Tree - rpms/pki-core - CentOS Git server

rpms / pki-core

Blame SOURCES/pki-core-10.5.9-beta.patch

Blob History Raw

		62cf1a	`From f5ffc69f79e4e0f4989094561ab0fd5ff5536d14 Mon Sep 17 00:00:00 2001`
		62cf1a	`From: Christina Fu <cfu@redhat.com>`
		62cf1a	`Date: Thu, 12 Jul 2018 10:24:33 -0700`
		62cf1a	`Subject: [PATCH 1/2] Bugzilla 1548203 LDAP password from console update in`
		62cf1a	`audit`
		62cf1a
		62cf1a	`This patch replace ldap passwords with "(sensitive)" in audit log.`
		62cf1a
		62cf1a	`fixes https://bugzilla.redhat.com/show_bug.cgi?id=1548203`
		62cf1a
		62cf1a	`Change-Id: I6271ec1da4164f731dd3a61534b0e511097a845a`
		62cf1a	`(cherry picked from commit cf9c23a842000755d872202777b0a280bda7f1a1)`
		62cf1a	`---`
		62cf1a	`.../server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java \| 6 +++++-`
		62cf1a	`1 file changed, 5 insertions(+), 1 deletion(-)`
		62cf1a
		62cf1a	`diff --git a/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java b/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java`
		62cf1a	`index 769e8e4..2b8cec7 100644`
		62cf1a	`--- a/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java`
		62cf1a	`+++ b/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java`
		62cf1a	`@@ -991,7 +991,11 @@ public class AdminServlet extends HttpServlet {`
		62cf1a	`if (name.equals(Constants.OP_TYPE)) continue;`
		62cf1a	`if (name.equals(Constants.RS_ID)) continue;`
		62cf1a
		62cf1a	`- String value = req.getParameter(name);`
		62cf1a	`+ String value = null;`
		62cf1a	`+ if (name.equalsIgnoreCase("PASSWORD_CACHE_ADD"))`
		62cf1a	`+ value = "(sensitive)";`
		62cf1a	`+ else`
		62cf1a	`+ value = req.getParameter(name);`
		62cf1a	`params.put(name, value);`
		62cf1a	`}`
		62cf1a
		62cf1a	`--`
		62cf1a	`1.8.3.1`
		62cf1a
		62cf1a
		62cf1a	`From 46e808e86bb393848cca6434cc06c79a14611fa9 Mon Sep 17 00:00:00 2001`
		62cf1a	`From: Jack Magne <jmagne@redhat.com>`
		62cf1a	`Date: Mon, 15 Jan 2018 13:59:33 -0800`
		62cf1a	`Subject: [PATCH 2/2] Test fix for TPS server side key gen for only identity`
		62cf1a	`cert problem.`
		62cf1a
		62cf1a	`Change-Id: I15fc1b8a3fa92568aca853f0e89b9e87bbad463d`
		62cf1a	`(cherry picked from commit c87d7820f7b1af97134197a23543e9fc4be1aa39)`
		62cf1a	`(cherry picked from commit c1314749b7b3a2a6647aadd6945186833e539da8)`
		62cf1a	`---`
		62cf1a	`.../server/tps/cms/TKSRemoteRequestHandler.java \| 26 +++++++++++++++++-----`
		62cf1a	`1 file changed, 21 insertions(+), 5 deletions(-)`
		62cf1a
		62cf1a	`diff --git a/base/tps/src/org/dogtagpki/server/tps/cms/TKSRemoteRequestHandler.java b/base/tps/src/org/dogtagpki/server/tps/cms/TKSRemoteRequestHandler.java`
		62cf1a	`index 65d0ed0..8155f90 100644`
		62cf1a	`--- a/base/tps/src/org/dogtagpki/server/tps/cms/TKSRemoteRequestHandler.java`
		62cf1a	`+++ b/base/tps/src/org/dogtagpki/server/tps/cms/TKSRemoteRequestHandler.java`
		62cf1a	`@@ -103,7 +103,8 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler`
		62cf1a	`String tokenType)`
		62cf1a	`throws EBaseException {`
		62cf1a
		62cf1a	`- CMS.debug("TKSRemoteRequestHandler: computeSessionKey(): begins.");`
		62cf1a	`+ String method = "TKSRemoteRequestHandler: computeSessionKey(): ";`
		62cf1a	`+ CMS.debug(method + " begins.");`
		62cf1a	`if (cuid == null \|\| kdd == null \|\| keyInfo == null \|\| card_challenge == null`
		62cf1a	`\|\| card_cryptogram == null \|\| host_challenge == null) {`
		62cf1a	`throw new EBaseException("TKSRemoteRequestHandler: computeSessionKey(): input parameter null.");`
		62cf1a	`@@ -111,10 +112,25 @@ public class TKSRemoteRequestHandler extends RemoteRequestHandler`
		62cf1a
		62cf1a	`IConfigStore conf = CMS.getConfigStore();`
		62cf1a
		62cf1a	`- boolean serverKeygen =`
		62cf1a	`- conf.getBoolean("op.enroll." +`
		62cf1a	`- tokenType + ".keyGen.encryption.serverKeygen.enable",`
		62cf1a	`- false);`
		62cf1a	`+ boolean serverKeygen = false;`
		62cf1a	`+`
		62cf1a	`+ //Try out all the currently supported cert types to see if we are doing server side keygen here`
		62cf1a	`+ String[] keygenStrings = { "identity", "signing", "encryption", "authentication", "auth"};`
		62cf1a	`+ for (String keygenString : keygenStrings) {`
		62cf1a	`+ boolean enabled = conf.getBoolean("op.enroll." +`
		62cf1a	`+ tokenType + ".keyGen." +`
		62cf1a	`+ keygenString + ".serverKeygen.enable", false);`
		62cf1a	`+`
		62cf1a	`+ CMS.debug(method + " serverkegGen enabled for " + keygenString + " : " + enabled);`
		62cf1a	`+ if (enabled) {`
		62cf1a	`+ serverKeygen = true;`
		62cf1a	`+ break;`
		62cf1a	`+ }`
		62cf1a	`+ }`
		62cf1a	`+`
		62cf1a	`+`
		62cf1a	`+`
		62cf1a	`+`
		62cf1a	`if (keySet == null)`
		62cf1a	`keySet = conf.getString("tps.connector." + connid + ".keySet", "defKeySet");`
		62cf1a
		62cf1a	`--`
		62cf1a	`1.8.3.1`
		62cf1a

rpms / pki-core

Source Code

Blame SOURCES/pki-core-10.5.9-beta.patch