<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix"><tt>This code was reviewed by testing
out PKI_8_1_ERRATA_BRANCH source code on RHEL 5.9 using
Directory Server storage located on RHEL 6.3:<br>
</tt>
<ul>
<li><tt>ACK</tt><tt> with CAVEATS</tt></li>
</ul>
<tt>Presuming that the CAVEATS are addressed, the patches for
PKI_8_1_ERRATA_BRANCH and PKI_8_BRANCH may be checked-in.<br>
</tt><br>
<tt></tt><b><tt>CAVEAT 1:</tt></b><tt><br>
</tt>
<blockquote>
<pre wrap="">In TokenAuthentication.java, change line 166 from:
c = sendAuthRequest(authHost, authAdminPort, authURL, content);
to:
c = sendAuthRequest(authHost, authEEPort, authURL, content);
</pre>
</blockquote>
<b><tt>CAVEAT 2:<br>
</tt></b>
<blockquote><tt>This was more of an observation that may be due to
<b>CAVEAT 1</b> above, but in <b>T</b><b>EST SCENARIO 2</b>
below, please note the <font color="#ff0000"><b>comments in
RED text</b></font>.</tt><br>
</blockquote>
<b><tt>TEST SCENARIO 1: Pre-Patched CA Master, Pre-Patched KRA,
Patched CA Clone</tt></b><tt><br>
</tt>
<ul>
<li><tt>On </tt><tt>a </tt><tt>64-bit x86_64 RHEL 6.3 machin</tt><tt>e</tt><tt>:</tt></li>
<ul>
<li><tt>cd /usr/sbin</tt></li>
<li><tt>./setup-ds-admin</tt><tt> (ds-master - 389)</tt></li>
<li><tt>./setup-ds (</tt><tt>ds-clone - 8389)</tt></li>
<li><tt>Stopped both servers</tt></li>
<li><tt>Turned syntax checking off in both DS servers --
nsslapd-syntaxcheck: off</tt></li>
<li><tt>Restarted both servers</tt><tt><br>
</tt> </li>
</ul>
<li><tt>On the 64-bit x86_64 RHEL 5.9 machine:</tt><tt><br>
</tt> </li>
<ul>
<li><tt>svn co
svn+ssh://svn.fedorahosted.org/svn/pki/branches/PKI_8_1_ERRATA_BRANCH/pki
pki</tt></li>
<li><tt>svn co </tt><tt><a class="moz-txt-link-freetext"
href="https://svn.devel.redhat.com/repos/pki/branches/PKI_8_1_ERRATA_BRANCH/pki/redhat">https://svn.devel.redhat.com/repos/pki/branches/PKI_8_1_ERRATA_BRANCH/pki/redhat</a></tt><tt>
pki/redhat</tt><tt><br>
</tt> </li>
<li><tt>Successfully built and installed a</tt><tt> </tt><tt>Master
</tt><tt>CA 'pki-ca</tt><tt>' </tt><tt>using the </tt><tt>pre-patched</tt><tt>
source code</tt></li>
<li><tt>Using a fresh profile in a browser, s</tt><tt></tt><tt>uccessfully
configured 'pki-ca' using ports in the </tt><tt>default</tt><tt>
CA range and the 'ds-master' DS server</tt><tt><br>
</tt></li>
<li><tt>Successfully created, submitted, and approved a
certificate:</tt></li>
<ul>
<li><tt>'Test </tt><tt>PRE-PATCHED</tt><tt> </tt><tt>EE
Master </tt><tt>PRE-PATCHED</tt><tt> Agent Master'</tt><tt><br>
</tt></li>
</ul>
<li><tt>Successfully built and installed a </tt><tt>KRA</tt><tt>
'pki-</tt><tt>kr</tt><tt>a' using the pre-patched source
code</tt></li>
<li><tt>S</tt><tt>uccessfully configured </tt><tt>'pki-</tt><tt>kr</tt><tt>a'
using ports in the </tt><tt>default KRA</tt><tt> range
and the 'ds-master' DS server</tt></li>
<li><tt>Successfully created, submitted, and approved a
