dewata) - Reorganize test for CA with RSNv1 (Endi S. Dewata) - Update CA test names (Endi S. Dewata) - Fix artifacts gathering in CA container test (Endi S. Dewata) - Add test for user cert publishing (Endi S. Dewata) - Update log messages in publishing classes (Endi S. Dewata) - Update log messages in CRL classes (Endi S. Dewata) - Display request IDs in hex (Endi S. Dewata) - Add PublishingConfig.isCRLEnabled() (Endi S. Dewata) - Add PublishingConfig.isCertEnabled() (Endi S. Dewata) - Add PublishingConfig.isEnabled() (Endi S. Dewata) - Add docs for publishing config classes (Endi S. Dewata) - Fix Bug 2122409 - pki-tomcat/kra unable to decrypt when using RSA-OAEP padding in RHEL9 with FIPS enabled (#4130) (jmagne) - Reorganize test for CA clone with secure DS (Endi S. Dewata) - Reorganize test for CA with secure DS (Endi S. Dewata) - Reorganize test for CA clone (Endi S. Dewata) - Reorganize test for CA container (Endi S. Dewata) - Reorganize test for CA with HSM (Endi S. Dewata) - Merge IPasswordCheck into PasswordChecker (Endi S. Dewata) - Merge DBVirtualListDefaultStub into DBVirtualList (Endi S. Dewata) - Rename IDBVirtualList to DBVirtualList (Endi S. Dewata) - Clean up CA tests (Endi S. Dewata) - Update test for CA container to use existing DS (Endi S. Dewata) - Add test for CA installation with existing DS (Endi S. Dewata) - Reorganize test for CA with shared token (Endi S. Dewata) - Reorganize test for CA with existing NSS database (Endi S. Dewata) - Reorganize test for CA with existing certs (Endi S. Dewata) - Add PKIDeployer.setup_database() (Endi S. Dewata) - Clean up test job names (Endi S. Dewata) - Don't use JSS to add the system certificates to the NSS db (Rob Crittenden) - Fix HSM installation where the token password differs from internal (Rob Crittenden) - Reorganize test for sub-CA with external cert (Endi S. Dewata) - Reorganize test for sub-CA with CMC (Endi S. Dewata) - Reorganize test for basic sub-CA (Endi S. Dewata) - Move vlvtasks.ldif to database/ds/vlvtasks.ldif (Endi S. Dewata) - Move vlv.ldif to database/ds/vlv.ldif (Endi S. Dewata) - Move indextasks.ldif to database/ds/indextasks.ldif (Endi S. Dewata) - Move index.ldif to database/ds/index.ldif (Endi S. Dewata) - Move acl.ldif to database/ds/acl.dif (Endi S. Dewata) - Move db.ldif to database/ds/create.ldif (Endi S. Dewata) - Move db-access-*.ldif to database/ds/db-access-*.ldif (Endi S. Dewata) - Move schema.ldif to database/ds/schema.ldif (Endi S. Dewata) - Move database.ldif to database/ds/config.ldif (Endi S. Dewata) - Refactor subsystem folders removal (Endi S. Dewata) - Refactor subsystem folders creation (Endi S. Dewata) - Add properties for subsystem folders (Endi S. Dewata) - Refactor user deployment config creation (Endi S. Dewata) - Update CA container to use existing NSS database (Endi S. Dewata) - Add test for CA installation with existing NSS database (Endi S. Dewata) - Add pki-server ca-cert-find --status (Endi S. Dewata) - Reorganize test for CA with RSA/PSS (Endi S. Dewata) - Reorganize test for CA with ECC (Endi S. Dewata) - Reorganize test for basic CA (Endi S. Dewata) - Fix pkidestroy to support NSS database without password (Endi S. Dewata) - Remove tokendb.hostport (Endi S. Dewata) - Fix javadoc warning (Endi S. Dewata) - Fix typo in CA container test (Endi S. Dewata) - Rename DBVirtualList to LDAPVirtualList (Endi S. Dewata) - Merge IResender into Resender (Endi S. Dewata) - Merge IReqParser into ReqParser (Endi S. Dewata) - Merge IRequestScheduler into RequestScheduler (Endi S. Dewata) - Merge IRequestList into RequestList (Endi S. Dewata) - Refactor SearchEnumeration to extend RequestList (Endi S. Dewata) - Refactor RequestListByStatus to extend RequestList (Endi S. Dewata) - Update CA container to support existing certs (Endi S. Dewata) - Clean up TPS test (Endi S. Dewata) - Add TokenDBConfig (Endi S. Dewata) - Rename TPSTokendb to TokenDB (Endi S. Dewata) - Refactor TPSSubsystem.loadTokenStateTransitions() (Endi S. Dewata) - Add test for installing CA with HSM (Endi S. Dewata) - Make pki_hsm_modulename and pki_hsm_libfile optional (Endi S. Dewata) - Disable cli return value check when adding certificates (Rob Crittenden) - Use pki_sslserver_token if set for the sslserver cert (Rob Crittenden) - Add user and group options for the NSSDatabase class (Rob Crittenden) - Update CA container to use existing certs and keys (Endi S. Dewata) - ExternalProcessConstraint: fix copy/paste mistake in initialisation (Fraser Tweedale) - Add test for CA container (Endi S. Dewata) - Add basic CA container (Endi S. Dewata) - Add pki_systemd_service_create (Endi S. Dewata) - Update PKIDeployer.export_admin_pkcs12() (Endi S. Dewata) - Replace TOMCAT_PIDFILE with direct substitution (Endi S. Dewata) - Replace PKI_GROUP slot with direct substitution (Endi S. Dewata) - Replace PKI_USER slot with direct substitution (Endi S. Dewata) - Replace PKI_UNSECURE_PORT_SERVER_COMMENT slot with direct substitution (Endi S. Dewata) - Replace PKI_UNSECURE_PORT_CONNECTOR_NAME slot with direct substitution (Endi S. Dewata) - Replace PKI_SECURE_PORT_SERVER_COMMENT slot with direct substitution (Endi S. Dewata) - Replace PKI_SECURE_PORT_CONNECTOR_NAME slot with direct substitution (Endi S. Dewata) - Remove unused PKI_EE_SECURE_PORT_SERVER_COMMENT slot (Endi S. Dewata) - Remove unused PKI_EE_SECURE_CLIENT_AUTH_PORT_UI slot (Endi S. Dewata) - Remove unused PKI_EE_SECURE_CLIENT_AUTH_PORT_SERVER_COMMENT slot (Endi S. Dewata) - Remove unused PKI_CFG_PATH_NAME slot (Endi S. Dewata) - Remove unused PKI_REGISTRY_FILE slot (Endi S. Dewata) - Remove unused PKI_SERVER_XML_CONF slot (Endi S. Dewata) - Remove unused PKI_WEBAPPS_NAME slot (Endi S. Dewata) - Remove unused registry_instance (Endi S. Dewata) - Update tests for CRL publishing (Endi S. Dewata) - flake8: Fix whitespace warning (Stanislav Levin) - Move server startup to finalization.py (Endi S. Dewata) - Update comments in instance_layout.py (Endi S. Dewata) - Replace PKI_RANDOM_NUMBER slot with direct substitution (Endi S. Dewata) - Replace PKI_SSL_SERVER_NICKNAME slot with direct substitution (Endi S. Dewata) - Replace TOKENDB_ROOT slot with direct substitution (Endi S. Dewata) - Replace TOKENDB_HOST slot with direct substitution (Endi S. Dewata) - Replace TOMCAT_LOG_DIR log with direct substitution (Endi S. Dewata) - Replace APPLICATION_VERSION slot with direct subtitution (Endi S. Dewata) - Replace INSTALL_TIME slot with direct substitution (Endi S. Dewata) - Replace PKI_PIDDIR slot with direct substitution (Endi S. Dewata) - Replace TPS_DIR slot with direct substitution (Endi S. Dewata) - Replace PKI_TMPDIR slot with direct substitution (Endi S. Dewata) - Replace PKI_SYSTEMD_SERVICENAME slot with direct substitution (Endi S. Dewata) - Replace MASTER_CRL_ENABLE slot with direct substitution (Endi S. Dewata) - Replace PKI_SECURITY_MANAGER slot with direct substitution (Endi S. Dewata) - Remove unused TOMCAT_CFG slot (Endi S. Dewata) - Remove unused SSL range slots (Endi S. Dewata) - Remove unused pki_ca_hostname and pki_ca_port params (Endi S. Dewata) - Fix typos in OCSP test (Endi S. Dewata) - simple comment changes for Bug2093114 (Christina Fu) - Reorder modifiers in DefStore (Chris Kelley) - Use ternary operator in BasicConstraintsExtDefault (Chris Kelley) - Bug2093114-performance-improvement-for-cs-tls-client-ciphers (Christina Fu) - Bug2093114-cs-tls-client-ciphers (Christina Fu) - Update help message for pki-server -user-add (Endi S. Dewata) - Add FULL_VERSION variable in build.sh (Endi S. Dewata) - Fix: Bug 2094066 - CC: missing audit event CLIENT_ACCESS_SESSION_ESTABLISH when CS instance acting as a client and fails to connect (Jack Magne) - Update build test (Endi S. Dewata) - Convert IFilterConverter into FilterConverter (Endi S. Dewata) - Merge IElementProcessor into ElementProcessor (Endi S. Dewata) - Convert ElementProcessorStub into ElementProcessor (Endi S. Dewata) - Merge IDBSearchResults into DBSearchResults (Endi S. Dewata) - Update test for installing CA with existing certs (Endi S. Dewata) - Refactor PKIDeployer.load_admin_cert() (Endi S. Dewata) - Remove redundant code in PKIDeployer.setup_admin_cert() (Endi S. Dewata) - Consolidate code for importing existing admin cert (Endi S. Dewata) - Clean up PKIDeployer.load_admin_cert() (Endi S. Dewata) - Clean up PKIDeployer.setup_admin_cert() (Endi S. Dewata) - Rename PKIDeployer.get_admin_cert() to setup_admin_cert() (Endi S. Dewata) - Fix shellcheck warnings (Chris Kelley) - Fix PKIDeployer.load_admin_cert() (Endi S. Dewata) - Add PKIDeployer.is_using_legacy_id_generator() (Endi S. Dewata) - Update PKIDeployer.setup_admin_user() to take PEM cert (Endi S. Dewata) - Update PKIDeployer.get_admin_cert() to return PEM cert (Endi S. Dewata) - Update PKIDeployer.store_admin_cert() to take PEM cert (Endi S. Dewata) - Update PKIDeployer.request_cert() to return PEM cert (Endi S. Dewata) - Update PKIDeployer.create_admin_cert() to return PEM cert (Endi S. Dewata) - Update PKIDeployer.load_admin_cert() to return PEM cert (Endi S. Dewata) - Refactor PKIDeployer.load_admin_cert() (part 4) (Endi S. Dewata) - Refactor PKIDeployer.load_admin_cert() (part 3) (Endi S. Dewata) - Refactor PKIDeployer.load_admin_cert() (part 2) (Endi S. Dewata) - Refactor PKIDeployer.load_admin_cert() (part 1) (Endi S. Dewata) - Clean up PKIDeployer.load_admin_cert() (Endi S. Dewata) - Add PKIDeployer.finalize_tks() (Endi S. Dewata) - Add PKIDeployer.finalize_ca() (Endi S. Dewata) - Add PKIDeployer.finalize_kra() (Endi S. Dewata) - Add PKIDeployer.finalize_ocsp() (Endi S. Dewata) - Add PKIDeployer.finalize_tps() (Endi S. Dewata) - Add PKIDeployer.configure_subsystem() (Endi S. Dewata) - Add PKIDeployer.configure_ca() (Endi S. Dewata) - Add PKIDeployer.configure_kra() (Endi S. Dewata) - Add PKIDeployer.configure_tps() (Endi S. Dewata) - Remove unused preop.internaldb.dbuser (Endi S. Dewata) - Add test for OCSP with LDAP-based CRL publishing (Endi S. Dewata) - Remove pki__cert_path default values (Endi S. Dewata) - Update basic CA test to use RSNv3 (Endi S. Dewata) - Clean up log messages in LDAPStore (Endi S. Dewata) - Clean up log messages in OCSPAuthority (Endi S. Dewata) - Clean up log messages in DefStore (Endi S. Dewata) - Clean up log messages in AddCRLServlet (Endi S. Dewata) - Add test for pki-server upgrade (Endi S. Dewata) - Fix pki-server run (Endi S. Dewata) - Bug2070766 - upgrade-caServerKeygen_DirUserCert-profile (Christina Fu) - Bug2070766-caServerKeygen_DirUserCert subject constraints (Christina Fu) - Merge PKIDeployer.import_perm_sslserver_cert() (Endi S. Dewata) - Merge IRequestNotifier into RequestNotifier (Endi