[Pki-devel] [PATCH] RHCS 8.1 - SAN Multi-Host Patches (preliminary) [UPDATE 20130410]
Matthew Harmsen
mharmsen at redhat.com
Thu Apr 11 03:37:08 UTC 2013
On 04/08/13 17:02, Matthew Harmsen wrote:
> Please perform an initial code review on the attached patches (only
> applicable for RHCS 8.1 on RHEL 5).
>
Three new patches (two which are revisions to the previous patches, and
one which represents a simple recursive diffs between the two 'pki'
trees which contain the code changes) have been attached with address
the following issues raised during code review (also see inline comments
regarding other issues):
* base/common/src/com/netscape/cms/authentication/TokenAuthentication.java:
o remove CMS.debug("TokenAuthentication: givenHost=" + givenHost);
* base/common/src/com/netscape/cms/servlet/csadmin/*Panel.java:
o rename 'buildSANsslserverURLextension' to
'buildSANSSLserverURLExtension'
o fix preop.ca.hostname (be explicit as to which host this refers to)
* base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java:
o try to make them all use EE host and EE port (which did not work
as the EE connection is unavailable during installation of a CA)
o since that did not work for all cases, fixed all cases to
utilize Admin host and Admin port as requested
* base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java:
o break line CMS.debug("WizardPanelBase updateDomainXML start
hostname=" + hostname + " port=" + port + " url=" + servlet + "
content=" + uri);
o change 'Vector v_admin_host = parser.getValuesFromContainer(
nodeList.item(i), "Host" );' to 'Vector v_admin_host =
parser.getValuesFromContainer( nodeList.item(i), "AdminHost" );'
* base/pkisilent/templates:
o fixed failure of pkisilent to successfully configure a PKI instance
o New IP Port Separation pkisilent templates have been created for
CA, KRA, OCSP, and TKS
o New pkisilent templates for CA and KRA utilizing IP Port
Separation were successfully executed
* base/setup/pkicommon:
o make 'addr' a local variable rather than global variable
o used join() for SAN uniqueness routine
o renamed 'IsPortConfigurationModeValid' to
'get_port_configuration_mode' and changed it to return strings
rather than integers
o added logic to check for unlabeled ports being defined on
installation host primarily to support IP Separation (e. g. -
all interfaces distinguishable by unique IPs using a common port)
The lone remaining item that MUST be addressed (besides any additional
feedback associated with these revised patches) is:
* reported concerns regarding the ability to install/configure an
RA/TPS instance which uses the existing code changes requiredfor
interaction with the revised security domain
* will be investigated starting on 4/11/2013
The new patches do not address the following items from the previous
code review, and may not be addressed due to schedule and resources:
* base/setup/pkiremove:
o revive 'use strict' - was removed since 'pkiremove' now
references variables from the 'require pkicommon' file; this was
probably the cause for 'use strict' not being a part of 'pkicreate'
o in pkiremove, in the function where is is determined which
selinux ports to remove, the $i variable is used to track the
index of the array - no need to do that -- just use append()
* base/setup/pkicommon:
o modularization of IsPortConfigurationModeValid() - e. g. -
uniqueness helper functions to replace large conditional blocks
o refactor IsPortConfigurationModeValid() - rejected as it was
discussed that since the code has been tested numerous times,
and while this may help with maintainability, this code is only
used for the 8.1 code base errata process
o standardize coding style - rejected for the 8.1 code base --
this has already been addressed in the Dogtag 10 code base
-- Matt
> The following two patches address:
>
> * 'pkicreate' now does three types of port configuration:
> o IP Port Separation
> o Port Separation
> o Shared Ports (deprecated)
> * security manager issue was fixed
> * new security domain schema is complete
> * the security domain has been implementedto comply with this new schema
> * generated a multi-host CA complete with an SSL Server Certificate
> containing SAN information (utilizes profile framework)
> * generated a multi-host KRA complete with an SSL Server Certificate
> containing SAN information (utilizes name/value pairs passed in
> via the enrollment URL which are processed via the profile framework)
> * addressed 'TokenAuthenticate' SSL_ForceHandshake issue by
> utilizing DNSName instead of DirectoryName attributes in the SSL
> Server certificate SAN extensions
> * applied the checkIP() feature described in 'Bugzilla Bug #708075
> -Clone installation does not work over NAT'
> * applied substitution of raw IP addresses from 'pkicreate' into the
> 'server.xml' to support the new IP Port Separation mode
>
> Development test info:
>
> * pki-ip-host (installation host - RHEL 5.9 x86_64)
> o pki-ca-agent (CA agent interface - virtual IP)
> o pki-ca-ee (CA EE interface- virtual IP)
> o pki-ca-ee-ca (CA EE clientauth interface- virtual IP)
> o pki-ca-admin (CA admin interface- virtual IP)
> o pki-kra-agent (KRA agent interface- virtual IP)
> o pki-kra-ee (KRA EE interface- virtual IP)
> o pki-kra-admin (KRA admin interface- virtual IP)
> * pki-rhel6 (RHDS 9.1 - RHEL 6.3 x86_64 which uses a different domain)
>
> Thus far, only the following tests have been run against these patches:
>
> * successfully tested regression case of CA and KRA installed using
> Port Separation
> * successfully tested sanity case of CA and KRA installed using IP
> Port Separation
> * successfully tested mixed mode deployment case of a CA installed
> using Port Separation and a KRA installed using IP Port Separation
> * successfully tested mixed mode deployment case of a CA installed
> using IP Port Separation and a KRA installed using Port Separation
> * successfully tested miscellaneous case of specifying a CA with
> four virtual IPs (none of which belonged to the host that the
> server was being installed upon) using IP Port Separation
> * successfully tested miscellaneous case of CA and KRA installed
> using IP Port Separation utilizing unique IP addresses for each
> interface (none of which specified the installation host IP), but
> specifying the same HTTP/HTTPS port numbers (e. g. - 19080/19443)
> and unique ports for Tomcat (9701/10701)
> o NOTE: I managed to successfully test this case with SELinux
> in Enforcing mode -- this is because the only ports that would
> be labeled are the Tomcat ports which exist on the
> installation machine (which do not in this case, as they are
> the default cases for pki_ca_port_t and pki_kra_port_t). In
> this test case, since none of the interfaces refer to the
> installation machine IP, none of these ports are labeled by
> SELinux. The 'pkicreate' executable enforces unique
> <hostname:port> entries. While a second instance (e. g. -
> KRA) could be installed re-using the <hostname:port> entries
> specified (e. g. - CA), the two instances could not be started
> simultaneously due to an inability to bind
> (java.net.BindException: Address already in use) - see
> 'netstat -a | grep <host>' or 'netstat -a | grep <port>'.