certificate</tt><tt> </tt><tt>in which the keys were
backed up to the DRM:</tt></li>
<ul>
<li><tt>'DRM Test </tt><tt>PRE-PATCHED</tt><tt> EE Master </tt><tt>PRE-PATCHED</tt><tt>
Agent Master'</tt></li>
</ul>
<li><tt>svn co
svn+ssh://svn.fedorahosted.org/svn/pki/branches/PKI_8_1_ERRATA_BRANCH/pki
pki</tt></li>
<li><tt>svn co </tt><tt><a class="moz-txt-link-freetext"
href="https://svn.devel.redhat.com/repos/pki/branches/PKI_8_1_ERRATA_BRANCH/pki/redhat">https://svn.devel.redhat.com/repos/pki/branches/PKI_8_1_ERRATA_BRANCH/pki/redhat</a></tt><tt>
pki/redhat</tt></li>
<li><tt>Saved 'cloning.8.errata.patch' from email attachment</tt><tt><br>
</tt></li>
<li><tt>cd pki</tt></li>
<li><tt>patch -p0 < ../</tt><tt>cloning.8.errata.patch</tt><tt><br>
</tt> <tt>patching file
base/ca/shared/webapps/ca/WEB-INF/web.xml</tt><tt><br>
</tt> <tt>patching file base/ca/shared/conf/acl.ldif</tt><tt><br>
</tt> <tt>patching file
base/common/src/com/netscape/cms/authentication/TokenAuthentication.java</tt><tt><br>
</tt> <tt>patching file
base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java</tt><tt><br>
</tt> <tt>patching file
base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java</tt><tt><br>
</tt> <tt>patching file
base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java</tt><tt><br>
</tt> <tt>patching file
base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java</tt><tt><br>
</tt> <tt>patching file
base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java</tt><tt><br>
</tt> <tt>patching file
base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java</tt><tt><br>
</tt> <tt>patching file
base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java</tt><tt><br>
</tt> <tt>patching file
base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java</tt><tt><br>
</tt> <tt>patching file base/setup/pkiremove</tt><tt><br>
</tt> <tt>patching file
base/tks/shared/webapps/tks/WEB-INF/web.xml</tt><tt><br>
</tt> <tt>patching file
base/ocsp/shared/webapps/ocsp/WEB-INF/web.xml</tt><tt><br>
</tt> <tt>patching file
base/kra/shared/webapps/kra/WEB-INF/web.xml</tt><tt><br>
</tt> </li>
<li><tt>Applied the </tt><tt>change documented in <b>CAVEAT
1</b> above</tt><tt><br>
</tt></li>
<li><tt>Successfully built and </tt><tt>updated all </tt><tt>CA
and KRA packages</tt></li>
<li><tt>Re</tt><tt>started </tt><tt>both CA and KRA</tt><tt>
instances<br>
</tt></li>
<li><tt>Successfully tested that CA still worked:</tt></li>
<ul>
<li><tt>'Test </tt><tt>PATCHED</tt><tt> EE Master </tt><tt>PATCHED</tt><tt>
Agent Master'</tt></li>
</ul>
<li><tt>Successfully tested that KRA still worked:</tt></li>
<ul>
<li><tt>'DRM Test PATCHED EE Master PATCHED Agent Master'</tt></li>
</ul>
<li><tt>Su</tt><tt>ccessfully </tt><tt>installed a CA Clone
called 'pki-ca-clone' </tt><tt>via 'pkicreate' </tt><tt>using
ports in the</tt><tt> default+10000</tt><tt> range using
the patched source code<br>