S. Dewata) - Merge INotify into IRequestNotifier (Endi S. Dewata) - Merge IXcertPublisherProcessor into PublisherProcessor (Endi S. Dewata) - Merge IPluginInfo into PluginInfo (Endi S. Dewata) - Add pki_self_signed_nickname (Endi S. Dewata) - Fix miss email in sonarcloud rebase (#4091) (Marco Fargetta) - Clean up CA install test with existing certs (part 3) (Endi S. Dewata) - Clean up CA install test with existing certs (part 2) (Endi S. Dewata) - Clean up CA install test with existing certs (part 1) (Endi S. Dewata) - fix LWCA key replication (Fraser Tweedale) - Add test for publishing CRL to OCSP responder (Endi S. Dewata) - Remove pki_restart_configured_instance (Endi S. Dewata) - Update PKIConfigParser.validate_user_config() (Endi S. Dewata) - Clean up log messages in pkispawn/pkidestroy (Endi S. Dewata) - Update pkispawn/pkidestroy logging (Endi S. Dewata) - Add ProfileConfig (Endi S. Dewata) - Add ProfileEntryConfig (Endi S. Dewata) - Add ProfileSubsystemConfig (Endi S. Dewata) - Reduce server startup during installation (Endi S. Dewata) - Clean up configuration.py (part 2) (Endi S. Dewata) - Clean up configuration.py (Endi S. Dewata) - Add test for CA cert publishing (Endi S. Dewata) - Remove default serverCertNickFile attribute (Endi S. Dewata) - Bump redhat-rpm-config dependency (Endi S. Dewata) - Don't use deprecated python-ldap options (#4082) (Christian Heimes) - Remove remaining references to base/util (Endi S. Dewata) - Merge pki-cmsutil.jar into pki-certsrv.jar (Endi S. Dewata) - Replace exclusion of i686 with new %{java_arches} macro (Chris Kelley) - Fix broken PKICertImport test (#4075) (Marco Fargetta) - Merge ISelfTest into SelfTest (Endi S. Dewata) - Rename ASelfTest to SelfTest (Endi S. Dewata) - Merge ISelfTestSubsystem into SelfTestSubsystem (Endi S. Dewata) - Merge IJobCron into JobCron (Endi S. Dewata) - Merge IJob into Job (Endi S. Dewata) - Rename AJobBase to Job (Endi S. Dewata) - Merge IKeyService into KeyRecoveryAuthority (Endi S. Dewata) - Update deprecation URLs (Endi S. Dewata) - Update PKIDeployer.create_cert() (Endi S. Dewata) - Run RPMInspect against new builds (Chris Kelley) - Make the base branch generic (#4073) (Marco Fargetta) - Add test for LDAP-based CRL publishing (Endi S. Dewata) - Add test for CMC shared token (Endi S. Dewata) - Update standalone OCSP test to use separate CA (Endi S. Dewata) - Clean up OCSP test (Endi S. Dewata) - Update file-based CRL publishing test (Endi S. Dewata) - Add CRLIssuingPointExtensionsConfig (Endi S. Dewata) - Rebase to master before analyse the pull request (#4069) (Marco Fargetta) - Move CA-only methods in ICertificateAuthority to CertificateAuthority (Endi S. Dewata) - Move cert methods in ICertificateAuthority to CertificateAuthority (Endi S. Dewata) - Move signing methods in ICertificateAuthority to CertificateAuthority (Endi S. Dewata) - Move algorithm methods in ICertificateAuthority to CertificateAuthority (Endi S. Dewata) - Move serial number methods in ICertificateAuthority to CertificateAuthority (Endi S. Dewata) - Move OCSP methods in ICertificateAuthority to CertificateAuthority (Endi S. Dewata) - Move lightweight CA methods in ICertificateAuthority to CertificateAuthority (Endi S. Dewata) - Replace ICertificateAuthority in pki-ca with CertificateAuthority (Endi S. Dewata) - Tidy bash in build.sh (Chris Kelley) - Remove legacy dogtag acceptance tests we no longer use (Chris Kelley) - Fix shellcheck errors in pki (Chris Kelley) - Run shellcheck as GitHub action in PKI CI (Chris Kelley) - Clean up file-based CRL publishing test (Endi S. Dewata) - Update log messages in LdapCaSimpleMap.formDN() (Endi S. Dewata) - Update CRLIssuingPoint.init() (Endi S. Dewata) - Add CRLConfig.getCRLIssuingPointConfig() (Endi S. Dewata) - Add CRLConfig (Endi S. Dewata) - Move CRL methods in ICertificateAuthority to CertificateAuthority (Endi S. Dewata) - Remove unused CAInstallerService.initSubsystem() (Endi S. Dewata) - Add pki-server ca-cert-create (Endi S. Dewata) - Move ChallengePhraseAuthentication constants to Request (Endi S. Dewata) - Remove CertificateAuthority.getReplicaRepository() (Endi S. Dewata) - Merge ICRLIssuingPoint into CRLIssuingPoint (Endi S. Dewata) - Fix AuthInfoAccessExtDefault.getBuiltinOCSPPort() (Endi S. Dewata) - Clean up CertificateAuthority.getCertificateRepository() (Endi S. Dewata) - Remove CertificateAuthority.getDefaultValidity() (Endi S. Dewata) - Remove EnrollProfile.getIssuerName() (Endi S. Dewata) - Remove EnrollProfile.getAuthority() (Endi S. Dewata) - Add offline support for AuthInfoAccessExtDefault (Endi S. Dewata) - Update CryptoUtil.decodeKeyID() (Endi S. Dewata) - Add offline support for AuthorityKeyIdentifierExtDefault (Endi S. Dewata) - Rename base/console/templates to base/console/bin (Endi S. Dewata) - Fix missing console build option (Endi S. Dewata) - Add offline support for CAValidityDefault (Endi S. Dewata) - AuthorityClient: add getChainPEM method (Fraser Tweedale) - AuthorityService: recognise .../authorities/host-authority/(chain|cert) (Fraser Tweedale) - Replace EngineConfig with TPSEngineConfig in pki-tps (Endi S. Dewata) - Replace EngineConfig with TKSEngineConfig in pki-tks (Endi S. Dewata) - Replace EngineConfig with OCSPEngineConfig in pki-ocsp (Endi S. Dewata) - Replace EngineConfig with KRAEngineConfig in pki-kra (Endi S. Dewata) - Replace EngineConfig with CAEngineConfig in pki-ca (Endi S. Dewata) - Add SigningUnitConfig (Endi S. Dewata) - Remove ICertificateAuthority.getIssuanceProtPubKey() (Endi S. Dewata) - Remove unused ICertificateAuthority.getIssuanceProtCert() (Endi S. Dewata) - Remove unused ICertificateAuthority.updateCRLNow() (Endi S. Dewata) - Remove ICertificateAuthority.publishCRLNow() (Endi S. Dewata) - Remove ICertificateAuthority.getPolicyProcessor() (Endi S. Dewata) - Remove ICertificateAuthority.allowExtCASignedAgentCerts() (Endi S. Dewata) - Remove ICertificateAuthority.noncesEnabled() (Endi S. Dewata) - Update AuthorityKeyIdentifierExtDefault.createExtension() to take KeyIdentifier (Endi S. Dewata) - Update CAEnrollDefault.getCAKeyIdentifier() to take X509CertImpl (Endi S. Dewata) - Replace CMSEngine with CAEngine in pki-ca (Endi S. Dewata) - Fix validation error in pki nss test for HSM (Endi S. Dewata) - Add WebListener classes (Endi S. Dewata) - Remove obsolete references to IAuthToken (Endi S. Dewata) - Update pki nss tests (Endi S. Dewata) - Move PKICertImport into base/tools (Endi S. Dewata) - Clean up CMSEngine.start() (Endi S. Dewata) - Rename ACMEEngine.name to id (Endi S. Dewata) - Add getters/setters for CMSEngine.id/name (Endi S. Dewata) - Merge IAuthToken into AuthToken (Endi S. Dewata) - Move IAuthToken constants into AuthToken (Endi S. Dewata) - Move remaining IAuthToken methods into AuthToken (Endi S. Dewata) - Update IAccessEvaluator to use AuthToken (Endi S. Dewata) - Fix key type validation (Endi S. Dewata) - Clean up pki-server ca-cert-remove (Endi S. Dewata) - Update pki nss-key-create/find to support AES (Endi S. Dewata) - Update SubjAltNameExt to use AuthToken (Endi S. Dewata) - Update CMCUserSignedAuth.verifySignerInfo() to return AuthToken (Endi S. Dewata) - Update ProfileAuthentica.populate() to take AuthToken (Endi S. Dewata) - Update Profile.submit() to take AuthToken (Endi S. Dewata) - Update IAuthzManager.authorize() to take AuthToken (Endi S. Dewata) - Update AuthzSubsystem.checkRealm() to take AuthToken (Endi S. Dewata) - Update CAProcessor.authorize() to take AuthToken (Endi S. Dewata) - Update CMSServlet.authorize() to take AuthToken (Endi S. Dewata) - Update Request ext data to use AuthToken (Endi S. Dewata) - Fix missing dependency on jss-symkey.jar (Endi S. Dewata) - Clean up TPS tests (Endi S. Dewata) - Merge pki-cmsbundle.jar into pki-cms.jar (Endi S. Dewata) - Update build test (Endi S. Dewata) - Update Maven project (Endi S. Dewata) - Update CRSEnrollment.authenticate() to return AuthToken (Endi S. Dewata) - Update CAProcessor.authenticate() to return AuthToken (Endi S. Dewata) - Update CMSServlet.authenticate() to return AuthToken (Endi S. Dewata) - Update AuthSubsystem.authenticate() to return AuthToken (Endi S. Dewata) - Update AuthManager.authenticate() to return AuthToken (Endi S. Dewata) - Update PKIPrincipal.authToken to use AuthToken (Endi S. Dewata) - Update HashAuthentication.mData to use AuthToken (Endi S. Dewata) - Update PKIProcessor to use AuthToken (Endi S. Dewata) - Merge IPKIProcessor into PKIProcessor (Endi S. Dewata) - Merge IAuthToken.getInCertificates() into AuthToken (Endi S. Dewata) - Merge IAuthToken.getInByteArrayArray() into AuthToken (Endi S. Dewata) - Merge IAuthToken.set() into AuthToken (Endi S. Dewata) - Update ExternalAuthToken to extend AuthToken (Endi S. Dewata) - Update ISharedToken.getSharedToken() to take AuthToken (Endi S. Dewata) - Merge IAuthCredentials into AuthCredentials (Endi S. Dewata) - Remove duplicate AuthCredentials (Endi S. Dewata) - Move IAccessEvaluator into pki-server (Endi S. Dewata) - Move ISharedToken into pki-server (Endi S. Dewata) - Move com.netscape.certsrv.pattern into pki-ca (Endi S. Dewata) - Move com.netscape.certsrv.template into pki-ca (Endi S. Dewata) - Merge IRequestEncoder into HttpRequestEncoder (Endi S. Dewata) - Merge IRemoteAuthority into RemoteAuthority (Endi S. Dewata) - Merge IACL into ACL (Endi S. Dewata) - Merge IACLEntry into ACLEntry (Endi S. Dewata) - Move ACL classes into pki-server (Endi S. Dewata) - cli: handle t.getCause() == null in exception handler (Fraser Tweedale) - PKIService: add more general variants of resolveFormat (Fraser Tweedale) - Remove non-functional cache for build dependencies (Endi S. Dewata) - Move policy classes to pki-ca (Endi S. Dewata) - Move RegistryAdminServlet to pki-ca (Endi S. Dewata) - Move com.netscape.cmscore.ldap to pki-ca (Endi S. Dewata) - Move com.netscape.cms.publish.mappers to pki-ca (Endi S. Dewata) - Move com.netscape.cms.publish.publishers to pki-ca (Endi S. Dewata) - Move publishing classes to pki-ca (Endi S. Dewata) - Move some PublisherProcessor constants to LdapRule (Endi S. Dewata) - Refactor LdapRule.init() (Endi S. Dewata) - Remove unused methods in CertificateAuthority (Endi S. Dewata) - Remove ICertificateAuthority.registerRequestListener() (Endi S. Dewata) - Remove ICertificateAuthority.removeRequestListener() (Endi S. Dewata) - Remove ICertificateAuthority.getRequestListener() (Endi S. Dewata) - Remove ICertificateAuthority.getRequestNotifier() (Endi S. Dewata) - Remove ICertificateAuthority.getCAService() (Endi S. Dewata) - Remove IAuthority.registerRequestListener() (Endi S. Dewata) - Remove IAuthority.registerPendingListener() (Endi S. Dewata) - Move