> * successfully tested miscellaneous case of installing a CA using IP
> Port Separation which was configured using a customized SAN
> 'serverCert.profile' which included two additional SAN entries on
> top of the entries computed for IP Port Separation
>
> The following issues are still actively being addressed:
>
> * failure of java security manager to allow server to start when
> specifying non-installation host ports 80/443 (SELinux in
> permissive mode) results in (java.net.BindException: Permission
> denied:80) - (i. e. - see
> http://www.jvmhost.com/articles/java-net-bindexception-permisssion-denied-operation-not-permitted)
>
This issue will be documented, and does not block the release of this patch.
>
> *
> * failure of pkisilent to successfully configure a PKI instance
>
Fixed -- new pkisilent templates for CA and KRA utilizing IP Port
Separation were successfully executed. New IP Port Separation pkisilent
templates have been created for CA, KRA, OCSP, and TKS.
>
> * reported concerns regarding the ability to install/configure an
> RA/TPS instance which uses the existing code changes requiredfor
> interaction with the revised security domain
>
>
This last remaining issue will be investigated starting on 4/11/2013.
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20130410/be358e8b/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 20130410_redhat_san_multi_host.patch
Type: text/x-patch
Size: 3821 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20130410/be358e8b/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 20130410_san_multi_host.patch
Type: text/x-patch
Size: 355150 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20130410/be358e8b/attachment-0001.bin>
-------------- next part --------------
diff -r 20130408/pki/base/common/src/com/netscape/cms/authentication/TokenAuthentication.java 20130410/pki/base/common/src/com/netscape/cms/authentication/TokenAuthentication.java
149d148
< CMS.debug("TokenAuthentication: givenHost=" + givenHost);
diff -r 20130408/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java 20130410/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java
246a247,251
> // preop.ca.hostname = CA EE Hostname
> //
> // preop.ca.list=
> // Certificate Authority - https://<CA EE Host>:<Secure CA EE port>,
> // ...,External CA
diff -r 20130408/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java 20130410/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java
291,292c291,292
< String ca_hostname = null;
< int ca_port = -1;
---
> String ca_ee_hostname = null;
> int ca_ee_port = -1;
301,302c301,302
< ca_hostname = config.getString("preop.ca.hostname");
< ca_port = config.getInteger("preop.ca.httpsport");
---
> ca_ee_hostname = config.getString("preop.ca.hostname");
> ca_ee_port = config.getInteger("preop.ca.httpsport");
307,308c307,310
< ca_hostname = config.getString("securitydomain.eehost", "");
< ca_port = config.getInteger("securitydomain.httpseeport");
---
> ca_ee_hostname = config.getString(
> "securitydomain.eehost", "");
> ca_ee_port = config.getInteger(
> "securitydomain.httpseeport");
313c315,316
< submitRequest(ca_hostname, ca_port, request, response, context);
---
> submitRequest(ca_ee_hostname, ca_ee_port, request, response,
> context);
433c436
< private void submitRequest(String ca_hostname, int ca_port, HttpServletRequest request,
---
> private void submitRequest(String ca_ee_hostname, int ca_ee_port, HttpServletRequest request,
466c469
< httpclient.connect(ca_hostname, ca_port);
---
> httpclient.connect(ca_ee_hostname, ca_ee_port);
diff -r 20130408/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java 20130410/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java
182,183c182,183
< String host = "";
< int httpsport = -1;
---
> String ca_ee_host = "";
> int ca_ee_httpsport = -1;
185c185
< host = config.getString("preop.ca.hostname");
---
> ca_ee_host = config.getString("preop.ca.hostname");
188,189c188,189
< context.put("errorString", "Missing hostname");
< throw new IOException("Missing hostname");
---
> context.put("errorString", "Missing CA EE hostname");
> throw new IOException("Missing CA EE hostname");
193c193
< httpsport = config.getInteger("preop.ca.httpsport");
---
> ca_ee_httpsport = config.getInteger("preop.ca.httpsport");
196,197c196,197
< context.put("errorString", "Missing port");
< throw new IOException("Missing port");
---
> context.put("errorString", "Missing Secure CA EE port");
> throw new IOException("Missing Secure CA EE port");
203c203,204
< boolean authenticated = authenticate(host, httpsport, true,
---
> boolean authenticated = authenticate(ca_ee_host, ca_ee_httpsport,
> true,
diff -r 20130408/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java 20130410/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java
151,152c151,152
< String host = "";
< int httpsport = -1;
---
> String ca_ee_host = "";
> int ca_ee_httpsport = -1;
154c154
< host = config.getString("preop.ca.hostname");
---
> ca_ee_host = config.getString("preop.ca.hostname");
157,158c157,158
< context.put("errorString", "Missing hostname");
< throw new IOException("Missing hostname");
---
> context.put("errorString", "Missing CA EE hostname");
> throw new IOException("Missing CA EE hostname");
162c162
< httpsport = config.getInteger("preop.ca.httpsport");
---
> ca_ee_httpsport = config.getInteger("preop.ca.httpsport");
165,166c165,166
< context.put("errorString", "Missing port");
< throw new IOException("Missing port");
---
> context.put("errorString", "Missing Secure CA EE port");
> throw new IOException("Missing Secure CA EE port");
169c169,170
< boolean authenticated = authenticate(host, httpsport, true,
---
> boolean authenticated = authenticate(ca_ee_host, ca_ee_httpsport,
> true,
diff -r 20130408/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java 20130410/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java
384c384
< // "buildSANsslserverURLextension()"
---
> // "buildSANSSLserverURLExtension()"
389c389
< public static String buildSANsslserverURLextension(IConfigStore config)
---
> public static String buildSANSSLserverURLExtension(IConfigStore config)
394c394
< CMS.debug("CertUtil: buildSANsslserverURLextension() " +
---
> CMS.debug("CertUtil: buildSANSSLserverURLExtension() " +
401c401
< CMS.debug("CertUtil: buildSANsslserverURLextension() processing " +
---
> CMS.debug("CertUtil: buildSANSSLserverURLExtension() processing " +
411c411
< CMS.debug("CertUtil: buildSANsslserverURLextension() " + "placed " +