</tt></li>
<li><tt>Installed the PK12 file that contained all of the
certs </tt><tt>and keys backed up via configuration of
'pki-ca' into /var/lib/pki-ca-clone/alias and set all
ownership permissions to be </tt><tt>'pkiuser'</tt><tt>:</tt><tt><br>
</tt><tt><br>
</tt> <tt># ls -lZ /var/lib/pki-ca-clone/alias/*</tt><tt><br>
</tt> <tt>-rw-rw-r-- pkiuser pkiuser
user_u:object_r:pki_ca_var_lib_t </tt><tt>pki_ca_master_backup</tt><tt>.p12</tt><tt><br>
</tt> <tt>-rw------- pkiuser pkiuser
system_u:object_r:pki_ca_var_lib_t cert8.db</tt><tt><br>
</tt> <tt>-rw------- pkiuser pkiuser
system_u:object_r:pki_ca_var_lib_t key3.db</tt><tt><br>
</tt> <tt>-rw------- pkiuser pkiuser
system_u:object_r:pki_ca_var_lib_t secmod.db</tt><tt><br>
</tt><tt><br>
</tt></li>
<li><tt>S</tt><tt>uccessfully configured </tt><tt>'pki-</tt><tt>c</tt><tt>a-</tt><tt>clone</tt><tt>'
using ports in the default </tt><tt>CA + 10000</tt><tt>
range and the 'ds-</tt><tt>clone</tt><tt>' DS server</tt></li>
<li><tt>Successfully tested that CA Master</tt><tt> and</tt><tt>
CA</tt><tt> Clone</tt><tt> </tt><tt>worked together:</tt></li>
<ul>
<li><tt>'Test EE Master Agent Master'</tt></li>
<li><tt>'Test EE Master Agent Clone'</tt></li>
<li><tt>'Test EE Clone Agent Master'</tt></li>
<li><tt>'Test EE Clone Agent Clone'</tt><tt><br>
</tt>
</li>
</ul>
<li><tt>Successfully tested tha</tt><tt>t CA Master, CA Clone,
and</tt><tt> KRA worked together:</tt><tt><br>
</tt></li>
<ul>
<li><tt>'DRM Test EE Master Agent Master'</tt></li>
<li><tt>'DRM Test EE Master Agent Clone'</tt></li>
<li><tt>'DRM Test EE Clone Agent Master'</tt></li>
<li><tt>'DRM Test EE Clone Agent Clone'</tt></li>
</ul>
</ul>
</ul>
<b><tt>TEST SCENARIO 2: Patched CA Master, Patched KRA, Patched
CA Clone</tt></b><b><br>
</b><b>
</b>
<ul>
<li><tt>On </tt><tt>a </tt><tt>64-bit x86_64 RHEL 6.3 machin</tt><tt>e</tt><tt>:</tt></li>
<ul>
<li><tt>cd /usr/sbin</tt></li>
<li><tt>./setup-ds-admin</tt><tt> (ds-master - 389)</tt></li>
<li><tt>./setup-ds (</tt><tt>ds-clone - 8389)</tt></li>
<li><tt>Stopped both servers</tt></li>
<li><tt>Turned syntax checking off in both DS servers --
nsslapd-syntaxcheck: off</tt></li>
<li><tt>Restarted both servers</tt><tt><br>
</tt> </li>
</ul>
<li><tt>On the 64-bit x86_64 RHEL 5.9 machine:</tt><tt><br>
</tt> </li>
<ul>
<li><tt>svn co
svn+ssh://svn.fedorahosted.org/svn/pki/branches/PKI_8_1_ERRATA_BRANCH/pki
pki</tt></li>
<li><tt>svn co </tt><tt><a class="moz-txt-link-freetext"
href="https://svn.devel.redhat.com/repos/pki/branches/PKI_8_1_ERRATA_BRANCH/pki/redhat">https://svn.devel.redhat.com/repos/pki/branches/PKI_8_1_ERRATA_BRANCH/pki/redhat</a></tt><tt>
pki/redhat</tt><tt><br>
</tt> </li>
<li><tt>Successfully built and installed a</tt><tt> </tt><tt>Master
</tt><tt>CA 'pki-ca</tt><tt>' </tt><tt>using the </tt><tt>pre-patched</tt><tt>
source code</tt></li>
<li><tt>Using a fresh profile in a browser, s</tt><tt>uccessfully