CMSServlet.getCertRecord() to GetBySerial (Endi S. Dewata) - Override cmake cache (#4045) (Marco Fargetta) - Refactor security domain services (Endi S. Dewata) - Merge SecurityDomainHostService into SecurityDomainService (Endi S. Dewata) - Build a single package (#4043) (Marco Fargetta) - Remove unused CMSStartServlet (Endi S. Dewata) - Add error message for pki ca-profile-add (Endi S. Dewata) - Replace CMSEngine with KRAEngine in pki-kra (Endi S. Dewata) - Replace CMSEngine with CAEngine in pki-ca (Endi S. Dewata) - Move Profile classes to pki-ca (Endi S. Dewata) - Move request-related Profile constants to Request (Endi S. Dewata) - Update ProfileAuthenticator.init() (Endi S. Dewata) - Update ProfileUpdater.init() (Endi S. Dewata) - Add PolicyDefault.engineConfig (Endi S. Dewata) - Add Profile.engineConfig and BootstrapProfile.engineConfig (Endi S. Dewata) - Refactor Profile.init() (Endi S. Dewata) - Update log messages in EnrollConstraint and EnrollDefault (Endi S. Dewata) - Refactor PolicyAdminServlet (Endi S. Dewata) - Fix config class hierarchy (Endi S. Dewata) - Remove unused CMSServlet.getRelPath() (Endi S. Dewata) - Update CAPublisherProcessor.getAuthority() to return CertificateAuthority (Endi S. Dewata) - Update EnrollProfile.getAuthority() to return CertificateAuthority (Endi S. Dewata) - Remove unused HttpConnector.mSource (Endi S. Dewata) - Remove unused HttpConnFactory.mSource (Endi S. Dewata) - Remove unused Resender.mAuthority (Endi S. Dewata) - Convert IProfileUpdater into ProfileUpdater (Endi S. Dewata) - Fix anchors in CONTRIBUTING.md (Endi S. Dewata) - Clean up build logs (Endi S. Dewata) - Add test for PKI CLI in Azure pipeline (Endi S. Dewata) - Add build.sh --python-exec and --python-dir options (Endi S. Dewata) - Restore support for custom SKI in CSR (Endi S. Dewata) - Troubleshooting improvement for ExternalProcessKeyRetriever (Endi S. Dewata) - Update build and install logs (Endi S. Dewata) - Fix missing SKI in CSR (Endi S. Dewata) - Add build.sh --product-name, --product-id, and --theme options (Endi S. Dewata) - Remove unnecessary casts (Chris Kelley) - Remove legacy acceptance tests (Chris Kelley) - Clean up ConfigurationTest (Endi S. Dewata) - Add Azure pipeline (Endi S. Dewata) - Update docs (Endi S. Dewata) - Update pki.spec and build.sh (Endi S. Dewata) - Add SonarCloud badge to README.md (ckelleyRH) - Remove unused fields in SystemCertData (Endi S. Dewata) - Refactor CAInstallerService.createCert() (Endi S. Dewata) - Merge ICRLIssuingPointRecord into CRLIssuingPointRecord (Endi S. Dewata) - Update TempCRLIssuingPointRecord hierarchy (Endi S. Dewata) - Merge IProofOfArchival into ProofOfArchival (Endi S. Dewata) - Move SubsystemGroupUpdater to pki-ca (Endi S. Dewata) - Move EnrollOutput to pki-ca (Endi S. Dewata) - Move EnrollInput to pki-ca (Endi S. Dewata) - Move EnrollProfile to pki-ca (Endi S. Dewata) - Move constants from EnrollProfile to Profile (Endi S. Dewata) - Move FlatFileAuth to pki-ca (Endi S. Dewata) - Merge IRepositoryRecord into RepositoryRecord (Endi S. Dewata) - Merge IRepository into Repository (Endi S. Dewata) - Merge IKeyRecord into KeyRecord (Endi S. Dewata) - Merge IKeyRecordList into KeyRecordList (Endi S. Dewata) - Merge IKeyRepository into KeyRepository (Endi S. Dewata) - Merge IHttpConnection into HttpConnection (Endi S. Dewata) - Convert IConnector into Connector class (Endi S. Dewata) - Move ICMSCRLExtension and ICMSCRLExtensions to pki-ca (Endi S. Dewata) - Move com.netscape.cms.crl to pki-ca (Endi S. Dewata) - Split SonarCloud in two workflows (#4025) (Marco Fargetta) - Fix incorrect record parsing in EnrollDefault (Chris Kelley) - Update log messages in AuthInfoAccessExtDefault (Endi S. Dewata) - Update pki-healthcheck install dirs (Endi S. Dewata) - Fix incorrect install() commands (Endi S. Dewata) - Update IPA test (Endi S. Dewata) - Update build.sh (Endi S. Dewata) - Replace %package_option macro (Endi S. Dewata) - Remove redundant type specification (Chris Kelley) - Disable access to external entities when parsing XML (Chris Kelley) - Update CMake VERSION variable (Endi S. Dewata) - Update CMake NSS_DEFAULT_DB_TYPE (Endi S. Dewata) - Move CTest into %build stage (Endi S. Dewata) - Fix incorrect Obsoletes: for symkey (Endi S. Dewata) - Replace raw use of ObjectMapper with JSONObject (Chris Kelley) - Fix serial type in nss-cert-issue request in nssdb.py (Chris Kelley) - Make remaining classes with to/fromJSON methods implement JSONSerializer (Chris Kelley) - Fix pylint warnings in upgrade scripts (Endi S. Dewata) - Fix pylint warnings in pki.util module (Endi S. Dewata) - Fix pylint warnings in pki.upgrade module (Endi S. Dewata) - Fix pylint warnings in pki.server.subsystem module (Endi S. Dewata) - Fix pylint warnings in pki.server.pkidestroy module (Endi S. Dewata) - Fix pylint warnings in pki.server.instance module (Endi S. Dewata) - Fix pylint warnings in pki.server.deployment.scriptlets module (Endi S. Dewata) - Fix pylint warnings in pki.server.deployment.pkiparser module (Endi S. Dewata) - Fix pylint warnings in pki.server.deployment.pkimanifest module (Endi S. Dewata) - Fix pylint warnings in pki.server.deployment.pkihelper module (Endi S. Dewata) - Fix pylint warnings in pki.server.deployment module (Endi S. Dewata) - Fix pylint warnings in pki.server.cli.subsystem module (Endi S. Dewata) - Fix pylint warnings in pki.server.cli.nuxwdog module (Endi S. Dewata) - Fix pylint warnings in pki.server.cli.nss module (Endi S. Dewata) - Fix pylint warnings in pki.server.cli.cert module (Endi S. Dewata) - Fix pylint warnings in pki.server.cli.banner module (Endi S. Dewata) - Fix pylint warnings in pki.server.cli.audit module (Endi S. Dewata) - Fix pylint warnings in pki.server module (Endi S. Dewata) - Fix pylint warnings in pki.profile module (Endi S. Dewata) - Fix pylint warnings in pki.pkcs12 module (Endi S. Dewata) - Fix pylint warnings in pki.nssdb module (Endi S. Dewata) - Fix pylint warnings in pki.cli.pkcs12 module (Endi S. Dewata) - Fix pylint warnings in pki module (Endi S. Dewata) - Update log messages in UGSubsystem (Endi S. Dewata) - Update log messages in CACertRequestSubmitCLI (Endi S. Dewata) - Remove unused NSSDatabase.create_self_signed_ca_cert() (Endi S. Dewata) - Remove unused Configurator constants (Endi S. Dewata) - Remove unused Configurator subclasses (Endi S. Dewata) - Remove unused CMSEngine.createConfigurator() (Endi S. Dewata) - Remove unused SystemConfigService subclasses (Endi S. Dewata) - Update OpenLDAP clients to use -H option (Endi S. Dewata) - Fix pki-lint script (Endi S. Dewata) - Make TokenData implement JSONSerializer (Chris Kelley) - Make AuthenticatorData implement JSONSerializer (Chris Kelley) - Fix pki ca-cert-request-unassign (Endi S. Dewata) - Update OCSP test (Endi S. Dewata) - Add SonarCloud analysis action (#4013) (Marco Fargetta) - Set deactivateDefaultTyping() on JSONSerializer ObjectMapper objects (Chris Kelley) - Simplify logic on RequestTransfer and RollingLogFile (Chris Kelley) - Add missing @Override annotations (Chris Kelley) - Add doc for installing CA with RSA/PSS (Endi S. Dewata) - Add test for installing CA with RSA/PSS (Endi S. Dewata) - Fix installation with RSA/PSS (Endi S. Dewata) - Update PKISubsystem.temp_cert_create() (Endi S. Dewata) - Add NSSDatabase.__create_aia_ext() (Endi S. Dewata) - Add NSSDatabase.__create_aki_ext() (Endi S. Dewata) - Add NSSDatabase.__create_ski_ext() (Endi S. Dewata) - Add NSSDatabase.__create_extended_key_usage_ext() (Endi S. Dewata) - Add NSSDatabase.__create_key_usage_ext() (Endi S. Dewata) - Add NSSDatabase.__create_basic_constraints_ext() (Endi S. Dewata) - Update NSSDatabase.__create_cert() (Endi S. Dewata) - Add issuer param for NSSDatabase.__create_cert() (Endi S. Dewata) - Update version number to 11.3.0-alpha1 (Endi S. Dewata) - Tidy up CAAdminServlet (Chris Kelley) - Tidy up in RequestProcessor (Chris Kelley) - Fix COPR build failure (Endi S. Dewata) - Clean up UserPwdDirAuthentication (Chris Kelley) - Bug 2017514 - Directory authentication plugin requires directory admin password just for user authentication (rhcs-11.0) (Jack Magne) - Clean up ConfigurationTest (Chris Kelley) - Update version to 11.2.0-0.4.beta3 (Chris Kelley) - Tidy up AAclAuthz (Chris Kelley) - Tidy up ACLEntry (Chris Kelley) - Replace Assert.assert* methods with assert* static imports (Chris Kelley) - Fix typo bug in KeyService.auditKeyInfoSuccess() (Chris Kelley) - Add code field to TPSStatus enum (Chris Kelley) - Use SHA-256 for authentication methods (Chris Kelley) - Tidy up in CertificateVersionDefault (Chris Kelley) - Bug2072185-p12-passwd-http-GET-params (Christina Fu) - Remove unused methods from Profile. (Chris Kelley) - Remove unnecessary Locale parameter from CertUtils.parseKeyGen() (Chris Kelley) - Update version number to 11.2.0-beta2 (Endi S. Dewata) - Add RPM macros for version and release numbers (Endi S. Dewata) - Add RPM macro for development phase (Endi S. Dewata) - Add RPM macros for timestamp and commit ID (Endi S. Dewata) - Fix TPS /ui/certs/ dates to be human readable. (Chris Kelley) - Remove unused parameters from process methods. (Chris Kelley) - Remove unused SystemCertData.tag (Endi S. Dewata) - Move SystemConfigService.validatePin() into CAInstallerService (Endi S. Dewata) - Move CAConfigurator.initSubsystem() into CAInstallerService (Endi S. Dewata) - Move CAConfigurator.createCert() into CAInstallerService (Endi S. Dewata) - Move CAConfigurator.createCertID() into CAInstallerService (Endi S. Dewata) - Move CAConfigurator.createRequestID() into CAInstallerService (Endi S. Dewata) - Refactor CAConfigurator.createCert() (Endi S. Dewata) - Add SystemCertData.certID (Endi S. Dewata) - Clean up PKISubsystem.get_subsystem_cert() (Endi S. Dewata) - Clean up PKISubsystem.get_nssdb_cert_info() (Endi S. Dewata) - Clean up PKISubsystem.get_cert_info() (Endi S. Dewata) - Remove unused ConfigClient (Endi S. Dewata) - Merge ConfigClient.create_system_cert() into PKIDeployer (Endi S. Dewata) - Merge ConfigClient.set_subsystem_cert_info() into PKIDeployer (Endi S. Dewata) - Merge ConfigClient.set_sslserver_cert_info() into PKIDeployer (Endi S. Dewata) - Merge ConfigClient.set_audit_signing_cert_info() into PKIDeployer (Endi S. Dewata) - Merge ConfigClient.set_transport_cert_info() into PKIDeployer (Endi S. Dewata) - Merge ConfigClient.set_storage_cert_info() into PKIDeployer (Endi S. Dewata) - Merge ConfigClient.set_ocsp_signing_cert_info() into PKIDeployer (Endi S. Dewata) - Merge ConfigClient.set_ca_signing_cert_info() into PKIDeployer (Endi S. Dewata) - Move ConfigClient.set_system_cert_info() to PKIDeployer (Endi S. Dewata) - Remove unused CAConfigurator.createCertRecord() (Endi S. Dewata) - Refactor CAConfigurator.createCert() (Endi S. Dewata) - Update log messages in pki-server ca-cert-import (Endi S. Dewata) - Clean up PKIDeployer.setup_system_cert() (Endi S. Dewata) - Clean up PKIDeployer.setup_system_certs() (Endi S. Dewata) - Update log messages in SubsystemCLI (Endi S. Dewata) - Update log messages in CACertClient (Endi S. Dewata) - Update log messages in LDAPConfigurator (Endi S. Dewata) - Update log messages in CertificateRepository (Endi S. Dewata) - Update log messages in CertRequestRepository (Endi S. Dewata) - Update log messages in RequestRepository (Endi S. Dewata) - Update log messages in NSSDatabase (Endi S. Dewata) - Update log messages in CryptoUtil (Endi S. Dewata) - Move import_perm_sslserver_cert() into PKIDeployer (Endi S. Dewata) - Move remove_temp_sslserver_cert() into PKIDeployer (Endi S. Dewata) - Move create_temp_sslserver_cert() into PKIDeployer (Endi S. Dewata) - Remove unused SystemConfigService.createRequest() (Endi S. Dewata) - Refactor SystemConfigService.createRequest() (Endi S. Dewata) - Update PKIDeployer.generate_csr() to use JSS (Endi S. Dewata) - Move generate_csr() into PKIDeployer (Endi S. Dewata) - Add generic_exts to NSSDatabase.