---
> CMS.debug("CertUtil: buildSANSSLserverURLExtension() " + "placed " +
diff -r 20130408/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java 20130410/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java
257a258,266
> CMS.debug("CreateSubsystemPanel: update " +
> "cstype=" + cstype +
> " EE host (preop.master.hostname)=" + host +
> " EE port (preop.master.hostname)=" +
> String.valueOf(https_ee_port) +
> " Admin host (preop.master.httpsadminhost)=" +
> https_admin_host +
> " Admin port (preop.master.httpsadminport)=" +
> https_admin_port);
diff -r 20130408/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java 20130410/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java
221c221
< String ca_host = "";
---
> String ca_ee_host = "";
227c227
< ca_host = cs.getString("preop.ca.hostname", "");
---
> ca_ee_host = cs.getString("preop.ca.hostname", "");
231c231
< if (ca_host.equals(""))
---
> if (ca_ee_host.equals(""))
447c447
< if (type.equals("KRA") && !ca_host.equals("")) {
---
> if (type.equals("KRA") && !ca_ee_host.equals("")) {
464c464
< if (type.equals("OCSP") && !ca_host.equals("")) {
---
> if (type.equals("OCSP") && !ca_ee_host.equals("")) {
566a567
> // preop.ca.hostname = CA EE Hostname
575a577,579
> // preop.ca.list=
> // Certificate Authority - https://<CA EE Host>:<Secure CA EE port>,
> // ...,External CA
660,661c664,665
< String cahost = "";
< int caport = -1;
---
> String ca_ee_host = "";
> int ca_ee_port = -1;
666,667c670,671
< cahost = config.getString("preop.ca.hostname", "");
< caport = config.getInteger("preop.ca.httpsport", -1);
---
> ca_ee_host = config.getString("preop.ca.hostname", "");
> ca_ee_port = config.getInteger("preop.ca.httpsport", -1);
679c683
< updateOCSPConfig(cahost, caport, true, content, response);
---
> updateOCSPConfig(ca_ee_host, ca_ee_port, true, content, response);
752,753c756,757
< String host = "";
< int port = -1;
---
> String ca_ee_host = "";
> int ca_ee_port = -1;
755,756c759,760
< host = cs.getString("preop.ca.hostname", "");
< port = cs.getInteger("preop.ca.httpsport", -1);
---
> ca_ee_host = cs.getString("preop.ca.hostname", "");
> ca_ee_port = cs.getInteger("preop.ca.httpsport", -1);
760c764
< return "CA-" + host + "-" + port;
---
> return "CA-" + ca_ee_host + "-" + ca_ee_port;
770a775
> // preop.ca.url=https://<CA EE Host>:<Secure CA EE Port>
diff -r 20130408/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java 20130410/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java
130,131c130,131
< String caHost = "";
< String caPort = "";
---
> String ca_admin_host = "";
> String ca_admin_port = "";
137,142c137,145
< // this is a non-CA system that has elected to have its certificates
< // signed by a CA outside of the security domain.
< // in this case, we submitted the cert request for the admin cert to
< // the security domain EE host and EE port.
< caHost = cs.getString("securitydomain.eehost", "");
< caPort = cs.getString("securitydomain.httpseeport", "");
---
> // This is a non-CA system that has elected to have its
> // certificates signed by a CA outside of the security
> // domain. In this case, we submitted the cert request
> // for the admin cert to the security domain Admin host
> // and Admin port.
> ca_admin_host = cs.getString(
> "securitydomain.adminhost", "");
> ca_admin_port = cs.getString(
> "securitydomain.httpsadminport", "");
144c147,148
< "caHost=" + caHost + " caPort=" + caPort);
---
> "ca_admin_host=" + ca_admin_host +
> " ca_admin_port=" + ca_admin_port);
148,153c152,167
< // this is a non-CA system that submitted its certs to a CA
< // within the security domain. In this case, we submitted the cert
< // request for the admin cert to this CA
< // (via the CA EE host and CA EE port)
< caHost = cs.getString("preop.ca.hostname", "");
< caPort = cs.getString("preop.ca.httpsport", "");
---
> // This is a non-CA system that submitted its certs to
> // a CA within the security domain. In this case, we
> // submitted the cert request for the admin cert to
> // this CA via the CA Admin host and CA Admin port
> // after using the associated CA EE host and CA EE port
> // to look them up in the security domain.
> String ca_ee_host = cs.getString("preop.ca.hostname", "");
> String ca_ee_port = cs.getString("preop.ca.httpsport", "");
> ca_admin_host = getSecurityDomainAdminHost(cs,
> ca_ee_host,
> ca_ee_port,
> "CA");
> ca_admin_port = getSecurityDomainAdminPort(cs,
> ca_ee_host,
> ca_ee_port,
> "CA");
155c169,172
< "caHost=" + caHost + " caPort=" + caPort);
---
> "ca_ee_host=" + ca_ee_host +
> " ca_ee_port=" + ca_ee_port +
> " ca_admin_host=" + ca_admin_host +
> " ca_admin_port=" + ca_admin_port);
160c177,179
< // send our own connection details
---
> // send our own connection details which must utilize
> // the CA Admin Host and CA Admin Port since the EE
> // connection for this CA is not yet available
162,163c181,182
< caHost = cs.getString("service.adminMachineName", "");
< caPort = cs.getString("pkicreate.admin_secure_port", "");
---
> ca_admin_host = cs.getString("service.adminMachineName", "");
> ca_admin_port = cs.getString("pkicreate.admin_secure_port", "");
165c184,185
< "caHost=" + caHost + " caPort=" + caPort);
---
> "ca_admin_host=" + ca_admin_host +
> " ca_admin_port=" + ca_admin_port);
176,177c196,197
< context.put("caHost", caHost);
< context.put("caPort", caPort);
---
> context.put("caHost", ca_admin_host);
> context.put("caPort", ca_admin_port);
diff -r 20130408/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java 20130410/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java
299a300,302
> // preop.ca.list=
> // Certificate Authority - https://<CA EE Host>:<Secure CA EE port>,
> // ...,External CA
495,496c498,499
< String ca_hostname = "";
< int ca_port = -1;
---
> String ca_ee_hostname = "";
> int ca_ee_port = -1;
498,499c501,504
< ca_hostname = config.getString("preop.ca.hostname", "");
< ca_port = config.getInteger("preop.ca.httpsport", -1);
---
> ca_ee_hostname = config.getString(
> "preop.ca.hostname", "");
> ca_ee_port = config.getInteger(
> "preop.ca.httpsport", -1);
514c519
< CertUtil.buildSANsslserverURLextension(config);
---
> CertUtil.buildSANSSLserverURLExtension(config);
518,519c523,524
< cert = CertUtil.createRemoteCert(ca_hostname, ca_port,
< content, response, this);
---
> cert = CertUtil.createRemoteCert(ca_ee_hostname,
> ca_ee_port, content, response, this);
716a722,724
> // preop.ca.list=
> // Certificate Authority - https://<CA EE Host>:<Secure CA EE port>,