configured 'pki-ca' using ports in the </tt><tt>default</tt><tt>
CA range and the 'ds-master' DS server</tt><tt><br>
</tt></li>
<li><tt>Successfully created, submitted, and approved a
certificate:</tt></li>
<ul>
<li><tt>'Test </tt><tt>PRE-PATCHED</tt><tt> </tt><tt>EE
Master </tt><tt>PRE-PATCHED</tt><tt> Agent Master'</tt><tt><br>
</tt></li>
</ul>
<li><tt>Successfully built and installed a </tt><tt>KRA</tt><tt>
'pki-</tt><tt>kr</tt><tt>a' using the pre-patched source
code</tt></li>
<li><tt>S</tt><tt>uccessfully configured </tt><tt>'pki-</tt><tt>kr</tt><tt>a'
using ports in the </tt><tt>default KRA</tt><tt> range
and the 'ds-master' DS server</tt></li>
<li><tt>Successfully created, submitted, and approved a
certificate</tt><tt> </tt><tt>in which the keys were
backed up to the DRM:</tt></li>
<ul>
<li><tt>'DRM Test </tt><tt>PRE-PATCHED</tt><tt> EE Master </tt><tt>PRE-PATCHED</tt><tt>
Agent Master'</tt></li>
</ul>
<li><tt>svn co
svn+ssh://svn.fedorahosted.org/svn/pki/branches/PKI_8_1_ERRATA_BRANCH/pki
pki</tt></li>
<li><tt>svn co </tt><tt><a class="moz-txt-link-freetext"
href="https://svn.devel.redhat.com/repos/pki/branches/PKI_8_1_ERRATA_BRANCH/pki/redhat">https://svn.devel.redhat.com/repos/pki/branches/PKI_8_1_ERRATA_BRANCH/pki/redhat</a></tt><tt>
pki/redhat</tt></li>
<li><tt>Saved 'cloning.8.errata.patch' from email attachment</tt><tt><br>
</tt></li>
<li><tt>cd pki</tt></li>
<li><tt>patch -p0 < ../</tt><tt>cloning.8.errata.patch</tt><tt><br>
</tt> <tt>patching file
base/ca/shared/webapps/ca/WEB-INF/web.xml</tt><tt><br>
</tt> <tt>patching file base/ca/shared/conf/acl.ldif</tt><tt><br>
</tt> <tt>patching file
base/common/src/com/netscape/cms/authentication/TokenAuthentication.java</tt><tt><br>
</tt> <tt>patching file
base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java</tt><tt><br>
</tt> <tt>patching file
base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java</tt><tt><br>
</tt> <tt>patching file
base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java</tt><tt><br>
</tt> <tt>patching file
base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java</tt><tt><br>
</tt> <tt>patching file
base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java</tt><tt><br>
</tt> <tt>patching file
base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java</tt><tt><br>
</tt> <tt>patching file
base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java</tt><tt><br>
</tt> <tt>patching file
base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java</tt><tt><br>
</tt> <tt>patching file base/setup/pkiremove</tt><tt><br>
</tt> <tt>patching file
base/tks/shared/webapps/tks/WEB-INF/web.xml</tt><tt><br>
</tt> <tt>patching file
base/ocsp/shared/webapps/ocsp/WEB-INF/web.xml</tt><tt><br>
</tt> <tt>patching file
base/kra/shared/webapps/kra/WEB-INF/web.xml</tt><tt><br>
</tt> </li>
<li><tt>Applied the </tt><tt>change documented in <b>CAVEAT