__create_request() (Endi S. Dewata) - Add subject_key_id to NSSDatabase.__create_request() (Endi S. Dewata) - Add extended_key_usage_ext to NSSDatabase.__create_request() (Endi S. Dewata) - Add key_usage_ext to NSSDatabase.__create_request() (Endi S. Dewata) - Add basic_constraints_ext to NSSDatabase.__create_request() (Endi S. Dewata) - Add key_id and cka_id to NSSDatabase.__create_request() (Endi S. Dewata) - Add curve and hash_alg to NSSDatabase.__create_request() (Endi S. Dewata) - Update configuration.py to use PKIDeployer.get_key_params() (Endi S. Dewata) - Move get_key_params() into PKIDeployer (Endi S. Dewata) - Split ca-tests.yml into two runs. (Chris Kelley) - Fix Activity data in TPS UI (Chris Kelley) - Add PKIDeployment.create_cert() (Endi S. Dewata) - Add PKIDeployment.create_cert_request() (Endi S. Dewata) - Make timestamps human readable in /tps/ui/tokens (Chris Kelley) - Fix display of token parameters in web UI (Chris Kelley) - Make dates displayed in /ca/ui page human readable. (Chris Kelley) - Clean up SystemConfigService.createRequest() (Endi S. Dewata) - Add PKIDeployer.create_cert_key() (Endi S. Dewata) - Add NSSDatabase.create_key() (Endi S. Dewata) - Add pki nss-key-create (Endi S. Dewata) - Clean up usages and usages masks (Endi S. Dewata) - Bump Tomcat JSS dependency (Endi S. Dewata) - Make CertificateAuthority implement IAuthority directly (Chris Kelley) - Clean up WITH_SERVER option (Endi S. Dewata) - Add WITH_TESTS option for CMake (Endi S. Dewata) - Rename WITH_TEST to RUN_TESTS (Endi S. Dewata) - Fix Javadoc warnings (Endi S. Dewata) - Remove redundant JAVA_VERSION parameter (Endi S. Dewata) - Move javax.annotations-api.jar link creation into CMake (Endi S. Dewata) - Move jboss-logging.jar link creation into CMake (Endi S. Dewata) - Rename BUILD_PKI_CONSOLE to WITH_CONSOLE (Endi S. Dewata) - Remove redundant BUILD_PKI_CORE option (Endi S. Dewata) - Add base/meta (Endi S. Dewata) - Drop obsolete conditionals in pki.spec (Endi S. Dewata) - Fix build.sh --work-dir option (Endi S. Dewata) - Remove Locale from IExtendedPluginInfo.getExtendedPluginInfo signature (Chris Kelley) - Remove com.netscape.certsrv.base.Link (Chris Kelley) - Fix login to TPS UI (and other //ui pages) (Chris Kelley) - Update version number to 11.2.0-beta1 (Endi S. Dewata) - Remove redundant code (Endi S. Dewata) - Bug2072185 p12 password (Christina Fu) - Fix cert/key ID handling in pki pkcs12 CLIs (Endi S. Dewata) - Replace deprecate X509CertImpl.getIssuerDN() with getIssuerName() (Endi S. Dewata) - Replace deprecated X509CertImpl.getSubjectDN() with getSubjectName() (Endi S. Dewata) - Clean up log message in TokenService.changeTokenStatus() (Endi S. Dewata) - Replace deprecated LDAPv2 with LDAPv3 (Endi S. Dewata) - Bug2071081 p12 passwd in debug (Christina Fu) - Use "if connector is None" instead of "if not connector" (Chris Kelley) - Update log messages in ConnectorServlet.service() (Endi S. Dewata) - Add pki-server http-connector-host-mod (Endi S. Dewata) - Add pki-server http-connector-host-show (Endi S. Dewata) - Fix KeyId to preserve leading zeros (Endi S. Dewata) - Fix pylint issue (Endi S. Dewata) - Deprecate the PKI console com.netscape.certsrv.client.connection package (Chris Kelley) - Deprecate the PKI console com.netscape.admin.certsrv package (Chris Kelley) - Deprecate the PKI console com.netscape.admin.certsrv.config package (Chris Kelley) - Deprecate the PKI console com.netscape.admin.certsrv.config.install package (Chris Kelley) - Deprecate the PKI console com.netscape.admin.certsrv.connection package (Chris Kelley) - Deprecate the PKI console com.netscape.admin.certsrv.images package (Chris Kelley) - Deprecate PKI console com.netscape.admin.certsrv.{key,managecert} (Chris Kelley) - Deprecate the PKI console com.netscape.admin.certsrv.menu package (Chris Kelley) - Deprecate the PKI console com.netscape.admin.certsrv.misc package (Chris Kelley) - Deprecate the PKI console com.netscape.admin.certsrv.notification package (Chris Kelley) - Deprecate the PKI console com.netscape.admin.certsrv.security package (Chris Kelley) - Deprecate the PKI console com.netscape.admin.certsrv.status package (Chris Kelley) - Deprecate the PKI console com.netscape.admin.certsrv.task package (Chris Kelley) - Deprecate the PKI console com.netscape.admin.certsrv.ug package (Chris Kelley) - Deprecate the PKI console com.netscape.admin.certsrv.wizard package (Chris Kelley) - Add null check for CryptoUtil.findPrivateKey() (Endi S. Dewata) - Update log messages in HttpConnection (Endi S. Dewata) - Fix cert/key ID encoding (Endi S. Dewata) - Update tools tests to run in containers (Endi S. Dewata) - Add test_PKICertImport.bash into pki-tests (Endi S. Dewata) - Update CI tests to cache build artifacts (Endi S. Dewata) - Clean up RSNv1 params (Endi S. Dewata) - Normalize key types in pkispawn (Endi S. Dewata) - Update NSSDatabase.find_cert_keys() (Endi S. Dewata) - Update pki nss-cert-request (Endi S. Dewata) - Update TKS tests to use RSNv3 (Endi S. Dewata) - Add tests for installation with banners (Endi S. Dewata) - Ignore banner prompts during installation (Endi S. Dewata) - Add pki nss-cert-request --ssl-ecdh (Endi S. Dewata) - Add pki nss-cert-request --key-wrap (Endi S. Dewata) - Consolidate RSA keypair usage constants (Endi S. Dewata) - Remove unused SystemCertData.ecType (Endi S. Dewata) - Update PKIDeployer.create_cert_setup_request() (part 3) (Endi S. Dewata) - Update PKIDeployer.create_cert_setup_request() (part 2) (Endi S. Dewata) - Update PKIDeployer.create_cert_setup_request() (part 1) (Endi S. Dewata) - Add SystemCertData.keyWrap (Endi S. Dewata) - Add SystemCertData.sslECDH (Endi S. Dewata) - Remove unused SystemConfigService.findKey() (Endi S. Dewata) - Add PKIDeployer.find_cert_key() (Endi S. Dewata) - Add NSSDatabase.find_cert_keys() (Endi S. Dewata) - Fix key ID handling in SystemConfigService (part 2) (Endi S. Dewata) - Fix key ID handling in SystemConfigService (Endi S. Dewata) - Add tests for pki nss-key-find (Endi S. Dewata) - Add pki nss-key-find --nickname option (Endi S. Dewata) - Clean up CAEnrollProfile.execute() (Endi S. Dewata) - Add pki nss-cert-export --output-file option (Endi S. Dewata) - Add pki nss-key-find --output-format option (Endi S. Dewata) - Add pki nss-key-find (Endi S. Dewata) - Bug 2069813- Up default CA and OCSP signing cert key size to 3072 (OCSP) (Christina Fu) - Bug 2069813-Up default CA and OCSP signing cert key size to 3072 (Christina Fu) - Redirect banner prompt to standard error (Endi S. Dewata) - Clean up pki nss-cert-export (Endi S. Dewata) - Add NSSDatabase.run() (Endi S. Dewata) - Update logging level for NSSDatabase (Endi S. Dewata) - Update SystemConfigService.createRequest() (Endi S. Dewata) - Add test for HTTPS connector with PEM files (Endi S. Dewata) - Add test for HTTPS connector with JKS file (Endi S. Dewata) - Add test for HTTPS connector with PKCS #12 file (Endi S. Dewata) - Fix PKIServer.export_ca_cert() (Endi S. Dewata) - Add KeyInfo.keyId (Endi S. Dewata) - Remove unused IConfigStoreEventListener (Endi S. Dewata) - Merge IConfigStore into ConfigStore (Endi S. Dewata) - Update NSSDatabase.createRSAKeyPair() and createECKeyPair() (Endi S. Dewata) - Add tests for HTTPS connector (Endi S. Dewata) - Prevent NPE in ACMEEngine.checkOrder() (Chris Kelley) - Remove unnecessary Boolean literals and returns in PublisherAdminServlet (Chris Kelley) - Move HTTPS connector doc into admin guide (Endi S. Dewata) - Refactor pki-acme image (Endi S. Dewata) - Add pki-server-run (Endi S. Dewata) - Split basic server installation doc (Endi S. Dewata) - Capture server test logs (Endi S. Dewata) - Update server test (Endi S. Dewata) - Rename acme-wait.sh to pki-start-wait.sh (Endi S. Dewata) - Fix JAVA_HOME for container (Endi S. Dewata) - Update pki-server to use ConfigStore (Endi S. Dewata) - Update pki-ca to use ConfigStore (Endi S. Dewata) - Update pki-kra to use ConfigStore (Endi S. Dewata) - Update pki-ocsp to use ConfigStore (Endi S. Dewata) - Update pki-tks to use ConfigStore (Endi S. Dewata) - Update pki-tps to use ConfigStore (Endi S. Dewata) - Update com.netscape.cms.servlet to use ConfigStore (Endi S. Dewata) - Update com.netscape.cms.profile to use ConfigStore (Endi S. Dewata) - Update com.netscape.cms.servlet to use ConfigStore (Endi S. Dewata) - Update org.dogtagpki.legacy to use ConfigStore (Endi S. Dewata) - Update KRAPolicy to use ConfigStore (Endi S. Dewata) - Update ICertificateAuthority to use ConfigStore (Endi S. Dewata) - Update CRLIssuingPoint to use ConfigStore (Endi S. Dewata) - Update ILogEventListener to use ConfigStore (Endi S. Dewata) - Update LdapRule to use ConfigStore (Endi S. Dewata) - Update SigningUnit to use ConfigStore (Endi S. Dewata) - Update ConfigStorage to use ConfigStore (Endi S. Dewata) - Update IOCSPStore to use ConfigStore (Endi S. Dewata) - Update ProfileOutput to use ConfigStore (Endi S. Dewata) - Update ILdapPlugin to use ConfigStore (Endi S. Dewata) - Update ICMSCRLExtension to use ConfigStore (Endi S. Dewata) - Update ProfileAuthenticator to use ConfigStore (Endi S. Dewata) - Move ICRLIssuingPoint to pki-ca (Endi S. Dewata) - Move KeyCertData to pki-server (Endi S. Dewata) - Remove unused IRequestListenerPlugin (Endi S. Dewata) - Convert switch statements to switch expressions (Chris Kelley) - Tidy up in CAEngine (Chris Kelley) - Use enhanced