> // ...,External CA
763a772
> // preop.ca.url=https://<CA EE Host>:<Secure CA EE Port>
803a813
> // preop.ca.url=https://<CA EE Host>:<Secure CA EE Port>
890,891c900,902
< private void updateCloneSDCAInfo(HttpServletRequest request, Context context, String hostname, String httpsPortStr) throws IOException {
< CMS.debug("NamePanel updateCloneSDCAInfo: selected CA hostname=" + hostname + " port=" + httpsPortStr);
---
> private void updateCloneSDCAInfo(HttpServletRequest request, Context context, String ca_ee_hostname, String ca_ee_httpsPortStr) throws IOException {
> CMS.debug("NamePanel updateCloneSDCAInfo: selected CA EE hostname=" +
> ca_ee_hostname + " Secure CA EE port=" + ca_ee_httpsPortStr);
896c907
< if (hostname == null || hostname.length() == 0) {
---
> if (ca_ee_hostname == null || ca_ee_hostname.length() == 0) {
904,905c915,916
< hostname,
< httpsPortStr,
---
> ca_ee_hostname,
> ca_ee_httpsPortStr,
908,909c919,920
< hostname,
< httpsPortStr,
---
> ca_ee_hostname,
> ca_ee_httpsPortStr,
910a922,926
> CMS.debug("NamePanel: updateCloneSDCAInfo " +
> "ca_ee_hostname=" + ca_ee_hostname +
> " ca_ee_httpsPortStr=" + ca_ee_httpsPortStr +
> " https_admin_host=" + https_admin_host +
> " https_admin_port=" + https_admin_port);
912c928
< int httpsport = -1;
---
> int ca_ee_httpsport = -1;
915c931
< httpsport = Integer.parseInt(httpsPortStr);
---
> ca_ee_httpsport = Integer.parseInt(ca_ee_httpsPortStr);
917,920c933,935
< CMS.debug(
< "NamePanel update: Https port is not valid. Exception: "
< + e.toString());
< throw new IOException("Https Port is not valid.");
---
> CMS.debug("NamePanel update: Https CA EE port is not valid. " +
> "Exception: " + e.toString());
> throw new IOException("Https CA EE Port is not valid.");
923,924c938,940
< config.putString("preop.ca.hostname", hostname);
< config.putString("preop.ca.httpsport", httpsPortStr);
---
> // <CA EE host>:<Secure CA EE port> from preop.ca.list
> config.putString("preop.ca.hostname", ca_ee_hostname);
> config.putString("preop.ca.httpsport", ca_ee_httpsPortStr);
929c945
< private void sdca(HttpServletRequest request, Context context, String hostname, String httpsPortStr) throws IOException {
---
> private void sdca(HttpServletRequest request, Context context, String ca_ee_hostname, String ca_ee_httpsPortStr) throws IOException {
931c947,948
< CMS.debug("NamePanel update: selected CA hostname=" + hostname + " port=" + httpsPortStr);
---
> CMS.debug("NamePanel update: selected CA EE hostname=" +
> ca_ee_hostname + " Secure CA EE port=" + ca_ee_httpsPortStr);
936,937c953,954
< context.put("sdcaHostname", hostname);
< context.put("sdHttpPort", httpsPortStr);
---
> context.put("sdcaHostname", ca_ee_hostname);
> context.put("sdHttpPort", ca_ee_httpsPortStr);
939c956
< if (hostname == null || hostname.length() == 0) {
---
> if (ca_ee_hostname == null || ca_ee_hostname.length() == 0) {
947,948c964,965
< hostname,
< httpsPortStr,
---
> ca_ee_hostname,
> ca_ee_httpsPortStr,
951,952c968,969
< hostname,
< httpsPortStr,
---
> ca_ee_hostname,
> ca_ee_httpsPortStr,
953a971,975
> CMS.debug("NamePanel: sdca " +
> "ca_ee_hostname=" + ca_ee_hostname +
> " ca_ee_httpsPortStr=" + ca_ee_httpsPortStr +
> " https_admin_host=" + https_admin_host +
> " https_admin_port=" + https_admin_port);
959,960c981,983
< CMS.debug("NamePanel update: Https port is not valid. Exception: " + e.toString());
< throw new IOException("Https Port is not valid.");
---
> CMS.debug("NamePanel update: Https CA Admin port is not valid. " +
> "Exception: " + e.toString());
> throw new IOException("Https CA Admin Port is not valid.");
963,964c986,988
< config.putString("preop.ca.hostname", hostname);
< config.putString("preop.ca.httpsport", httpsPortStr);
---
> // <CA EE host>:<Secure CA EE port> from preop.ca.url
> config.putString("preop.ca.hostname", ca_ee_hostname);
> config.putString("preop.ca.httpsport", ca_ee_httpsPortStr);
diff -r 20130408/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java 20130410/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java
238c238,240
< CMS.debug("WizardPanelBase updateDomainXML start hostname=" + hostname + " port=" + port + " url=" + servlet + " content=" + uri);
---
> CMS.debug("WizardPanelBase updateDomainXML start hostname=" +
> hostname + " port=" + port + " url=" + servlet +
> " content=" + uri);
1191c1193
< "Host" );
---
> "AdminHost" );
diff -r 20130408/pki/base/setup/pkicommon 20130410/pki/base/setup/pkicommon
224a225
> $PKI_UNKNOWN_PORT_MODE = "Unknown Port Mode";
258d258
< my $addr = "";
662a663,664
> my( $host ) = @_;
> my $addr = "";
664c666
< if( $_[0] !~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/ ) {
---
> if( $host !~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/ ) {
666c668
< ( $addr ) = inet_ntoa( ( gethostbyname( $_[0] ) )[4] );
---
> ( $addr ) = inet_ntoa( ( gethostbyname( $host ) )[4] );
669c671
< $addr = $_[0];
---
> $addr = $host;
673c675
< $addr = $_[0];
---
> $addr = $host;
716,720c718,724
< # return 3 - IP Separated Port configuration mode is valid (success)
< # return 2 - Separated Port configuration mode is valid (success)
< # return 1 - RA/TPS/Shared Port configuration mode is valid (success)
< # return 0 - specified port configuration mode has a conflict (failure)
< sub IsPortConfigurationModeValid
---
> # return $PKI_IP_PORT_SEPARATION_MODE
> # return $PKI_PORT_SEPARATION_MODE
> # return $PKI_SHARED_PORTS_MODE
> # return $RA_PORTS_MODE
> # return $TPS_PORTS_MODE
> # return $PKI_UNKNOWN_PORT_MODE
> sub get_port_configuration_mode
749c753
< return 0;
---
> return $PKI_UNKNOWN_PORT_MODE;
757c761
< return 0;
---
> return $PKI_UNKNOWN_PORT_MODE;
761c765
< return 0;
---
> return $PKI_UNKNOWN_PORT_MODE;
767c771
< return 0;
---
> return $PKI_UNKNOWN_PORT_MODE;
776c780
< return 0;
---
> return $PKI_UNKNOWN_PORT_MODE;
779c783
< return 1;
---
> return $PKI_SHARED_PORTS_MODE;
804c808
< return 0;
---
> return $PKI_UNKNOWN_PORT_MODE;
807c811
< return 2;
---
> return $PKI_PORT_SEPARATION_MODE;
821c825
< return 0;
---
> return $PKI_UNKNOWN_PORT_MODE;
833c837
< return 0;
---
> return $PKI_UNKNOWN_PORT_MODE;
851c855
< return 0;
---
> return $PKI_UNKNOWN_PORT_MODE;
874c878
< return 0;
---
> return $PKI_UNKNOWN_PORT_MODE;
877c881
< return 3;
---
> return $PKI_IP_PORT_SEPARATION_MODE;
894c898
< return 0;
---
> return $PKI_UNKNOWN_PORT_MODE;
897c901
< return 3;
---
> return $PKI_IP_PORT_SEPARATION_MODE;
907,910c911,917
< return 0;
< } else {
< # Specified RA/TPS connector ports are valid!