</b><b>1</b> above</tt><tt><br>
</tt></li>
<li><tt>Successfully built and installed a</tt><tt> </tt><tt>Master
</tt><tt>CA 'pki-ca</tt><tt>'</tt><tt><br>
</tt></li>
<li><tt>Using a fresh profile in a browser, s</tt><tt>uccessfully
configured 'pki-ca' using ports in the </tt><tt>default</tt><tt>
CA range and the 'ds-master' DS server</tt><tt><br>
</tt></li>
<li><tt>Successfully created, submitted, and approved a
certificate:</tt></li>
<ul>
<li><tt>'Test</tt><tt>'</tt><tt><br>
</tt></li>
</ul>
<li><tt>Successfully built and installed a </tt><tt>KRA</tt><tt>
'pki-</tt><tt>kr</tt><tt>a'<br>
</tt></li>
<li><tt>S</tt><tt>uccessfully configured </tt><tt>'pki-</tt><tt>kr</tt><tt>a'
using ports in the </tt><tt>default KRA</tt><tt> range
and the 'ds-master' DS server</tt></li>
<li><tt>Successfully created, submitted, and approved a
certificate</tt><tt> </tt><tt>in which the keys were
backed up to the DRM:</tt></li>
<ul>
<li><tt>'DRM Test</tt><tt>'</tt></li>
</ul>
<li><tt>Su</tt><tt>ccessfully </tt><tt>installed a CA Clone
called 'pki-ca-clone' </tt><tt>via 'pkicreate' </tt><tt>using
ports in the</tt><tt> default+10000</tt><tt> range<br>
</tt></li>
<li><tt>Installed the PK12 file that contained all of the
certs </tt><tt>and keys backed up via configuration of
'pki-ca' into /var/lib/pki-ca-clone/alias and set all
ownership permissions to be </tt><tt>'pkiuser'</tt><tt>:</tt><tt><br>
</tt><tt><br>
</tt> <tt># ls -lZ /var/lib/pki-ca-clone/alias/*</tt><tt><br>
</tt> <tt>-rw-rw-r-- pkiuser pkiuser
user_u:object_r:pki_ca_var_lib_t </tt><tt>pki_ca_master_backup</tt><tt>.p12</tt><tt><br>
</tt> <tt>-rw------- pkiuser pkiuser
system_u:object_r:pki_ca_var_lib_t cert8.db</tt><tt><br>
</tt> <tt>-rw------- pkiuser pkiuser
system_u:object_r:pki_ca_var_lib_t key3.db</tt><tt><br>
</tt> <tt>-rw------- pkiuser pkiuser
system_u:object_r:pki_ca_var_lib_t secmod.db</tt><tt><br>
</tt><tt><br>
</tt></li>
<li><tt>Successfully configured </tt><tt>'pki-</tt><tt>c</tt><tt>a-</tt><tt>clone</tt><tt>'
using ports in the default </tt><tt>CA + 10000</tt><tt>
range and the 'ds-</tt><tt>clone</tt><tt>' DS server</tt></li>
<li><tt>Per request, verified that 'admin' port was being used
for CA Clone:<br>
<br>
# cd /var/log/pki-ca-clone<br>
# grep -i agent localhost_access_log.2013-02-14.txt<br>
<font color="#ff0000"><b># grep -i ee
localhost_access_log.2013-02-14.txt</b><b><br>
</b><b>10.14.16.14 - - [14/Feb/2013:01:00:58 -0500] "GET
/ca/ee/ca/getCAChain?op=download&mimeType=application/x-x509-ca-cert
HTTP/1.1" 200 1035</b></font><br>
# grep -i admin localhost_access_log.2013-02-14.txt<br>
10.14.16.14 - - [14/Feb/2013:00:58:31 -0500] "GET
/ca/admin/console/config/login?pin=ZGWfUxpUzIfBcgW6UI6Q
HTTP/1.1" 302 -<br>
10.14.16.14 - - [14/Feb/2013:00:58:31 -0500] "GET
/ca/admin/console/config/wizard HTTP/1.1" 200 8510<br>
10.14.16.14 - - [14/Feb/2013:00:58:31 -0500] "GET