instanceof where there is a check-and-cast (Chris Kelley) - Update ILdapConnModule to use ConfigStore (Endi S. Dewata) - Update IJob to use ConfigStore (Endi S. Dewata) - Update IRequestListener to use ConfigStore (Endi S. Dewata) - Update ISelfTest to use ConfigStore (Endi S. Dewata) - Update IPolicyRule to use ConfigStore (Endi S. Dewata) - Update CertificateAuthority.getConfigStore() to return CAConfig (Endi S. Dewata) - Update ISubsystem to use ConfigStore (Endi S. Dewata) - Move ILdapConnModule to pki-server (Endi S. Dewata) - Move ISubsystem to pki-server (Endi S. Dewata) - Update generate_rpm_spec() in build.sh (Endi S. Dewata) - Update FeatureService to use ConfigStore (Endi S. Dewata) - Update IProfileUpdater to use ConfigStore (Endi S. Dewata) - Update ProfileInput to use ConfigStore (Endi S. Dewata) - Update PolicyDefault to use ConfigStore (Endi S. Dewata) - Update PolicyConstraint to use ConfigStore (Endi S. Dewata) - Merge IConfigStore.makeSubStore() into ConfigStore (Endi S. Dewata) - Remove ICertAuthority interface (Chris Kelley) - Update IConfigStore.getSubStore() in pki-ca (Endi S. Dewata) - Update IConfigStore.getSubStore() in com.netscape.ca (Endi S. Dewata) - Update IConfigStore.getSubStore() in com.netscape.cms.jobs (Endi S. Dewata) - Update IConfigStore.getSubStore() in com.netscape.cms.servlet (Endi S. Dewata) - Update IConfigStore.getSubStore() in com.netscape.cms.profile (Endi S. Dewata) - Update IConfigStore.getSubStore() in org.dogtagpki.legacy.server (Endi S. Dewata) - Update IConfigStore.getSubStore() in pki-kra (Endi S. Dewata) - Update IConfigStore.getSubStore() in pki-ocsp (Endi S. Dewata) - Update IConfigStore.getSubStore() in pki-tps (Endi S. Dewata) - Update IConfigStore.getSubStore() in pki-server (Endi S. Dewata) - Update CMSEngine.loadConfigStore() (Endi S. Dewata) - Merge IRevocationInfo into RevocationInfo (Endi S. Dewata) - Fix error in SystemConfigService.createRequest() (Endi S. Dewata) - Update PKIDeployer.import_cert_request() (Endi S. Dewata) - Replace Configurator.createECCKeyPair() (Endi S. Dewata) - Replace Configurator.createRSAKeyPair() (Endi S. Dewata) - Rename SystemConfigService.setupKey() to findKey() (Endi S. Dewata) - Refactor SystemConfigService.setupKey() (Endi S. Dewata) - Remove redundant CryptoUtil.generateECCKeyPair() (Endi S. Dewata) - Remove redundant CryptoUtil.generateRSAKeyPair() (Endi S. Dewata) - Update error messages in RequestIdMapper and RequestStateMapper (Endi S. Dewata) - Add PKIDeployer.import_cert_request() (Endi S. Dewata) - Update CI tests to show system certs and CSRs (Endi S. Dewata) - Remove unused SystemConfigService.importRequest() (Endi S. Dewata) - Prevent NullPointerException in DirBasedAuthentication (Chris Kelley) - Code cleanup in CMSServlet (Chris Kelley) - Update KRA tests to use RSNv3 (Endi S. Dewata) - Update CA tests to use RSNv3 (Endi S. Dewata) - Add docs for RSNv3 (Endi S. Dewata) - Update minimum connections for UGSubsystem in CLI (Endi S. Dewata) - Update UGSubsystem.init() (Endi S. Dewata) - Add DatabaseConfig.getLDAPConfig() (Endi S. Dewata) - Update minimum connections for DBSubsystem in CLI (Endi S. Dewata) - Update DBSubsystem.init() (Endi S. Dewata) - Rename DBSubsystem.mConfig to ldapConfig (Endi S. Dewata) - Rename PropConfigStore to ConfigStore (Endi S. Dewata) - Rename LDAPConfigStore to LDAPConfigStorage (Endi S. Dewata) - Rename FileConfigStore to FileConfigStorage (Endi S. Dewata) - Rename CMSEngine.createFileConfigStore() to loadConfigStore() (Endi S. Dewata) - Clean up PluginRegistry.loadPlugins() (Endi S. Dewata) - Rename PluginRegistry.fileConfig to registryConfig (Endi S. Dewata) - Remove unused PluginRegistry.mConfig (Endi S. Dewata) - Add PKISubsystem.import_cert_request() (Endi S. Dewata) - Add PKIDeployer.pki_connect() (Endi S. Dewata) - Refactor CertRequestRepository.updateRequest() (Endi S. Dewata) - Update OCSP tests to use RSNv3 (Endi S. Dewata) - Add SystemConfigService.createRequestID() (Endi S. Dewata) - Update default RSNv3 length (Endi S. Dewata) - Update TPS tests to use RSNv3 (Endi S. Dewata) - Update KRA clone test to use RSNv3 (Endi S. Dewata) - Update CA clone test to use RSNv3 (Endi S. Dewata) - Update PKISubsystem.request_ranges() (Endi S. Dewata) - Split CertRequestInfoFactory.create() (Endi S. Dewata) - Add CMSRequestInfo.requestID (Endi S. Dewata) - Refactor CAConfigurator.createRequestRecord() (Endi S. Dewata) - Move CAConfigurator.createRequestExtensions() to CertUtil (Endi S. Dewata) - Update pki-server ca-cert-import (Endi S. Dewata) - Fix pki-server migrate CLI (Endi S. Dewata) - Update ACME tests to use RSNv3 (Endi S. Dewata) - Add PKIDeployer.configure_id_generators() (Endi S. Dewata) - Log keyForUSer at INFO in FlatFileAuth to ease future debugging (Chris Kelley) - Add pki-server ca-cert-import (Endi S. Dewata) - Remove unused SystemConfigService.importCert() (Endi S. Dewata) - Add CASubsystem.import_cert() (Endi S. Dewata) - Move RequestQueue.updateRequest() to RequestRepository (Endi S. Dewata) - Merge ARequestQueue into RequestQueue (Endi S. Dewata) - Remove unused CertificateSetupRequest.url (Endi S. Dewata) - Add SystemCertData.signingAlgorithm (Endi S. Dewata) - Refactor CAConfigurator.createCert() (Endi S. Dewata) - Refactor CAConfigurator.importRequest() (Endi S. Dewata) - Clean up PKIDeployer.setup_system_cert() (Endi S. Dewata) - Remove unused IRequest (Endi S. Dewata) - Update pki-server to use Request (Endi S. Dewata) - Update pki-kra to use Request (Endi S. Dewata) - Update pki-ca to use Request (Endi S. Dewata) - Update ConnectorServlet to use Request (Endi S. Dewata) - Update ProfileReviewServlet to use Request (Endi S. Dewata) - Update KeyRecoveryAuthority to use Request (Endi S. Dewata) - Update CertificateAuthority to use Request (Endi S. Dewata) - Update IPKIMessage to use Request (Endi S. Dewata) - Update CMSServlet to use Request (Endi S. Dewata) - Update CMSRequestDAO to use Request (Endi S. Dewata) - Update ProfileSubmitServlet to use Request (Endi S. Dewata) - Update CertReqParser to use Request (Endi S. Dewata) - Update QueryReq to use Request (Endi S. Dewata) - Update RequestAttr to use Request (Endi S. Dewata) - Update RequestRepository to use Request (Endi S. Dewata) - Update IRequestList to use Request (Endi S. Dewata) - Update LogEvent to use Request (Endi S. Dewata) - Update Pattern to use Request (Endi S. Dewata) - Update IExpression to use Request (Endi S. Dewata) - Update ILdapMapper to use Request (Endi S. Dewata) - Update ProfileAuthenticator to use Request (Endi S. Dewata) - Update IConnector, INotify, and IRequestListener to use Request (Endi S. Dewata) - Update Processor to use Request (Endi S. Dewata) - Update EnrollDefault to use Request (Endi S. Dewata) - Update RequestQueue to use Request (Endi S. Dewata) - Update EnrollConstraint to use Request (Endi S. Dewata) - Update PolicySet and PolicyRule to use Request (Endi S. Dewata) - Update ProfileInput and ProfileOutput to use Request (Endi S. Dewata) - Update Profile to use Request (Endi S. Dewata) - Update CRSEnrollment to use Request (Endi S. Dewata) - Update RequestProcessor to use Request (Endi S. Dewata) - Remove obsolete Servlet 2.3 DTD (Endi S. Dewata) - Remove unused SystemCertData.installToken (Endi S. Dewata) - Remove unused SystemConfigService.setupAdmin() (Endi S. Dewata) - Merge SystemConfigService.setupAdmin() into createCert() (Endi S. Dewata) - Replace CertUtils.getAdminProfileAlgorithm() (Endi S. Dewata) - Add SystemCertData.adjustValidity (Endi S. Dewata) - Remove unused SystemConfigService.requestCert() (Endi S. Dewata) - Replace SystemConfigService.requestCert() (Endi S. Dewata) - Add options for pki ca-cert-request-submit (Endi S. Dewata) - Replace CertificateSetupRequest.clone and masterURL (Endi S. Dewata) - Split SystemConfigService.setupCert() (Endi S. Dewata) - Split SystemConfigService.loadCert() (Endi S. Dewata) - Clean up PKIDeployer.setup_system_cert() (Endi S. Dewata) - Update OCSP test (Endi S. Dewata) - Update CAConfigurator.createLocalCert() (Endi S. Dewata) - Remove redundant code in CertificateAuthority.initCertSigningUnit() (Endi S. Dewata) - Refactor PKIDeployer.request_admin_cert() (Endi S. Dewata) - Add SystemConfigService.createRequest() (Endi S. Dewata) - Add SystemConfigService.setupKey() (Endi S. Dewata) - Add SystemCertData.keyID (Endi S. Dewata) - Simplify SystemConfigService.setupCert() (Endi S. Dewata) - Refactor Configurator.createPKCS10Request() (Endi S. Dewata) - Refactor NSSDatabase.createRequest() (Endi S. Dewata) - Refactor CryptoUtil.findPrivateKeyFromID() (Endi S. Dewata) - Simplify PKIDeployer.setup_system_cert() (Endi S. Dewata) - Simplify PKIDeployer.setup_system_certs() (Endi S. Dewata) - Simplify PKIDeployer.get_admin_cert() (Endi S. Dewata) - Remove unused ConfigClient.save_system_csr() (Endi S. Dewata) - Merge ConfigClient.save_admin_csr() into PKIDeployer (Endi S. Dewata) - Move ConfigClient.process_admin_p12() into PKIDeployer (Endi S. Dewata) - Move ConfigClient.process_admin_cert() into PKIDeployer (Endi S. Dewata) - Merge Configurator.createAdminCertificate() into SystemConfigService (Endi S. Dewata) - Merge Configurator.setupCert() into SystemConfigService (Endi S. Dewata) - Add CAConfigurator.createRequestExtensions() (Endi S. Dewata) - Add CAConfigurator.createRequestRecord() (Endi S. Dewata) - Add CAConfigurator.updateRequestRecord() (Endi S. Dewata) - Add CAConfigurator.createCertRecord() (Endi S. Dewata) - Fix PKIConnection constructor (Endi S. Dewata) - Fix PKIInstance.is_available() (Endi S. Dewata) - Fix pki-server remove (Endi S. Dewata) - Add test for KRA with RSNv3 (Endi S. Dewata) - Add RSNv3 for KRA (Endi S. Dewata) - Add tests for PKI server (Endi S. Dewata) - Clean up log messages in OCSPPublisher (Endi S. Dewata) - Fix NPE in CMSEngine.shutdownAuthSubsystem() (Endi S. Dewata) - Refactor CMSAdminServlet (part 2) (Endi S. Dewata) - Refactor CMSAdminServlet (part 1) (Endi S. Dewata) - Add test for CA with RSNv3 (Endi S. Dewata) - Add RSNv3 for CA (Endi S. Dewata) - Add test for CA profiles (Endi S. Dewata) - Update OCSPClient to support hex serial numbers (Endi S. Dewata) - Fix pkidestroy for OCSP with external certs (Endi S. Dewata) - Update EnrollDefault.populate() to accept Request (Endi S. Dewata) - Update PolicyConstraint to use Request (Endi S. Dewata) - Update PolicyDefault to use Request (Endi S. Dewata) - Update ProfileInput to use Request (Endi S. Dewata) - Update ProfileInput.populate() to accept Request (Endi S. Dewata) - Update IPolicy.apply() to accept Request (Endi S. Dewata) - Update IServant.service() to accept Request (Endi S. Dewata) - Update