[Pki-devel] [PATCH] pki-cfu-0131-Ticket-2335-Missing-activity-logs-when-formatting-en.patch

2016-06-03 Thread Christina Fu 

https://fedorahosted.org/pki/ticket/2335

Ticket #2335 Missing activity logs when formatting/enrolling unknown 
token This patch adds activity logs for adding unknown token during 
format or enrollment


thanks,
Christina
>From 844c5c03d5981f6c881bb82f114c72e335478b44 Mon Sep 17 00:00:00 2001
From: Christina Fu 
Date: Fri, 3 Jun 2016 17:26:47 -0700
Subject: [PATCH] Ticket #2335 Missing activity logs when formatting/enrolling
 unknown token This patch adds activity logs for adding unknown token during
 format or enrollment

---
 base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java  | 11 +--
 .../server/tps/processor/TPSEnrollProcessor.java   | 18 ++
 .../server/tps/processor/TPSPinResetProcessor.java |  7 ---
 .../dogtagpki/server/tps/processor/TPSProcessor.java   | 17 ++---
 4 files changed, 33 insertions(+), 20 deletions(-)

diff --git a/base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java b/base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java
index ed7e022faf7d85bee8e53ebe37b35a16b713bde5..e9190d09a6fd48e34a15ce761fa0aec201db9c30 100644
--- a/base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java
+++ b/base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java
@@ -180,19 +180,18 @@ public class TPSTokendb {
 
 public void tdbUpdateTokenEntry(TokenRecord tokenRecord)
 throws Exception {
+String method = "TPSTokendb.tdbUpdateTokenEntry:";
 String id = tokenRecord.getId();
 TokenRecord existingTokenRecord;
 try {
 existingTokenRecord = tps.tokenDatabase.getRecord(id);
 } catch (EDBRecordNotFoundException e) {
-CMS.debug("TPSTokendb.tdbUpdateTokenEntry: " + e);
-CMS.debug("TPSTokendb.tdbUpdateTokenEntry: Adding token " + id);
-// add and exit
-tdbAddTokenEntry(tokenRecord, TokenStatus.FORMATTED);
-return;
+String logMsg = method + e;
+CMS.debug(logMsg);
+throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_CONTACT_ADMIN);
 }
 // token found; modify
-CMS.debug("TPSTokendb.tdbUpdateTokenEntry: token entry found; Modifying with status: " + tokenRecord.getTokenStatus());
+CMS.debug(method + " token entry found; Modifying with status: " + tokenRecord.getTokenStatus());
 // don't change the create time of an existing token record; put it back
 tokenRecord.setCreateTimestamp(existingTokenRecord.getCreateTimestamp());
 tps.tokenDatabase.updateRecord(id, tokenRecord);
diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java
index 24b2dbf8200ae32dc4627e1fed6e9c5af64b187f..4182cc1c879f69b8200c90586fdd4a13d23ec6c5 100644
--- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java
+++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java
@@ -366,13 +366,14 @@ public class TPSEnrollProcessor extends TPSProcessor {
 
 pkcs11objx.setCUID(appletInfo.getCUID());
 
+logMsg = "add token during enrollment";
 if (!isTokenPresent) {
 try {
-tps.tdb.tdbAddTokenEntry(tokenRecord, TokenStatus.FORMATTED);
+tps.tdb.tdbAddTokenEntry(tokenRecord, TokenStatus.UNFORMATTED);
+tps.tdb.tdbActivity(ActivityDatabase.OP_ADD, tokenRecord, session.getIpAddress(), logMsg, "success");
 } catch (Exception e) {
-String failMsg = "add token failure";
-logMsg = failMsg + ":" + e.toString();
-tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), logMsg,
+logMsg = logMsg + ":" + e.toString();
+tps.tdb.tdbActivity(ActivityDatabase.OP_ADD, tokenRecord, session.getIpAddress(), logMsg,
 "failure");
 throw new TPSException(logMsg);
 }
@@ -397,6 +398,7 @@ public class TPSEnrollProcessor extends TPSProcessor {
 }
 
 //most failed would have thrown an exception
+logMsg = " generateCertsAfterRenewalRecoveryPolicy returned status=" + status;
 String statusString = "Unknown"; // gives some meaningful debug message
 if (status == TPSStatus.STATUS_NO_ERROR)
 statusString = "Enrollment to follow";
@@ -409,7 +411,6 @@ public class TPSEnrollProcessor extends TPSProcessor {
 renewed = true;
 tps.tdb.tdbActivity(ActivityDatabase.OP_RENEWAL, tokenRecord, session.getIpAddress(), logMsg, "success");
 } else {
-logMsg = " generateCertsAfterRenewalRecoveryPolicy returned status=" + status;
 CMS.debug(method + logMsg);
 tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), logMsg,
 "failure");
@@ -536,13 +537,14 @@ public class

[Pki-devel] [PATCH] 762 Removed selftest interface from TPS UI.