/ca/admin/console/img/logo_header.gif HTTP/1.1" 200 1316<br>
10.14.16.14 - - [14/Feb/2013:00:58:31 -0500] "GET
/ca/admin/console/img/bigrotation2.gif HTTP/1.1" 200 1787<br>
10.14.16.14 - - [14/Feb/2013:00:58:31 -0500] "GET
/ca/admin/console/img/favicon.ico HTTP/1.1" 200 318<br>
10.14.16.14 - - [14/Feb/2013:00:58:31 -0500] "GET
/ca/admin/console/img/icon-software.gif HTTP/1.1" 200 1146<br>
10.14.16.14 - - [14/Feb/2013:00:58:35 -0500] "POST
/ca/admin/console/config/wizard HTTP/1.1" 200 11862<br>
10.14.16.14 - - [14/Feb/2013:00:58:35 -0500] "GET
/ca/admin/console/img/clearpixel.gif HTTP/1.1" 200 43<br>
10.14.16.14 - - [14/Feb/2013:00:58:40 -0500] "POST
/ca/admin/console/config/wizard HTTP/1.1" 200 10106<br>
10.14.16.14 - - [14/Feb/2013:00:58:47 -0500] "POST
/ca/admin/console/config/wizard HTTP/1.1" 200 12566<br>
10.14.16.14 - - [14/Feb/2013:00:58:52 -0500] "POST
/ca/admin/console/config/wizard HTTP/1.1" 302 -<br>
10.14.16.14 - - [14/Feb/2013:00:59:01 -0500] "POST
/ca/admin/console/config/wizard?p=5&subsystem=CA
HTTP/1.1" 200 8852<br>
10.14.16.14 - - [14/Feb/2013:00:59:01 -0500] "GET
/ca/admin/console/img/logo_header.gif HTTP/1.1" 304 -<br>
10.14.16.14 - - [14/Feb/2013:00:59:01 -0500] "GET
/ca/admin/console/img/icon-software.gif HTTP/1.1" 304 -<br>
10.14.16.14 - - [14/Feb/2013:00:59:01 -0500] "GET
/ca/admin/console/img/bigrotation2.gif HTTP/1.1" 304 -<br>
10.14.16.14 - - [14/Feb/2013:00:59:11 -0500] "POST
/ca/admin/console/config/wizard HTTP/1.1" 200 12557<br>
10.14.16.14 - - [14/Feb/2013:00:59:14 -0500] "POST
/ca/admin/console/config/wizard HTTP/1.1" 200 8492<br>
10.14.16.14 - - [14/Feb/2013:00:59:44 -0500] "POST
/ca/admin/console/config/wizard HTTP/1.1" 200 10006<br>
10.14.16.14 - - [14/Feb/2013:00:59:44 -0500] "GET
/ca/admin/console/img/logo_header.gif HTTP/1.1" 304 -<br>
10.14.16.14 - - [14/Feb/2013:00:59:44 -0500] "GET
/ca/admin/console/img/icon-software.gif HTTP/1.1" 304 -<br>
10.14.16.14 - - [14/Feb/2013:00:59:44 -0500] "GET
/ca/admin/console/img/bigrotation2.gif HTTP/1.1" 304 -<br>
10.14.16.14 - - [14/Feb/2013:01:00:34 -0500] "POST
/ca/admin/console/config/wizard HTTP/1.1" 200 32918<br>
10.14.16.14 - - [14/Feb/2013:01:00:34 -0500] "GET
/ca/admin/console/img/logo_header.gif HTTP/1.1" 304 -<br>
10.14.16.14 - - [14/Feb/2013:01:00:34 -0500] "GET
/ca/admin/console/img/icon-software.gif HTTP/1.1" 304 -<br>
10.14.16.14 - - [14/Feb/2013:01:00:34 -0500] "GET
/ca/admin/console/img/bigrotation2.gif HTTP/1.1" 304 -<br>
10.14.16.14 - - [14/Feb/2013:01:00:42 -0500] "POST
/ca/admin/console/config/wizard HTTP/1.1" 200 11690<br>
10.14.16.14 - - [14/Feb/2013:01:00:49 -0500] "POST
/ca/admin/console/config/wizard HTTP/1.1" 200 68264<br>
10.14.16.14 - - [14/Feb/2013:01:00:49 -0500] "GET
/ca/admin/console/img/certificate.png HTTP/1.1" 200 4663<br>
10.14.16.14 - - [14/Feb/2013:01:00:52 -0500] "POST
/ca/admin/console/config/wizard HTTP/1.1" 200 8652<br>
10.14.16.14 - - [14/Feb/2013:01:00:56 -0500] "POST