IService.serviceRequest() to accept Request (Endi S. Dewata) - Merge ICAService into CAService (Endi S. Dewata) - Merge ICMSRequest into CMSRequest (Endi S. Dewata) - Merge ICommandQueue into CommandQueue (Endi S. Dewata) - Update CAProcessor to use Request (Endi S. Dewata) - Change CMSRequest.mRequest to Request (Endi S. Dewata) - Update CertProcessor to use Request (Endi S. Dewata) - Update RenewalProcessor to use Request (Endi S. Dewata) - Update ARequestQueue.processRequest() to accept Request (Endi S. Dewata) - Update BootstrapProfile.populate() to accept Request (Endi S. Dewata) - Update Profile.createRequests() to return Request (Endi S. Dewata) - Disable XML validation in Eclipse (Endi S. Dewata) - Update KeyRequestDAO.createRecoveryRequest() to return Request (Endi S. Dewata) - Update RequestRepository.readRequest() to return Request (Endi S. Dewata) - Update RequestRepository.createRequest() to return Request (Endi S. Dewata) - Update IRequestVirtualList.getElementAt() to return Request (Endi S. Dewata) - Clean up test scripts (Endi S. Dewata) - Update log messages in UpdateConnector (Endi S. Dewata) - Move remaining IRequest constants to Request (Endi S. Dewata) - Move IRequest policy constants to Request (Endi S. Dewata) - Move IRequest internal constants to Request (Endi S. Dewata) - Move IRequest requestor type constants to Request (Endi S. Dewata) - Move IRequest server-side keygen constants to Request (Endi S. Dewata) - Move IRequest keygen constants to Request (Endi S. Dewata) - Move IRequest security data constants to Request (Endi S. Dewata) - Move IRequest Netkey constants to Request (Endi S. Dewata) - Move IRequest revocation constants to Request (Endi S. Dewata) - Move IRequest renewal constants to Request (Endi S. Dewata) - Move IRequest enrollment constants to Request (Endi S. Dewata) - Move IRequest attribute constants to Request (Endi S. Dewata) - Move IRequest requestor constants to Request (Endi S. Dewata) - Move IRequest type constants to Request (Endi S. Dewata) - Move IRequest constants to Request (Endi S. Dewata) - Update RequestDefaultStub (Endi S. Dewata) - Move tpsclient into pki-tools (Endi S. Dewata) - Refactor CAConfigurator.importCert() (Endi S. Dewata) - Update IPA tests to install KRA separately (Endi S. Dewata) - Update version number to 11.2.0-alpha1 (Endi S. Dewata) - Update Requires for ldapjdk and tomcatjss (Chris Kelley) - Update version to v11.1.0 and update dependencies (Chris Kelley) - Fix pkidestroy for KRA with external certs (Endi S. Dewata) - Update log messages in PublisherProcessor (Endi S. Dewata) - Update log messages in LDAPSession (Endi S. Dewata) - B1996141-subCA-adjustValidity (Christina Fu) - Add test for uninstalling IPA clone (Endi S. Dewata) - Remove XML parsing from ProfilePolicy (Chris Kelley) - Update Configurator.setupCert() (Endi S. Dewata) - Update NSSDatabase.add_cert() (Endi S. Dewata) - Refactor CAConfigurator.createAdminCertificate() (Endi S. Dewata) - Refactor PKIDeployer.setup_system_certs() (Endi S. Dewata) - Update CAConfigurator.createLocalCert() and importCert() (Endi S. Dewata) - Clean up log messages in CAConfigurator (Endi S. Dewata) - Clean up CAConfigurator.updateRequest() (Endi S. Dewata) - Refactor SystemConfigService.loadCert() (part 2) (Endi S. Dewata) - Refactor SystemConfigService.loadCert() (part 1) (Endi S. Dewata) - Remove CertRequestConstants (Chris Kelley) - Move ILogEvent and ILogEventListener to pki-server (Endi S. Dewata) - Merge ILogQueue into LogQueue (Endi S. Dewata) - Move ILogger to pki-server (Endi S. Dewata) - Move AuditFormat to pki-server (Endi S. Dewata) - Move ILogEventFactory to pki-server (Endi S. Dewata) - Move LogEvent to pki-server (Endi S. Dewata) - Remove unused IBundleLogEvent (Endi S. Dewata) - Move AuditEvent to pki-server (Endi S. Dewata) - Remove unused ISubsystemSource (Endi S. Dewata) - Move SignedAuditEvent to pki-server (Endi S. Dewata) - Move IPluginImpl to pki-server (Endi S. Dewata) - Move IJob and IJobCron to pki-server (Endi S. Dewata) - Merge IAuditor into Auditor (Endi S. Dewata) - Remove unused Cert (Endi S. Dewata) - Remove unused SystemCertDataFactory (Endi S. Dewata) - Refactor SystemConfigService.loadCert() (Endi S. Dewata) - Refactor Configurator.setupCert() (Endi S. Dewata) - Refactor Configurator.createLocalCert() (Endi S. Dewata) - Replace Configurator.createCert() with createLocalCert() (Endi S. Dewata) - Refactor Configurator.createCert() (part 2) (Endi S. Dewata) - Refactor Configurator.createCert() (part 1) (Endi S. Dewata) - Update test scripts to use password authentication (Endi S. Dewata) - Refactor SystemConfigService.loadCert() (Endi S. Dewata) - Refactor Configurator.loadCert() (Endi S. Dewata) - Refactor CAConfigurator.importCert() (Endi S. Dewata) - Add SystemCertData.requestID (Endi S. Dewata) - Convert tpsclient man page into Markdown (Endi S. Dewata) - Add Dockerfile for IPA runner (Endi S. Dewata) - Log request IDs in hex (Endi S. Dewata) - Update COMPONENT in Dockerfiles (Endi S. Dewata) - Remove unused scripts (Endi S. Dewata) - Add tests for trust flags using pki nss-cert-show (Endi S. Dewata) - Clean up tools tests (Endi S. Dewata) - Add CAConfigurator.initSubsystem() (Endi S. Dewata) - Update log messages in PKIDeployer.finalize_subsystem() (Endi S. Dewata) - Fix typo in ClonesPlugin.get_status() (Endi S. Dewata) - Clean up variable names in PKIDeployer.finalize_subsystem() (Endi S. Dewata) - Update log messages in SubsystemGroupUpdater (Endi S. Dewata) - Update log messages in KRAConnectorProcessor (Endi S. Dewata) - Update log messages in SecurityDomain.deregister() (Endi S. Dewata) - Update log messages in KRAConnector.deregister() (Endi S. Dewata) - Replace deprecated distutils.sysconfig.get_python_lib() (Endi S. Dewata) - Fix PyDev warnings (Endi S. Dewata) - Clean up SecurityDomain.deregister() (Endi S. Dewata) - Update tests for pki-healthcheck (Endi S. Dewata) - Fix pki-healthcheck for clones (Endi S. Dewata) - Remove unused base/tps-client/wrappers (Endi S. Dewata) - Remove unused base/tps-client/scripts (Endi S. Dewata) - Remove unused RA class (Endi S. Dewata) - Remove unused RA_Context (Endi S. Dewata) - Remove unused RA LogFile (Endi S. Dewata) - Remove unused RA::Debug() (Endi S. Dewata) - Remove unused RA::Error() (Endi S. Dewata) - Remove unused RA::GetVerifyLock() (Endi S. Dewata) - Remove unused RA httpClient (Endi S. Dewata) - Remove unused PSHttpServer (Endi S. Dewata) - Remove unused HttpEngine (Endi S. Dewata) - Remove unused PSHttpRequest (Endi S. Dewata) - Remove unused PSHttpResponse (Endi S. Dewata) - Remove unused HttpEngine::makeRequest() (Endi S. Dewata) - Remove unused PSHttpServer::putFile() (Endi S. Dewata) - Remove unused RA_pblock (Endi S. Dewata) - Remove unused RA_Session (Endi S. Dewata) - Remove unused RA SecureId (Endi S. Dewata) - Remove unused RA Login (Endi S. Dewata) - Remove unused RA AttributeSpec (Endi S. Dewata) - Remove unused RA ObjectSpec (Endi S. Dewata) - Remove unused RA IConnector and IPublish_Data (Endi S. Dewata) - Remove unused RA PKCS11Obj (Endi S. Dewata) - Remove unused RA ConfigStore (Endi S. Dewata) - Remove unused RA::GetConfigStore() (Endi S. Dewata) - Remove unused RA::isAlgorithmECC() (Endi S. Dewata) - Remove unused RA Channel (Endi S. Dewata) - Remove unused RA Secure_Channel (Endi S. Dewata) - Remove unused RA ConnectionInfo (Endi S. Dewata) - Add test for CA with file-based CRL publishing (Endi S. Dewata) - Remove unused RA HttpConnection (Endi S. Dewata) - Remove unused RA httpSend() (Endi S. Dewata) - Remove unused RA::GetCurrentIndex() and SetCurrentIndex() (Endi S. Dewata) - Remove unused RA CA connection objects (Endi S. Dewata) - Remove unused RA TKS connection objects (Endi S. Dewata) - Remove unused RA DRM connection objects (Endi S. Dewata) - Remove unused RA::Failover() (Endi S. Dewata) - Remove unused RA::ServerSideKeyGen() (Endi S. Dewata) - Remove unused RA::FindSymKeyByName() (Endi S. Dewata) - Remove unused RA::RecoverKey() (Endi S. Dewata) - Remove unused RA::ComputeHostCryptogram() (Endi S. Dewata) - Remove unused RA::CreateDesKey24Byte() (Endi S. Dewata) - Remove unused RA::ComputeSessionKey() (Endi S. Dewata) - Remove unused RA::do_free() (Endi S. Dewata) - Remove unused RA::remove_from_comma_list() (Endi S. Dewata) - Remove unused RA::match_comma_list() (Endi S. Dewata) - Add Repository.init() (Endi S. Dewata) - Refactor ISubsystem.init() (Endi S. Dewata) - Move CertRequestRepository.updateRequest() to CAConfigurator (Endi S. Dewata) - Move CertRequestRepository.initRequest() to CAConfigurator (Endi S. Dewata) - Move ICryptoSubsystem to pki-server (Endi S. Dewata) - Move IToken to pki-server (Endi S. Dewata) - Move IEncryptionUnit to pki-server (Endi S. Dewata) - Move IStorageKeyUnit to pki-server (Endi S. Dewata) - Move ITransportKeyUnit to pki-server (Endi S. Dewata) - Add test for cert key archival (Endi S. Dewata) - Move IAuthenticator to pki-console (Endi S. Dewata) - Move IConnection to pki-console (Endi S. Dewata) - Move IConnectionFactory to pki-console (Endi S. Dewata) - Move IRequest to pki-server (Endi S. Dewata) - Move IPKIMessage to pki-server (Endi S. Dewata) - Move IHttpPKIMessage to pki-server (Endi S. Dewata) - Move Repository.mEnableRandomSerialNumbers (Endi S. Dewata) - Move IResender to pki-server (Endi S. Dewata) - Move INotify to pki-server (Endi S. Dewata) - Move IPolicy to pki-server (Endi S. Dewata) - Move IDBObj to pki-server (Endi S. Dewata) - Move IDBVirtualList to pki-server (Endi S. Dewata) - Move ICRLIssuingPointRecord to pki-server (Endi S. Dewata) - Move IRepositoryRecord to pki-server (Endi S. Dewata) - Move IRepository to pki-server (Endi S. Dewata) - Move IKeyRecord to pki-server (Endi S. Dewata) - Move IKeyRecordList to pki-server (Endi S. Dewata) - Move IKeyRepository to pki-server (Endi S. Dewata) - Move IHttpConnection to pki-server (Endi S. Dewata) - Remove unused IHttpConnFactory (Endi S. Dewata) - Rename trust attributes to trust flags for consistency (Endi S. Dewata) - Display request IDs in hex (Endi S. Dewata) - Update server hostname in examples (Endi S. Dewata) - Update PyDev configuration (Endi S. Dewata) - Add test for CA with random serial number v1 (Endi S. Dewata) - Remove --debug from pki-healthcheck invocations (Endi S. Dewata) - Merge Repository.initCacheIfNeeded() into initCache() (Endi S. Dewata) - Add CAConfigurator.createCertID() (Endi S. Dewata) - Add CAConfigurator.createRequestID() (Endi S. Dewata) - Add test for OCSP installation with CMC (Endi S. Dewata) - Update CA tests to show the certs and cert requests (Endi S. Dewata) - Display cert request IDs