< return 1;
---
> return $PKI_UNKNOWN_PORT_MODE;
> } elsif( $subsystem_type eq $RA ) {
> # Specified RA connector ports are valid!
> return $RA_PORTS_MODE;
> } elsif( $subsystem_type eq $TPS ) {
> # Specified TPS connector ports are valid!
> return $TPS_PORTS_MODE;
932,939c939
< my $unique_list = "";
< foreach my $unique_item (@unique_items) {
< if( $unique_list eq "" ) {
< $unique_list = $unique_item;
< } else {
< $unique_list = $unique_list . "," . $unique_item;
< }
< }
---
> my $unique_list = join(",", @unique_items);
diff -r 20130408/pki/base/setup/pkicreate 20130410/pki/base/setup/pkicreate
406a407
> my $getenforce = "/usr/sbin/getenforce";
411a413,415
> my $SELINUX_MODE_DISABLED = "Disabled";
> my $SELINUX_MODE_ENFORCING = "Enforcing";
> my $SELINUX_MODE_PERMISSIVE = "Permissive";
1523,1536c1527,1540
< my $rv = IsPortConfigurationModeValid( $subsystem_type,
< $secure_port,
< $unsecure_port,
< $non_clientauth_secure_port,
< $agent_secure_port,
< $ee_secure_port,
< $ee_secure_client_auth_port,
< $admin_secure_port,
< $tomcat_server_port,
< $agent_hostname,
< $ee_hostname,
< $ee_client_auth_hostname,
< $admin_hostname );
< if( $rv == 3 ) {
---
> my $mode = get_port_configuration_mode( $subsystem_type,
> $secure_port,
> $unsecure_port,
> $non_clientauth_secure_port,
> $agent_secure_port,
> $ee_secure_port,
> $ee_secure_client_auth_port,
> $admin_secure_port,
> $tomcat_server_port,
> $agent_hostname,
> $ee_hostname,
> $ee_client_auth_hostname,
> $admin_hostname );
> if( $mode eq $PKI_IP_PORT_SEPARATION_MODE ) {
1564c1568
< } elsif( $rv == 2 ) {
---
> } elsif( $mode eq $PKI_PORT_SEPARATION_MODE ) {
1588,1632c1592,1610
< } elsif( $rv == 1 ) {
< if( $subsystem_type ne $RA && $subsystem_type ne $TPS ) {
< # Set port configuration mode
< $port_configuration_mode = $PKI_SHARED_PORTS_MODE;
<
< # Set all '<hostnames>' equal to the local FQDN hostname
< $agent_hostname = $host;
< $ee_hostname = $host;
< if( $subsystem_type eq $CA ) {
< $ee_client_auth_hostname = $host;
< }
< $admin_hostname = $host;
< $san_hostnames = $host;
<
< # Establish all '<hostname>:<port>' URIs
< $agent_uri = $agent_hostname . ':' . $secure_port;
< $ee_uri = $ee_hostname . ':' . $secure_port;
< if( $subsystem_type eq $CA ) {
< $ee_client_auth_uri = $ee_client_auth_hostname . ':'
< . $secure_port;
< }
< $admin_uri = $admin_hostname . ':' . $secure_port;
< $unsecure_uri = $ee_hostname . ':' . $unsecure_port;
< $tomcat_uri = $host . ':' . $tomcat_server_port;
< emit( " Using 'Shared Ports' Configuration Mode\n" );
< } else {
< # Set port configuration mode
< if( $subsystem_type eq $RA ) {
< $port_configuration_mode = $PKI_RA_PORTS_MODE;
< } elsif( $subsystem_type eq $TPS ) {
< $port_configuration_mode = $PKI_TPS_PORTS_MODE;
< }
<
< # Set all '<hostnames>' equal to the local FQDN hostname
< $agent_hostname = $host;
< $ee_hostname = $host;
< $admin_hostname = $host;
< $san_hostnames = $host;
<
< # Establish all '<hostname>:<port>' URIs
< $agent_uri = $agent_hostname . ':' . $secure_port;
< $ee_uri = $ee_hostname . ':' . $secure_port;
< $admin_uri = $admin_hostname . ':' . $secure_port;
< $unsecure_uri = $ee_hostname . ':' . $unsecure_port;
< emit( " Using '$SUBSYSTEM_TYPE Ports' Configuration Mode\n" );
---
> } elsif( $mode eq $PKI_SHARED_PORTS_MODE ) {
> # Set port configuration mode
> $port_configuration_mode = $PKI_SHARED_PORTS_MODE;
>
> # Set all '<hostnames>' equal to the local FQDN hostname
> $agent_hostname = $host;
> $ee_hostname = $host;
> if( $subsystem_type eq $CA ) {
> $ee_client_auth_hostname = $host;
> }
> $admin_hostname = $host;
> $san_hostnames = $host;
>
> # Establish all '<hostname>:<port>' URIs
> $agent_uri = $agent_hostname . ':' . $secure_port;
> $ee_uri = $ee_hostname . ':' . $secure_port;
> if( $subsystem_type eq $CA ) {
> $ee_client_auth_uri = $ee_client_auth_hostname . ':'
> . $secure_port;
1634c1612,1648
< } elsif( $rv == 0 ) {
---
> $admin_uri = $admin_hostname . ':' . $secure_port;
> $unsecure_uri = $ee_hostname . ':' . $unsecure_port;
> $tomcat_uri = $host . ':' . $tomcat_server_port;
> emit( " Using 'Shared Ports' Configuration Mode\n" );
> } elsif( $mode eq $RA_PORTS_MODE ) {
> # Set port configuration mode
> $port_configuration_mode = $PKI_RA_PORTS_MODE;
>
> # Set all '<hostnames>' equal to the local FQDN hostname
> $agent_hostname = $host;
> $ee_hostname = $host;
> $admin_hostname = $host;
> $san_hostnames = $host;
>
> # Establish all '<hostname>:<port>' URIs
> $agent_uri = $agent_hostname . ':' . $secure_port;
> $ee_uri = $ee_hostname . ':' . $secure_port;
> $admin_uri = $admin_hostname . ':' . $secure_port;
> $unsecure_uri = $ee_hostname . ':' . $unsecure_port;
> emit( " Using '$RA Ports' Configuration Mode\n" );
> } elsif( $mode eq $TPS_PORTS_MODE ) {
> # Set port configuration mode
> $port_configuration_mode = $PKI_TPS_PORTS_MODE;
>