2016-06-03 Thread Endi Sukma Dewata 

The selftest interface has been removed from TPS UI to avoid
confusion due to its limited usefulness.

https://fedorahosted.org/pki/ticket/2344

Pushed to master under one-liner/trivial rule.

--
Endi S. Dewata
>From af1d50bae945e14e1edc198d78d774b6ca491a5d Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" 
Date: Sat, 4 Jun 2016 01:20:04 +0200
Subject: [PATCH] Removed selftest interface from TPS UI.

The selftest interface has been removed from TPS UI to avoid
confusion due to its limited usefulness.

https://fedorahosted.org/pki/ticket/2344
---
 base/tps/shared/webapps/tps/ui/index.html | 8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/base/tps/shared/webapps/tps/ui/index.html b/base/tps/shared/webapps/tps/ui/index.html
index f2a9d758457d98234b5baa1cbe85773a509173bb..63baf3e27bbc5e4267d91fc1c3f5586991b3abb8 100644
--- a/base/tps/shared/webapps/tps/ui/index.html
+++ b/base/tps/shared/webapps/tps/ui/index.html
@@ -38,7 +38,9 @@
 
 
 
+

Re: [Pki-devel] [pki-devel][PATCH] 0069-Show-KeyOwner-info-when-viewing-recovery-requests.patch

2016-06-03 Thread John Magne 

Pushed to master based on cfu's verbal conditional ACK for this 
(after I modded it the way she requested)

Tested to work.

commit 3cd58a98022141da2af4bf0bad29ab1dbdc86fbe
Author: Jack Magne 
Date:   Wed Jun 1 15:05:20 2016 -0700




Closing ticket #1512

- Original Message -
> From: "Christina Fu" 
> To: pki-devel@redhat.com
> Sent: Friday, June 3, 2016 2:46:28 PM
> Subject: Re: [Pki-devel] [pki-devel][PATCH] 
> 0069-Show-KeyOwner-info-when-viewing-recovery-requests.patch
> 
> while the patch works, I think the original code logic is somehow flawed in a
> way that it uses the "profile" attribute to determine whether the request
> was non-TMS archival requests, and if null it treats it as TMS. It would
> make better sense if we add a separate case instead of lumping the handling
> of recovery requests inside where the TMS handling is at.
> 
> thanks,
> Christina
> 
> On 06/01/2016 03:13 PM, John Magne wrote:
> 
> 
> 
> Show KeyOwner info when viewing recovery requests.
> 
> This simple fix will grab the subject info out of the cert
> associated with either pending or complete recovery requests being
> viewed in the KRA UI.
> 
> For example:
> 
> KeyOwner:  UID=jmagne, O=Token Key User
> 
> Will be displayed.
> Have seen this display for both pending and completed recovery requests.
> 
> This simple fix should be good enough for this round, despite the bug
> asking about agent info and such. Those enhancements for later.
> 
> Ticket : Ticket #1512 : Key owner info missing from the Search results of
> Recovery request
> 
> 
> ___
> Pki-devel mailing list Pki-devel@redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
> 
> 
> ___
> Pki-devel mailing list
> Pki-devel@redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

Re: [Pki-devel] [pki-devel][PATCH] 0069-Show-KeyOwner-info-when-viewing-recovery-requests.patch

2016-06-03 Thread Christina Fu 
while the patch works, I think the original code logic is somehow flawed 
in a way that it uses the "profile" attribute to determine whether the 
request was non-TMS archival requests, and if null it treats it as TMS.  
It would make better sense if we add a separate case instead of lumping 
the handling of recovery requests inside where the TMS handling is at.


thanks,
Christina

On 06/01/2016 03:13 PM, John Magne wrote:

Show KeyOwner info when viewing recovery requests.
 
 This simple fix will grab the subject info out of the cert

 associated with either pending or complete recovery requests being
 viewed in the KRA UI.
 
 For example:
 
 KeyOwner:  UID=jmagne, O=Token Key User
 
 Will be displayed.

 Have seen this display for both pending and completed recovery requests.

 This simple fix should be good enough for this round, despite the bug
 asking about agent info and such. Those enhancements for later.
 
 Ticket : Ticket #1512 : Key owner info missing from the Search results of Recovery request



___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel


___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

[Pki-devel] [PATCH] 761 Fixed truncated token activity message in TPS UI.

2016-06-03 Thread Endi Sukma Dewata 

The TPS UI has been modified to display the token activity message
in a textarea to avoid truncation.

The UI framework class has been modified to handle textarea.

The CSS has been modified to align the field label with the top of
textarea.

https://fedorahosted.org/pki/ticket/2299

Pushed to master under one-liner/trivial rule.

--
Endi S. Dewata
>From 9c7c9dc278451fde67c725c2898e9dc92e199060 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" 
Date: Fri, 3 Jun 2016 20:58:23 +0200
Subject: [PATCH] Fixed truncated token activity message in TPS UI.