in hex (Endi S. Dewata) - Refactor Configurator.setupCert() (Endi S. Dewata) - Refactor Configurator.createCert() (Endi S. Dewata) - Clean up log messages in Configurator (Endi S. Dewata) - Refactor Configurator.createLocalCert() (Endi S. Dewata) - Refactor CryptoUtil.createX509CertInfo() (Endi S. Dewata) - Refactor Configurator.createCertRequest() (Endi S. Dewata) - Exclude .git folder from Eclipse project (Endi S. Dewata) - Remove unused CertificateSetupResponse (Endi S. Dewata) - Remove unused AdminSetupRequest and AdminSetupResponse (Endi S. Dewata) - Refactor SystemConfigService.setupAdmin() (part 2) (Endi S. Dewata) - Refactor SystemConfigService.setupAdmin() (part 1) (Endi S. Dewata) - Add SystemCertData.requestType (Endi S. Dewata) - Remove unused RA::GetConfigLock() (Endi S. Dewata) - Remove unused RA::GetPodIndex() and RA::SetPodIndex() (Endi S. Dewata) - Remove unused RA::GetCAConn() and RA::ReturnCAConn() (Endi S. Dewata) - Remove unused CertEnroll (Endi S. Dewata) - Remove unused Configurator.getHostInfo() (Endi S. Dewata) - Remove unused Configurator.deleteDir() (Endi S. Dewata) - Add test for KRA installation with CMC (Endi S. Dewata) - Remove unused Configurator.getNickname() (Endi S. Dewata) - Refactor ConfigClient.set_ca_signing_cert_info() (Endi S. Dewata) - Add SystemCertData.keyAlgorithm (Endi S. Dewata) - Add SystemCertData.ecType (Endi S. Dewata) - Add SystemCertData.keyType (Endi S. Dewata) - Add PKIDeployer.create_cert_setup_request() (Endi S. Dewata) - Remove unused token database (Endi S. Dewata) - Remove unused valid_berval() (Endi S. Dewata) - Remove unused LDAP methods (Endi S. Dewata) - Remove unused get_cert_attr_byname() and get_cert_attr_byname_int() (Endi S. Dewata) - Remove unused token methods (Endi S. Dewata) - Remove unused allocate_modifications() and free_modifications() (Endi S. Dewata) - Remove unused allocate_values() and free_values() (Endi S. Dewata) - Remove unused et_cmp(), sort_cmp(), and reverse_sort_cmp() (Endi S. Dewata) - Remove unused audit_log() (Endi S. Dewata) - Remove unused get_pwd_from_conf() and ReadLine() (Endi S. Dewata) - Remove unused tus_db_end() and tus_db_cleanup() (Endi S. Dewata) - Remove unused tus_db_init() and is_tus_db_initialized() (Endi S. Dewata) - Remove unused tus_print_as_hex() (Endi S. Dewata) - Remove unused tus_print_integer() (Endi S. Dewata) - Remove unused base64_decode() (Endi S. Dewata) - Remove unused ldap_sort_entries() (Endi S. Dewata) - Remove unused tus_check_conn() (Endi S. Dewata) - Remove unused set_tus_db_*() (Endi S. Dewata) - Remove unused get_tus_db_config() (Endi S. Dewata) - Remove unused get_number_of_*() (Endi S. Dewata) - Remove unused RA::ra_get_attribute_values() (Endi S. Dewata) - Remove unused base/tps-client/src/include/modules/tps (Endi S. Dewata) - Remove unused base/tps-client/src/include/service (Endi S. Dewata) - Remove unused base/tps-client/src/test (Endi S. Dewata) - Remove unused IRAService (Endi S. Dewata) - Remove unused IRegistrationAuthority (Endi S. Dewata) - Remove references to IRegistrationAuthority in base/server (Endi S. Dewata) - Remove references to IRegistrationAuthority in base/ca (Endi S. Dewata) - Add log messages in NSSDatabase.createRequest() (Endi S. Dewata) - Refactor CAConfigurator.importCert() (Endi S. Dewata) - Add test for CA installation with CMC (Endi S. Dewata) - Clean up PKIDeployer.setup_cert() (Endi S. Dewata) - Refactor Configurator.loadCert() (Endi S. Dewata) - Remove unused update_tus_general_db_entry() (Endi S. Dewata) - Remove unused delete_tus_general_db_entry() (Endi S. Dewata) - Remove unused delete_tus_db_entry() (Endi S. Dewata) - Remove unused delete_user_db_entry() (Endi S. Dewata) - Remove unused delete_user_from_role_db_entry() (Endi S. Dewata) - Remove unused delete_profile_from_user() (Endi S. Dewata) - Remove unused delete_all_profiles_from_user() (Endi S. Dewata) - Remove unused create_modification_date_change() (Endi S. Dewata) - Remove unused add_tus_general_db_entry() (Endi S. Dewata) - Remove unused add_activity() (Endi S. Dewata) - Remove unused add_certificate() (Endi S. Dewata) - Remove unused add_tus_db_entry() (Endi S. Dewata) - Remove unused add_default_tus_db_entry() (Endi S. Dewata) - Remove unused find_tus_db_entry() (Endi S. Dewata) - Remove unused allow_token_enroll_policy() (Endi S. Dewata) - Remove unused base/tps-client/tools/tus (Endi S. Dewata) - Remove unused find_tus_db_entries() (Endi S. Dewata) - Remove unused find_tus_db_entries_pcontrol_1() (Endi S. Dewata) - Remove unused find_tus_activity_entries() (Endi S. Dewata) - Remove unused find_tus_activity_entries_pcontrol_1() (Endi S. Dewata) - Remove unused find_tus_activity_entries_no_vlv() (Endi S. Dewata) - Remove unused find_tus_certificate_entries() (Endi S. Dewata) - Remove unused find_tus_user_entries_no_vlv() (Endi S. Dewata) - Remove unused find_tus_user_role_entries() (Endi S. Dewata) - Remove unused get_authorized_profiles() (Endi S. Dewata) - Remove unused update_tus_db_entry() (Endi S. Dewata) - Remove unused update_tus_db_entry_with_mods() (Endi S. Dewata) - Remove unused modify_tus_db_entry() (Endi S. Dewata) - Remove unused check_and_modify_tus_db_entry() (Endi S. Dewata) - Remove unused add_profile_to_user() (Endi S. Dewata) - Remove unused add_user_to_role_db_entry() (Endi S. Dewata) - Remove unused update_user_db_entry() (Endi S. Dewata) - Remove unused add_user_db_entry() (Endi S. Dewata) - Remove unused update_token_status_reason() (Endi S. Dewata) - Remove unused tus_authorize() (Endi S. Dewata) - Remove unused tus_authenticate() (Endi S. Dewata) - Remove unused RA::GetGlobalSecurityLevel() (Endi S. Dewata) - Remove unused RA::SetGlobalSecurityLevel() (Endi S. Dewata) - Remove unused RA::ra_get_number_of_entries() (Endi S. Dewata) - Remove unused RA::ra_get_certificates() (Endi S. Dewata) - Remove unused RA::ra_delete_certificate_entry() (Endi S. Dewata) - Remove unused RA::ra_get_cert_issuer() (Endi S. Dewata) - Remove unused RA::ra_get_cert_serial() (Endi S. Dewata) - Remove unused RA::ra_get_cert_type() (Endi S. Dewata) - Remove unused RA::ra_get_cert_status() (Endi S. Dewata) - Remove unused RA::ra_get_cert_cn() (Endi S. Dewata) - Remove unused RA::ra_get_token_userid() (Endi S. Dewata) - Remove unused RA::ra_get_token_reason() (Endi S. Dewata) - Remove unused RA::ra_find_tus_token_entries() (Endi S. Dewata) - Remove unused RA::ra_find_tus_token_entries_no_vlv() (Endi S. Dewata) - Remove unused RA::ra_find_tus_certificate_entries_by_order() (Endi S. Dewata) - Remove unused RA::ra_find_tus_certificate_entries_by_order_no_vlv() (Endi S. Dewata) - Remove unused RA::testTokendb() (Endi S. Dewata) - Remove unused audit.h (Endi S. Dewata) - Remove unused RA audit fields (Endi S. Dewata) - Remove unused RA audit methods (Endi S. Dewata) - Remove unused RA::IsAuditEventSelected() (Endi S. Dewata) - Remove unused RA::GetAuditSigningMessage() (Endi S. Dewata) - Remove unused RA::SignAuditLog() (Endi S. Dewata) - Remove unused RA::FlushAuditLogBuffer() (Endi S. Dewata) - Remove unused RA::SetFlushInterval() (Endi S. Dewata) - Remove unused RA::SetBufferSize() (Endi S. Dewata) - Remove unused RA::AuditThis() (Endi S. Dewata) - Remove unused RA::Audit() (Endi S. Dewata) - Remove unused RA::IsValidEvent() (Endi S. Dewata) - Remove unused RA::getLastSignature() (Endi S. Dewata) - Remove unused RA::RunFlushThread() (Endi S. Dewata) - Clean up log messages in CAValidityConstraint.validate() (Endi S. Dewata) - Remove unused RA::ra_allow_token_reenroll() (Endi S. Dewata) - Remove unused RA::ra_allow_token_renew() (Endi S. Dewata) - Remove unused RA::ra_force_token_format() (Endi S. Dewata) - Remove unused RA::ra_update_cert_status() (Endi S. Dewata) - Remove unused RA::ra_update_token_status_reason_userid() (Endi S. Dewata) - Remove unused RollingLogFile (Endi S. Dewata) - Remove unused m_selftest_log (Endi S. Dewata) - Remove unused RA::GetLogFile() (Endi S. Dewata) - Update CA tests to check system certs (Endi S. Dewata) - Clean up CA test with ECC keys (Endi S. Dewata) - Update ds-container-create.sh to publish LDAP ports (Endi S. Dewata) - Add doc for system profile changes (Endi S. Dewata) - Clean up system cert profiles (Endi S. Dewata) - Remove unused ECC profiles (Endi S. Dewata) - Remove unused RA::IsTokendbInitialized() (Endi S. Dewata) - Remove unused RA::IsTpsConfigured() (Endi S. Dewata) - Remove unused RA::InitializeHttpConnections() (Endi S. Dewata) - Remove unused RA::InitializeSignedAudit() (Endi S. Dewata) - Remove unused RA::enable_audit_logging() (Endi S. Dewata) - Remove unused RA::setup_audit_log() (Endi S. Dewata) - Remove unused RA::tdb_activity() (Endi S. Dewata) - Remove unused RA::tdb_update_certificates() (Endi S. Dewata) - Remove unused RA::tdb_update() (Endi S. Dewata) - Remove unused RA token methods (Endi S. Dewata) - Remove unused RA::get_token_state() (Endi S. Dewata) - Remove unused RA::transition_allowed() (Endi S. Dewata) - Tidy up ProfileApproveServlet (Chris Kelley) - Remove MD2, MD5 and SHA-1 options from console UI menus. (Chris Kelley) - Force Date(null) for unmodified token timestamps (Chris Kelley) - Remove unused RA::ra_get_token_policy() (Endi S. Dewata) - Remove unused RA::ra_update_token_policy() (Endi S. Dewata) - Remove unused RA::ra_is_update_pin_resetable_policy() (Endi S. Dewata) - Remove unused RA::ra_is_token_pin_resetable() (Endi S. Dewata) - Remove unused RA::ra_is_tus_db_entry_disabled() (Endi S. Dewata) - Remove unused RA::ra_is_token_present() (Endi S. Dewata) - Remove unused RA::ra_tus_has_active_tokens() (Endi S. Dewata) - Remove unused RA::ra_get_token_status() (Endi S. Dewata) - Remove unused RA::tdb_add_token_entry() (Endi S. Dewata) - Remove unused RA::InitializeTokendb() (Endi S. Dewata) - Remove unused RA::getCertificateUsage() (Endi S. Dewata) - Remove unused RA::verifySystemCertByNickname() (Endi S. Dewata) - Remove unused RA::verifySystemCerts() (Endi S. Dewata) - Remove unused Authentication (Endi S. Dewata) - Remove unused AuthenticationEntry (Endi S. Dewata) - Remove unused RA auth methods and fields (Endi S. Dewata) - Remove unused RA::InitializeAuthentication() (Endi S. Dewata) - Remove unused LDAP_Authentication (Endi S. Dewata) - Remove unused IPublisher (Endi S. Dewata) - Remove unused NetkeyPublisher (Endi S. Dewata) - Remove unused PublisherEntry (Endi S. Dewata) - Remove unused RA::getPublisherById() (Endi S. Dewata) - Remove unused RA::CleanupPublishers() (Endi S. Dewata) - Remove unused RA::InitializePublishers() (Endi S. Dewata) - Remove unused RA Processors (Endi S. Dewata) - Remove unused RA::Child_Shutdown() (Endi S. Dewata) - Remove unused