> # Set all '<hostnames>' equal to the local FQDN hostname
> $agent_hostname = $host;
> $ee_hostname = $host;
> $admin_hostname = $host;
> $san_hostnames = $host;
>
> # Establish all '<hostname>:<port>' URIs
> $agent_uri = $agent_hostname . ':' . $secure_port;
> $ee_uri = $ee_hostname . ':' . $secure_port;
> $admin_uri = $admin_hostname . ':' . $secure_port;
> $unsecure_uri = $ee_hostname . ':' . $unsecure_port;
> emit( " Using '$TPS Ports' Configuration Mode\n" );
> } elsif( $mode eq $PKI_UNKNOWN_PORT_MODE ) {
3954,3956c3968,3986
< # always check to make certain that the AGENT, EE, EE_Client_Auth,
< # ADMIN, and UNSECURE ports refer to ports located on the
< # installation host ($host) prior to making any attempt to label them
---
> # Always check to make certain that the AGENT, EE, EE_Client_Auth,
> # ADMIN, and UNSECURE ports refer to ports located on the installation
> # host ($host) prior to making any attempt to label them using SELinux.
> #
> # The primary purpose of this is to allow the user to implement
> # IP Separation (e. g. - all interfaces distinguishable by unique
> # IPs using a common port), while still leaving the installation host
> # protected by SELinux in Enforcing mode.
> #
> # It should be noted, however, that if an interface port is allowed to be
> # unlabeled, in order to avoid potential port-level SELinux binding issues
> # on the installation host, always check to make certain that the specified
> # port has not previously been labeled on the installation host.
> #
> # IMPORTANT: Caution should be taken when using unlabeled ports, as this
> # does not prevent a future application from labeling this
> # port for its own use on the installation host which
> # could cause port-level SELinux binding issues.
> #
3959a3990,4018
> } elsif ( $agent_secure_port != -1 ) {
> print( STDOUT
> "Agent port $agent_secure_port is unlabeled "
> . "on $agent_hostname\n" );
> $status = &check_selinux_port($setype_p, $agent_secure_port);
> if ($status == $SELINUX_PORT_UNDEFINED) {
> print( STDERR
> "Warning - Agent port $agent_secure_port could be "
> . "defined on the installation host $host in the future.\n" );
> print( STDOUT "\n" );
> } elsif ($status == $SELINUX_PORT_DEFINED) {
> print( STDERR
> "Warning - Agent port $agent_secure_port is already "
> . "defined as $setype_p on the installation host $host.\n" );
> print( STDOUT "\n" );
> } elsif ($status == $SELINUX_PORT_WRONGLY_DEFINED) {
> print( STDERR
> "Warning - Agent port $agent_secure_port is "
> . "already defined as a different SELinux context type "
> . "than $setype_p on the installation host $host.\n" );
> print( STDOUT "\n" );
> my $selinux_mode = system("$getenforce");
> if ($selinux_mode == $SELINUX_MODE_ENFORCING) {
> print( STDERR
> "Error - Agent port $agent_secure_port cannot "
> . "be used when SELinux mode is 'Enforcing'.\n" );
> print( STDOUT "\n" );
> }
> }
3963a4023,4051
> } elsif ( $ee_secure_port != -1 ) {
> print( STDOUT
> "EE port $ee_secure_port is unlabeled "
> . "on $ee_hostname\n" );
> $status = &check_selinux_port($setype_p, $ee_secure_port);
> if ($status == $SELINUX_PORT_UNDEFINED) {
> print( STDERR
> "Warning - EE port $ee_secure_port could be "
> . "defined on the installation host $host in the future.\n" );
> print( STDOUT "\n" );
> } elsif ($status == $SELINUX_PORT_DEFINED) {
> print( STDERR
> "Warning - EE port $ee_secure_port is already "
> . "defined as $setype_p on the installation host $host.\n" );
> print( STDOUT "\n" );
> } elsif ($status == $SELINUX_PORT_WRONGLY_DEFINED) {
> print( STDERR
> "Warning - EE port $ee_secure_port is "
> . "already defined as a different SELinux context type "
> . "than $setype_p on the installation host $host.\n" );
> print( STDOUT "\n" );
> my $selinux_mode = system("$getenforce");
> if ($selinux_mode == $SELINUX_MODE_ENFORCING) {
> print( STDERR
> "Error - EE port $ee_secure_port cannot "
> . "be used when SELinux mode is 'Enforcing'.\n" );
> print( STDOUT "\n" );
> }
> }
3965,3968c4053,4091
< if( ( $subsystem_type eq $CA ) &&
< ( $ee_client_auth_hostname eq $host ) &&
< ( $ee_secure_client_auth_port != -1 ) ) {
< &add_selinux_port($setype_p, $ee_secure_client_auth_port);
---
> if($subsystem_type eq $CA ) {
> if( ( $ee_client_auth_hostname eq $host ) &&
> ( $ee_secure_client_auth_port != -1 ) ) {
> &add_selinux_port($setype_p, $ee_secure_client_auth_port);
> } elsif ( $ee_secure_client_auth_port != -1 ) {
> print( STDOUT
> "EE client auth port $ee_secure_client_auth_port is "
> . "unlabeled on $ee_hostname\n" );
> $status = &check_selinux_port($setype_p,
> $ee_secure_client_auth_port);
> if ($status == $SELINUX_PORT_UNDEFINED) {
> print( STDERR
> "Warning - EE client auth port "
> . "$ee_secure_client_auth_port could be defined on the "
> . "installation host $host in the future.\n" );
> print( STDOUT "\n" );