/ca/admin/console/config/wizard HTTP/1.1" 200 8215<br>
10.14.16.14 - - [14/Feb/2013:01:01:02 -0500] "POST
/ca/admin/console/config/wizard HTTP/1.1" 200 7832<br>
<br>
</tt></li>
<li><tt>Successfully tested that CA Master</tt><tt> and</tt><tt>
CA</tt><tt> Clone</tt><tt> </tt><tt>worked together:</tt></li>
<ul>
<li><tt>'Test EE Master Agent Master'</tt></li>
<li><tt>'Test EE Master Agent Clone'</tt></li>
<li><tt>'Test EE Clone Agent Master'</tt></li>
<li><tt>'Test EE Clone Agent Clone'</tt><tt><br>
</tt>
</li>
</ul>
<li><tt>Successfully tested tha</tt><tt>t CA Master, CA Clone,
and</tt><tt> KRA worked together:</tt><tt><br>
</tt></li>
<ul>
<li><tt>'DRM Test EE Master Agent Master'</tt></li>
<li><tt>'DRM Test EE Master Agent Clone'</tt></li>
<li><tt>'DRM Test EE Clone Agent Master'</tt></li>
<li><tt>'DRM Test EE Clone Agent Clone'</tt></li>
</ul>
</ul>
</ul>
<tt>On 02/12/13 12:11, Ade Lee wrote:</tt><tt><br>
</tt></div>
<blockquote cite="mid:1360699878.18568.19.camel@aleeredhat.laptop"
type="cite">
<pre wrap="">We want to use the admin interface for installation work. This patch
moves the interfaces used in cloning from either the EE or agent
interface to the admin one. See:
<a class="moz-txt-link-freetext" href="http://pki.fedoraproject.org/wiki/8.1_installer_work_for_cloning">http://pki.fedoraproject.org/wiki/8.1_installer_work_for_cloning</a>
Specifically,
1. Change call to use /ca/admin/ca/getCertChain
2. Remove unneeded getTokenInfo servlet. The logic not to use this
servlet has already been committed to dogtag 10.
3. Move updateNumberRange to the admin interface. For backward
compatibility with old instances, the install code will
call /ca/agent/updateNumberRange as a fallback.
4. Add updateDomainXML to admin interface. For backward compatibility,
updateDomainXML will continue to be exposed on the agent interface with
agent client auth.
5. Changed pkidestroy to get an install token and use the admin
interface to update the security domain. For backward compatibility,
the user and password and not specified as mandatory arguments -
although we want to do that in future.
6. Added tokenAuthenticate to the admin interface.
Note, existing subsystems will need to have config changes manually
added in order to use the new interfaces. Instructions will be added to
the link above. With new instances, you should be able to clone a CA
all on the admin interface.
The patches are for the PKI_8_1_ERRATA_BRANCH and PKI_8_BRANCH
Please review,
Ade
</pre>
<tt><br>
</tt>
<fieldset class="mimeAttachmentHeader"></fieldset>
<tt><br>
</tt>
<pre wrap="">_______________________________________________
Pki-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Pki-devel@redhat.com">Pki-devel@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/pki-devel">https://www.redhat.com/mailman/listinfo/pki-devel</a></pre>
</blockquote>
<br>
</body>
</html>