RA::InitializeInChild() (Endi S. Dewata) - Remove redundant PKI_JAVA_PATH (Endi S. Dewata) - Remove redundant RESTEASY_LIB (Endi S. Dewata) - Remove redundant %jaxrs_api_jar macro (Endi S. Dewata) - Remove unused code in CLI wrappers (Endi S. Dewata) - Remove unused RA::Shutdown() (Endi S. Dewata) - Remove unused RA::Initialize() (Endi S. Dewata) - Update log messages in tpsclient (Endi S. Dewata) - Consolidate system cert trust flag setup (Endi S. Dewata) - Update log messages in PKIDeployer.setup_cert() (Endi S. Dewata) - Update tests to display subsystem certs (Endi S. Dewata) - Clean up tests (Endi S. Dewata) - Update test for external CA installation (Endi S. Dewata) - Bug2033100-Invalid-subCA-certs-pkispawn-single (Christina Fu) - Add test for installing TPS with external certs (Endi S. Dewata) - Add test for installing TKS with external certs (Endi S. Dewata) - Clean up tests for installing KRA/OCSP with external certs (Endi S. Dewata) - Add test for installing TPS on separate instance (Endi S. Dewata) - Add test for installing TKS on separate instance (Endi S. Dewata) - Add test for installing OCSP on separate instance (Endi S. Dewata) - Clean up test for installing KRA on separate instance (Endi S. Dewata) - Remove hardcoded serials from standalone KRA/OCSP tests (Endi S. Dewata) - Move CSR/cert extension tests into scripts (Endi S. Dewata) - Update log messages in keygen.py (Endi S. Dewata) - Remove unnecessary else clause from KRAService (Chris Kelley) - Remove unused keyId variable (Chris Kelley) - Update HSM test for PKI NSS CLI (Endi S. Dewata) - Add test for PKI NSS CLI with extensions (Endi S. Dewata) - Add NSSExtensionGenerator.createGenericExtensions() (Endi S. Dewata) - Fix NSSExtensionGenerator.createSANExtension() (Endi S. Dewata) - Fix Invalid Date error in TPS UI (Chris Kelley) - Remove pki_client_database_password from examples (Endi S. Dewata) - Remove pki_client_database_purge from examples (Endi S. Dewata) - Remove admin PKCS12 password file from examples (Endi S. Dewata) - Use -fstack-protector-strong compiler flag (Chris Kelley) - Update DS scripts (Endi S. Dewata) - Clean up DS scripts (Endi S. Dewata) - Remove unused RA SelfTest (Endi S. Dewata) - Update PKIServer.get_sslserver_cert_nickname() (Endi S. Dewata) - Add PKIServer.is_running() (Endi S. Dewata) - Remove PKI symkey library (Endi S. Dewata) - Replace PKI symkey with JSS symkey (Endi S. Dewata) - Use Python 3 no-arg super() in scripts (Chris Kelley) - Remove unused Tomcat systemd link (Endi S. Dewata) - Add CertUtil.getCommonName() (Endi S. Dewata) - Remove unused conf.d folder (Endi S. Dewata) - Update SCEP test (Endi S. Dewata) - Remove unused static info in server.xml (Endi S. Dewata) - Add PKIServer.create_logging_properties() (Endi S. Dewata) - Update log messages in PKIServer class (Endi S. Dewata) - Replace pki_remove_logs param with PKIDeployer.remove_logs (Endi S. Dewata) - Update version number to 11.1.0-alpha2 (Chris Kelley) - Use try-with-resources in KeyRepository (Chris Kelley) - Remove unused subsystem webapp folders (Endi S. Dewata) - Move emails and profiles to config folder (Endi S. Dewata) - Fix pki_source_profiles and pki_subsystem_profiles_path params (Endi S. Dewata) - Replace pki_force_destroy param with PKIDeployer.force (Endi S. Dewata) - Remove unused Setup class (Endi S. Dewata) - Remove unused instanceId variable (Endi S. Dewata) - Replace deprecated Provider constructor (Chris Kelley) - Fix Java home in pki.spec (Endi S. Dewata) - Switch to Java 17 (Endi S. Dewata) - Tidy up logic in JssSubsystem (Chris Kelley) - Tidy up CertDateCompare with a ternary operator (Chris Kelley) - Remove default password for ds-container-create.sh (Endi S. Dewata) - Add default image for runner-init.sh (Endi S. Dewata) - fix kra key recovery automated test for bugzilla 1392616 (#3847) (dpuniaredhat) - Drop preop.internaldb.master (Endi S. Dewata) - Tidy up logic in SecureChannelProtocol classes (Chris Kelley) - Add PKISubsystem.setup_replication() (Endi S. Dewata) - Bug008162-TPS-profile-enforce-permitted-agents (Christina Fu) - Add retry when adding expired profile (#3806) (c-dorney) - Refactor PKISubsystem.update_config() (Endi S. Dewata) - Move UpdateDomainXML audit into SecurityDomainProcessor (Endi S. Dewata) - Add pki nss-cert-find (Endi S. Dewata) - Tidy up WizardBasePanel (Chris Kelley) - Refactor getAuthInfo() into SubsystemCLI to de-duplicate subclass code (Chris Kelley) - Tidy up OCSPNoCheckExtDefault (Chris Kelley) - Tidy up SelfTestSubsystem (Chris Kelley) - Tidy up logic in SecureChannel (Chris Kelley) - Remove unnecessary boolean literals from WIMasterOrClone (Chris Kelley) - Fix Bug 2001169 - Audit event 'ACCESS_SESSION_ESTABLISH' is not generating for PKI instances acting as Server [10.2.1] (#3745) (#3763) (#3822) (c-dorney) - Fix server restart in pkidestroy (Endi S. Dewata) - Clean up SecurityDomainProcessor.removeHost() (Endi S. Dewata) - Clean up SecurityDomainProcessor.addHost() (Endi S. Dewata) - Clean up CMSServlet.auditSubjectID() (Endi S. Dewata) - Tidy up logic in TBSRequest (Chris Kelley) - Generate warnings for deprecated algorithms on server startup (Endi S. Dewata) - Remove hard-coded temp SSL server cert params (Endi S. Dewata) - Remove pkidaemon status (Endi S. Dewata) - Remove unused KRAConnector.execute_using_sslget() (Endi S. Dewata) - Add NSSCertCLI.printCertInfo() (Endi S. Dewata) - Fix pki-server run (Endi S. Dewata) - Clean up help and log messages (Endi S. Dewata) - Update NSSDatabase.create_request(), create_cert(), add_cert() (Endi S. Dewata) - Fix NPE in NSSDatabase.createCertificate() (Endi S. Dewata) - Update log messages in ACME realm (Endi S. Dewata) - Add doc for pki-server -db-access (Endi S. Dewata) - Deprecated all SHA-1 constants, classes and enum entries. (Chris Kelley) - Introduce SubsystemCLI class to refactor out common code (Chris Kelley) - Remove SHA-1 from signingAlgsAllowed in configuration files (Chris Kelley) - Add pki-server -db-access-grant/revoke (Endi S. Dewata) - Bump dependency to JSS 5.1 (Endi S. Dewata) - Replace deprecated constants/methods (Endi S. Dewata) - Add acme-wait.sh (Endi S. Dewata) - Fixes for classpath on F35+ (Chris Kelley) - Bump dependency to Tomcat 9.0.31 (Endi S. Dewata) - Refactor LDAPConfigurator.setupDatabaseManager() (Endi S. Dewata) - Fix replica reinstallation (Endi S. Dewata) - Update LDAPConfigurator (Endi S. Dewata) - Add pki-server -user-del (Endi S. Dewata) - Fix Python warnings (Endi S. Dewata) - Clean up log messages (Endi S. Dewata) - Bump dependency to Python 3.9 (Endi S. Dewata) - Fix pki-server -user-cert description (Endi S. Dewata) - Update CA clone tests (Endi S. Dewata) - Add pki pkcs11 tests (Endi S. Dewata) - Remove unused RAAdminServlet (Chris Kelley) - Update pki pkcs11-cert-find/show (Endi S. Dewata) - Remove unnecessary git dependency in tools tests (Endi S. Dewata) - Use human-readable date format on TPS Agent page (Chris Kelley) - Cache build dependencies (Endi S. Dewata) - Refactor build jobs (Endi S. Dewata) - Fix SAN extension in NSS issuer for ACME (Endi S. Dewata) - Fix default cert validity in NSS issuer for ACME (Endi S. Dewata) - Update pki nss-cert-issue (Endi S. Dewata) - Update pki nss-cert-request (Endi S. Dewata) - Update ACME tests (Endi S. Dewata) - Tidy up GPParams (Chris Kelley) - Automatically detect JUnit tests when running build.sh (Chris Kelley) - Refactor ServerConfiguration.get_connector() (Endi S. Dewata) - Refactor server config folder creation/removal (Endi S. Dewata) - Remove unused references to xml-commons-resolver (Endi S. Dewata) - Tidy up logic in APolicyRule (Chris Kelley) - Check whether server is alive before asking certbot to register (Chris Kelley) - Bug2000184-CMCSharedToken-hsm-nonPSS (Christina Fu) - Refactor ACMEEngine.parseCSR() (part 2) (Endi S. Dewata) - Refactor ACMEEngine.parseCSRSAN() (Endi S. Dewata) - Refactor ACMEEngine.parseCSR() (part 1) (Endi S. Dewata) - Refactor ACMEEngine.parseCSRExtensions() (Endi S. Dewata) - Provide user friendly error message when trying to parse invalid JSON (Chris Kelley) - Tidy up logic in TPSProcessor (Chris Kelley) - Update ACME tests (Endi S. Dewata) - Tidy up logic in CMSAdminServlet (Chris Kelley) - Remove unused method parameter from ProfileCLI.printProfile() (Chris Kelley) - Simplify logic in EnrollDefault (Chris Kelley) - Update ACME tests to use DS container (Endi S. Dewata) - Update TPS tests to use DS container (Endi S. Dewata) - Update TKS tests to use DS container (Endi S. Dewata) - Update OCSP tests to use DS container (Endi S. Dewata) - Simplify logic in EnrollProfile (Chris Kelley) - Remove KRA CLI XML options (Chris Kelley) - Fix typo in KRA test (Endi S. Dewata) - Update ACME test dependencies (Endi S. Dewata) - Fix ds-container-create.sh (Endi S. Dewata) - Remove obsolete scripts (Endi S. Dewata) - Update KRA tests to use DS container (Endi S. Dewata) - Update CA tests using secure DS connection (Endi S. Dewata) - Add ds-container-certs-import.sh (Endi S. Dewata) - Add ds-container-start/stop.sh (Endi S. Dewata) - Fix missing CA test artifacts (Endi S. Dewata) - Update ds-container-remove.sh (Endi S. Dewata) - Close table so that top navigation is at the top (Jon Parrish) - Not a duplicate one is supposed to be at the top (Jon Parrish) - Rename PKIDIR to SHARED (Endi S. Dewata) - Replace XMLObject with JSONObject in RegisterUser (Chris Kelley) - Update ds-container-create/remove.sh (Endi S. Dewata) - Drop dependency on xerces-j2 & xalan-j2 to prepare for Java 17 (Chris Kelley) - Update pkispawn and pkidestroy logging (Endi S. Dewata) - Bug2012349-pkispawn-TKS-TPS-2step-install (Christina Fu) - Remove commented out debug statements in AsymKeyGenService (Chris Kelley) - Remove unnecessary else clauses in AsymKeyGenService (Chris Kelley) - Tidy up logic in KeyRecoveryAuthority (Chris Kelley) - Remove references to PKI console and its theme in tests (Endi S. Dewata) - Modify CA tests to use DS container (Endi S. Dewata) - Add -D option for pkispawn (Endi S. Dewata) - Deprecate XMLObject and replace with JSONObject in UpdateNumberRange (Chris Kelley) - Rename pki-server-theme to pki-theme (Endi S. Dewata) - Rename pki-base-java to pki-java (Endi S. Dewata) - Remove references to resteasy-base (Endi S. Dewata) - Simplify logic in Request (Chris Kelley) - Update version number to 11.1.0-alpha1 (Endi S. Dewata) - Replace XMLObject with JSONObject in ImportTransportCert (Chris Kelley) - Replace XMLObject with JSONObject in CheckIdentity (Chris Kelley) * Tue Mar 6 2018 Dogtag PKI Team 10.6.0-0 - To list changes in since : $ git log --pretty=oneline --abbrev-commit --no-decorate ..