> } elsif ($status == $SELINUX_PORT_DEFINED) {
> print( STDERR
> "Warning - EE client auth port "
> . "$ee_secure_client_auth_port is already defined "
> . "as $setype_p on the installation host $host.\n" );
> print( STDOUT "\n" );
> } elsif ($status == $SELINUX_PORT_WRONGLY_DEFINED) {
> print( STDERR
> "Warning - EE client auth port "
> . "$ee_secure_client_auth_port is "
> . "already defined as a different SELinux context type "
> . "than $setype_p on the installation host $host.\n" );
> print( STDOUT "\n" );
> my $selinux_mode = system("$getenforce");
> if ($selinux_mode == $SELINUX_MODE_ENFORCING) {
> print( STDERR
> "Error - EE client auth port "
> . "$ee_secure_client_auth_port cannot be used "
> . "when SELinux mode is 'Enforcing'.\n" );
> print( STDOUT "\n" );
> }
> }
> }
3972a4096,4124
> } elsif ( $admin_secure_port != -1 ) {
> print( STDOUT
> "Admin port $admin_secure_port is unlabeled "
> . "on $admin_hostname\n" );
> $status = &check_selinux_port($setype_p, $admin_secure_port);
> if ($status == $SELINUX_PORT_UNDEFINED) {
> print( STDERR
> "Warning - Admin port $admin_secure_port could be "
> . "defined on the installation host $host in the future.\n" );
> print( STDOUT "\n" );
> } elsif ($status == $SELINUX_PORT_DEFINED) {
> print( STDERR
> "Warning - Admin port $admin_secure_port is already "
> . "defined as $setype_p on the installation host $host.\n" );
> print( STDOUT "\n" );
> } elsif ($status == $SELINUX_PORT_WRONGLY_DEFINED) {
> print( STDERR
> "Warning - Admin port $admin_secure_port is "
> . "already defined as a different SELinux context type "
> . "than $setype_p on the installation host $host.\n" );
> print( STDOUT "\n" );
> my $selinux_mode = system("$getenforce");
> if ($selinux_mode == $SELINUX_MODE_ENFORCING) {
> print( STDERR
> "Error - Admin port $admin_secure_port cannot "
> . "be used when SELinux mode is 'Enforcing'.\n" );
> print( STDOUT "\n" );
> }
> }
3976a4129,4157
> } elsif ( $unsecure_port != -1 ) {
> print( STDOUT
> "Unsecure EE port $unsecure_port is unlabeled "
> . "on $ee_hostname\n" );
> $status = &check_selinux_port($setype_p, $unsecure_port);
> if ($status == $SELINUX_PORT_UNDEFINED) {
> print( STDERR
> "Warning - Unsecure EE port $unsecure_port could be "
> . "defined on the installation host $host in the future.\n" );
> print( STDOUT "\n" );
> } elsif ($status == $SELINUX_PORT_DEFINED) {
> print( STDERR
> "Warning - Unsecure EE port $unsecure_port is already "
> . "defined as $setype_p on the installation host $host.\n" );
> print( STDOUT "\n" );
> } elsif ($status == $SELINUX_PORT_WRONGLY_DEFINED) {
> print( STDERR
> "Warning - Unsecure EE port $unsecure_port is "
> . "already defined as a different SELinux context type "
> . "than $setype_p on the installation host $host.\n" );
> print( STDOUT "\n" );
> my $selinux_mode = system("$getenforce");
> if ($selinux_mode == $SELINUX_MODE_ENFORCING) {
> print( STDERR
> "Error - Unsecure EE port $unsecure_port cannot "
> . "be used when SELinux mode is 'Enforcing'.\n" );
> print( STDOUT "\n" );
> }
> }
diff -r 20130408/pki/base/silent/templates/.svn/entries 20130410/pki/base/silent/templates/.svn/entries
4c4
< 2554
---
> 2558
96a97,110
> silent_kra_ip_port.template
> file
> 0
>
>
> add
>
>
>
>
>
> has-props
> has-prop-mods
>
198a213,226
> silent_tks_ip_port.template
> file
> 0
>
>
> add
>
>
>
>
>
> has-props
> has-prop-mods
>
232a261,288
> silent_ca_ip_port.template
> file
> 0
>
>
> add
>
>
>
>
>
> has-props
> has-prop-mods
>
> silent_ocsp_ip_port.template
> file
> 0
>
>
> add
>
>
>
>
>
> has-props
> has-prop-mods
>
Only in 20130410/pki/base/silent/templates/.svn/props: silent_ca_ip_port.template.svn-work
Only in 20130410/pki/base/silent/templates/.svn/props: silent_kra_ip_port.template.svn-work
Only in 20130410/pki/base/silent/templates/.svn/props: silent_ocsp_ip_port.template.svn-work
Only in 20130410/pki/base/silent/templates/.svn/props: silent_tks_ip_port.template.svn-work
Only in 20130410/pki/base/silent/templates: silent_ca_ip_port.template
Only in 20130410/pki/base/silent/templates: silent_kra_ip_port.template
Only in 20130410/pki/base/silent/templates: silent_ocsp_ip_port.template
Only in 20130410/pki/base/silent/templates: silent_tks_ip_port.template
diff -r 20130408/pki/dogtag/common-ui/shared/admin/console/config/.svn/entries 20130410/pki/dogtag/common-ui/shared/admin/console/config/.svn/entries
4c4
< 2554
---
> 2556
607c607
< config_clone.vm
---
> config_addhsm.vm
614c614
< b1b0eac6ba11da8973b71cbe635fe83d
---
> a5a9da0bcd3219760bab0904ec8fe706
639c639
< 3910
---
> 2823
641c641
< config_addhsm.vm
---
> config_clone.vm
648c648
< a5a9da0bcd3219760bab0904ec8fe706
---
> b1b0eac6ba11da8973b71cbe635fe83d
673c673
< 2823
---
> 3910
777c777
< xml.vm
---
> namepanel.vm
784,787c784,787
< 74e94014e433bb1034d2093dc561b5f7
< 2008-03-18T22:36:57.789174Z
