[Pki-devel] Announcing 'Dogtag 10.0.0 (Alpha)'

Adam Young ayoung at redhat.com
Thu Mar 15 18:29:59 UTC 2012 

On 03/14/2012 11:23 PM, Matthew Harmsen wrote:
> The Dogtag team is pleased to announce the availability of an Alpha 
> Release of the Dogtag 10.0 code.
>
> This release contains the following features:
>
> 1. Extension of the functionality of the DRM to store and retrieve 
> symmetric keys and passphrases,
>    rather than only asymmetric keys.  This feature allows the DRM to 
> be used as a secure
>    vault-like storage for essentially any sensitive data.  The data is 
> stored using the same
>    secure FIPS-compliant storage mechanism used to store PKI keys.
> 2. The new DRM functionality is exposed through a new REST interface, 
> provided by the RESTEasy
>    framework.  This provides an intuitive mechanism for writing 
> clients to the interface.  Both
>    Java (using the RESTEasy client proxy framework) and Python clients 
> have been coded.  The
>    server uses standard Java libraries to generate and parse XML or 
> JSON input and output data.
> 3. Extracted authentication and authorization code from the individual 
> servlets into a standard
>    Tomcat authentication realm.  This realm has been configured to 
> require client certificate
>    authentication, and is being used to secure the new DRM REST 
> interface.  In the future, this
>    authentication realm could be extended to include other kinds of 
> authentication (such as
>    Kerberos).  This is part of a push to refactor the code to expose 
> the core business
>    functionality in the servlets, while extracting the ancillary tasks 
> (authentication,
>    authorization, XML parsing and generation, etc.) and using standard 
> methods and libraries to
>    accomplish these tasks.
> 4. Enhanced Java subsystems so that they could connect to the internal 
> database using a
>    non-directory manager user, that is authenticated using client 
> authentication.  This resolves a
>    number of issues with LDAP operations ignoring search limits.  In 
> addition, some changes have
>    been made to allow integrating the Dogtag database with other 
> systems such as IPA.
> 5. A new package pki-deploy contains the initial framework for a 
> Python-based
>    installer/de-installer (pkispawn/pkidestroy) that will be used to 
> install and configure a
>    Dogtag instance.  This will ultimately replace the pki-setup 
> installer/de-installer
>    (pkicreate, pkidestroy) package, and the pki-silent instance 
> configuration (pkisilent) package.
> 6. Much of the focus of this release was on cleaning up and 
> modernizing the Dogtag source code.
>    * Dogtag source code has been moved to git.
>    * Java coding standards have been revised - and the code has been 
> reformatted to match those
>      standards.
>    * Initially, Eclipse reported about 13000 warnings in the dogtag 
> code. Those have been reduced
>      to close to 2400.  This included removing dead and unused code, 
> replacing calls to deprecated
>      functions and replacing raw collections with type-safe generics.
>      NOTE:  These numbers currently exclude console code.
>    * OSUtil is a package that has certain utilities that were not 
> available when the Dogtag code
>      was originally written.  These utilities are now available in 
> current standard
>      libraries - and so this package has been eliminated entirely.
>    * Improved handling of short and long lived threads which allow 
> threads to exit gracefully on
>      shutdown.
>
> The builds can be found at the following links:
>
>    * 
> http://pki.fedoraproject.org/pki/download/pki/10.0.0.alpha/fc16/RPMS/i686   
> - Fedora 16 (32-bit i686)
>    * 
> http://pki.fedoraproject.org/pki/download/pki/10.0.0.alpha/fc16/RPMS/x86_64 
> - Fedora 16 (64-bit x86_64)
>    * 
> http://pki.fedoraproject.org/pki/download/pki/10.0.0.alpha/fc16/SRPMS       
> - Fedora 16 (Source)
>    * 
> http://pki.fedoraproject.org/pki/download/pki/10.0.0.alpha/fc17/RPMS/i686   
> - Fedora 17 (32-bit i686)
>    * 
> http://pki.fedoraproject.org/pki/download/pki/10.0.0.alpha/fc17/RPMS/x86_64 
> - Fedora 17 (64-bit x86_64)
>    * 
> http://pki.fedoraproject.org/pki/download/pki/10.0.0.alpha/fc17/SRPMS       
> - Fedora 17 (Source)
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel


Nice work team.  Well done.


Time to try and break it!

More information about the Pki-devel mailing list