[Pki-devel] Announcing 'Dogtag 10.0.0 (Alpha)'
Adam Young
ayoung at redhat.com
Thu Mar 15 18:29:59 UTC 2012
On 03/14/2012 11:23 PM, Matthew Harmsen wrote:
> The Dogtag team is pleased to announce the availability of an Alpha
> Release of the Dogtag 10.0 code.
>
> This release contains the following features:
>
> 1. Extension of the functionality of the DRM to store and retrieve
> symmetric keys and passphrases,
> rather than only asymmetric keys. This feature allows the DRM to
> be used as a secure
> vault-like storage for essentially any sensitive data. The data is
> stored using the same
> secure FIPS-compliant storage mechanism used to store PKI keys.
> 2. The new DRM functionality is exposed through a new REST interface,
> provided by the RESTEasy
> framework. This provides an intuitive mechanism for writing
> clients to the interface. Both
> Java (using the RESTEasy client proxy framework) and Python clients
> have been coded. The
> server uses standard Java libraries to generate and parse XML or
> JSON input and output data.
> 3. Extracted authentication and authorization code from the individual
> servlets into a standard
> Tomcat authentication realm. This realm has been configured to
> require client certificate
> authentication, and is being used to secure the new DRM REST
> interface. In the future, this
> authentication realm could be extended to include other kinds of
> authentication (such as
> Kerberos). This is part of a push to refactor the code to expose
> the core business
> functionality in the servlets, while extracting the ancillary tasks
> (authentication,
> authorization, XML parsing and generation, etc.) and using standard
> methods and libraries to
> accomplish these tasks.
> 4. Enhanced Java subsystems so that they could connect to the internal
> database using a
> non-directory manager user, that is authenticated using client
> authentication. This resolves a
> number of issues with LDAP operations ignoring search limits. In
> addition, some changes have
> been made to allow integrating the Dogtag database with other
> systems such as IPA.
> 5. A new package pki-deploy contains the initial framework for a
> Python-based
> installer/de-installer (pkispawn/pkidestroy) that will be used to
> install and configure a
> Dogtag instance. This will ultimately replace the pki-setup
> installer/de-installer
> (pkicreate, pkidestroy) package, and the pki-silent instance
> configuration (pkisilent) package.
> 6. Much of the focus of this release was on cleaning up and
> modernizing the Dogtag source code.
> * Dogtag source code has been moved to git.
> * Java coding standards have been revised - and the code has been
> reformatted to match those
> standards.
> * Initially, Eclipse reported about 13000 warnings in the dogtag
> code. Those have been reduced
> to close to 2400. This included removing dead and unused code,
> replacing calls to deprecated
> functions and replacing raw collections with type-safe generics.
> NOTE: These numbers currently exclude console code.
> * OSUtil is a package that has certain utilities that were not
> available when the Dogtag code
> was originally written. These utilities are now available in
> current standard
> libraries - and so this package has been eliminated entirely.
> * Improved handling of short and long lived threads which allow
> threads to exit gracefully on
> shutdown.
>
> The builds can be found at the following links:
>
> *
> http://pki.fedoraproject.org/pki/download/pki/10.0.0.alpha/fc16/RPMS/i686
> - Fedora 16 (32-bit i686)
> *
> http://pki.fedoraproject.org/pki/download/pki/10.0.0.alpha/fc16/RPMS/x86_64
> - Fedora 16 (64-bit x86_64)
> *
> http://pki.fedoraproject.org/pki/download/pki/10.0.0.alpha/fc16/SRPMS
> - Fedora 16 (Source)
> *
> http://pki.fedoraproject.org/pki/download/pki/10.0.0.alpha/fc17/RPMS/i686
> - Fedora 17 (32-bit i686)
> *
> http://pki.fedoraproject.org/pki/download/pki/10.0.0.alpha/fc17/RPMS/x86_64
> - Fedora 17 (64-bit x86_64)
> *
> http://pki.fedoraproject.org/pki/download/pki/10.0.0.alpha/fc17/SRPMS
> - Fedora 17 (Source)
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
Nice work team. Well done.
Time to try and break it!
More information about the Pki-devel
mailing list