< 2
< PKI Team
---
> e593f5594ef351870739c36210dd7854
> 2009-02-27T17:29:15.650851Z
> 262
> alee
809c809
< 75
---
> 3795
845c845
< namepanel.vm
---
> xml.vm
852,855c852,855
< e593f5594ef351870739c36210dd7854
< 2009-02-27T17:29:15.650851Z
< 262
< alee
---
> 74e94014e433bb1034d2093dc561b5f7
> 2008-03-18T22:36:57.789174Z
> 2
> PKI Team
877c877
< 3795
---
> 75
1089c1089
< 2013-01-28T19:56:22.000000Z
---
> 2013-04-10T19:18:50.000000Z
diff -r 20130408/pki/dogtag/common-ui/shared/admin/console/config/importadmincertpanel.vm 20130410/pki/dogtag/common-ui/shared/admin/console/config/importadmincertpanel.vm
50c50
< document.writeln('<iframe scrolling=yes frameborder=0 height=0 width=0 src="https://$caHost:$caPort/ca/ee/ca/getBySerial?serialNumber=$serialNumber&importCert=true&browser=netscape"></iframe>');
---
> document.writeln('<iframe scrolling=yes frameborder=0 height=0 width=0 src="https://$caHost:$caPort/ca/admin/ca/getBySerial?serialNumber=$serialNumber&importCert=true&browser=netscape"></iframe>');
52c52
< document.writeln('<iframe scrolling=yes frameborder=0 height=0 width=0 src="https://$caHost:$caPort/ca/ee/ca/getBySerial?serialNumber=$serialNumber&importCert=true&browser=ie"></iframe>');
---
> document.writeln('<iframe scrolling=yes frameborder=0 height=0 width=0 src="https://$caHost:$caPort/ca/admin/ca/getBySerial?serialNumber=$serialNumber&importCert=true&browser=ie"></iframe>');
diff -r 20130408/pki/redhat/common-ui/shared/admin/console/config/.svn/all-wcprops 20130410/pki/redhat/common-ui/shared/admin/console/config/.svn/all-wcprops
108,113d107
< config_clone.vm
< K 25
< svn:wc:ra_dav:version-url
< V 121
< /repos/pki/!svn/ver/15907/branches/PKI_8_1_ERRATA_BRANCH/pki/redhat/common-ui/shared/admin/console/config/config_clone.vm
< END
119a114,119
> config_clone.vm
> K 25
> svn:wc:ra_dav:version-url
> V 121
> /repos/pki/!svn/ver/15907/branches/PKI_8_1_ERRATA_BRANCH/pki/redhat/common-ui/shared/admin/console/config/config_clone.vm
> END
138c138
< xml.vm
---
> namepanel.vm
141,142c141,142
< V 112
< /repos/pki/!svn/ver/15907/branches/PKI_8_1_ERRATA_BRANCH/pki/redhat/common-ui/shared/admin/console/config/xml.vm
---
> V 118
> /repos/pki/!svn/ver/15907/branches/PKI_8_1_ERRATA_BRANCH/pki/redhat/common-ui/shared/admin/console/config/namepanel.vm
150c150
< namepanel.vm
---
> xml.vm
153,154c153,154
< V 118
< /repos/pki/!svn/ver/15907/branches/PKI_8_1_ERRATA_BRANCH/pki/redhat/common-ui/shared/admin/console/config/namepanel.vm
---
> V 112
> /repos/pki/!svn/ver/15907/branches/PKI_8_1_ERRATA_BRANCH/pki/redhat/common-ui/shared/admin/console/config/xml.vm
diff -r 20130408/pki/redhat/common-ui/shared/admin/console/config/.svn/entries 20130410/pki/redhat/common-ui/shared/admin/console/config/.svn/entries
4c4
< 16073
---
> 16075
607c607
< config_addhsm.vm
---
> config_clone.vm
614c614
< db6b8039e207cb6a4c6335b447c5c4a8
---
> 7621e438ac042716133c5454a42b055d
639c639
< 2830
---
> 3918
641c641
< config_clone.vm
---
> config_addhsm.vm
648c648
< 7621e438ac042716133c5454a42b055d
---
> db6b8039e207cb6a4c6335b447c5c4a8
673c673
< 3918
---
> 2830
777c777
< namepanel.vm
---
> xml.vm
784,787c784,787
< e593f5594ef351870739c36210dd7854
< 2009-02-27T17:49:21.091588Z
< 15433
< alee at REDHAT.COM
---
> 4ba759406bd097c46db558c58becea0c
> 2011-01-20T23:10:17.714646Z
> 15835
> mharmsen at REDHAT.COM
809c809
< 3795
---
> 875
845c845
< xml.vm
---
> namepanel.vm
852,855c852,855
< 4ba759406bd097c46db558c58becea0c
< 2011-01-20T23:10:17.714646Z
< 15835
< mharmsen at REDHAT.COM
---
> e593f5594ef351870739c36210dd7854
> 2009-02-27T17:49:21.091588Z
> 15433
> alee at REDHAT.COM
877c877
< 875
---
> 3795
1089c1089
< 2013-02-06T23:00:37.000000Z
---
> 2013-04-10T18:39:45.000000Z
diff -r 20130408/pki/redhat/common-ui/shared/admin/console/config/importadmincertpanel.vm 20130410/pki/redhat/common-ui/shared/admin/console/config/importadmincertpanel.vm
50c50
< document.writeln('<iframe scrolling=yes frameborder=0 height=0 width=0 src="https://$caHost:$caPort/ca/ee/ca/getBySerial?serialNumber=$serialNumber&importCert=true&browser=netscape"></iframe>');
---
> document.writeln('<iframe scrolling=yes frameborder=0 height=0 width=0 src="https://$caHost:$caPort/ca/admin/ca/getBySerial?serialNumber=$serialNumber&importCert=true&browser=netscape"></iframe>');
52c52
< document.writeln('<iframe scrolling=yes frameborder=0 height=0 width=0 src="https://$caHost:$caPort/ca/ee/ca/getBySerial?serialNumber=$serialNumber&importCert=true&browser=ie"></iframe>');
---
> document.writeln('<iframe scrolling=yes frameborder=0 height=0 width=0 src="https://$caHost:$caPort/ca/admin/ca/getBySerial?serialNumber=$serialNumber&importCert=true&browser=ie"></iframe>');
Only in 20130410/pki/redhat/common-ui/shared/admin/console/config: importadmincertpanel.vm.mlh
More information about the Pki-devel
mailing list