The TPS UI has been modified to display the token activity message
in a textarea to avoid truncation.

The UI framework class has been modified to handle textarea.

The CSS has been modified to align the field label with the top of
textarea.

https://fedorahosted.org/pki/ticket/2299
---
 base/server/share/webapps/pki/js/pki-ui.js   | 6 +++---
 base/tps/shared/webapps/tps/ui/activity.html | 4 +++-
 dogtag/common-ui/shared/css/pki-ui.css   | 1 +
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/base/server/share/webapps/pki/js/pki-ui.js b/base/server/share/webapps/pki/js/pki-ui.js
index 288461fa20d314581dac5163e7fad8c7e03a76de..c4acdb9965c57c297f7eb748b493a54bdcb6a6da 100644
--- a/base/server/share/webapps/pki/js/pki-ui.js
+++ b/base/server/share/webapps/pki/js/pki-ui.js
@@ -1080,7 +1080,7 @@ var EntryPage = Page.extend({
 
 if (self.mode == "view") {
 // All fields are read-only.
-self.$(".pki-fields input").each(function(index) {
+self.$(".pki-fields input, select, textarea").each(function(index) {
 var input = $(this);
 input.attr("readonly", "readonly");
 });
@@ -1091,7 +1091,7 @@ var EntryPage = Page.extend({
 } else {
 
 // Show editable fields.
-self.$(".pki-fields input").each(function(index) {
+self.$(".pki-fields input, select, textarea").each(function(index) {
 var input = $(this);
 var name = input.attr("name");
 if (_.contains(self.editable, name)) {
@@ -1105,7 +1105,7 @@ var EntryPage = Page.extend({
 self.editMenu.show();
 }
 
-self.$(".pki-fields input").each(function(index) {
+self.$(".pki-fields input, select, textarea").each(function(index) {
 var input = $(this);
 self.loadField(input);
 });
diff --git a/base/tps/shared/webapps/tps/ui/activity.html b/base/tps/shared/webapps/tps/ui/activity.html
index 5ba96a4e19f033c4f85a448a51e13d056d059684..d9a32994feff62efd4ca8e4914b9c3e242859d80 100644
--- a/base/tps/shared/webapps/tps/ui/activity.html
+++ b/base/tps/shared/webapps/tps/ui/activity.html
@@ -42,6 +42,8 @@
 Date
 
 Message
-
+
+
+
 
 
diff --git a/dogtag/common-ui/shared/css/pki-ui.css b/dogtag/common-ui/shared/css/pki-ui.css
index dcf9595a6f8b6873f1407093cf0af920ff040adc..1728a737eb34919f76545ccb01e8c9d50c06e774 100644
--- a/dogtag/common-ui/shared/css/pki-ui.css
+++ b/dogtag/common-ui/shared/css/pki-ui.css
@@ -71,6 +71,7 @@ fieldset label {
   min-width: 150px;
   display: inline-block;
   line-height: 30px;
+  vertical-align: top;
 }
 
 fieldset input {
-- 
2.5.5

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

Re: [Pki-devel] [PATCH] pki-cfu-0129-Ticket-2352-TMS-missing-netkeyKeyRecovery-requests-o.patch

2016-06-03 Thread Christina Fu 
The original "Show archival requests" and "Show recovery requests" are 
actually quite misleading, as they do NOT show any archival or recovery 
requests for TMS.

However, for the lack of a better idea, I'll leave them as is.

commit 1c5458150d583481415e2bde4e68d8ab7bbf56d9

thanks,
Christina


On 06/03/2016 10:42 AM, John Magne wrote:

ACK

Does the job with little fuss.

One thing I would push for is to leave the original labels for standard requests
the way they were and NOT call them "Non Token " requests.

This we the old behavior remains and the user can explore the new options 
provided
for TMS related requests if they so choose.




- Original Message -

From: "Christina Fu" 
To: "pki-devel" 
Sent: Friday, June 3, 2016 10:22:07 AM
Subject: [Pki-devel] [PATCH] 
pki-cfu-0129-Ticket-2352-TMS-missing-netkeyKeyRecovery-requests-o.patch

https://fedorahosted.org/pki/ticket/2352
  Ticket #2352 [TMS] missing netkeyKeyRecovery requests option in KRA
agent for "List Request"
  This patch allows KRA agent to list netkeyKeyRecovery requests

thanks,
Christina

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel


___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

Re: [Pki-devel] [PATCH] pki-cfu-0129-Ticket-2352-TMS-missing-netkeyKeyRecovery-requests-o.patch

2016-06-03 Thread John Magne 
ACK

Does the job with little fuss.

One thing I would push for is to leave the original labels for standard requests
the way they were and NOT call them "Non Token " requests.

This we the old behavior remains and the user can explore the new options 
provided
for TMS related requests if they so choose.




- Original Message -
> From: "Christina Fu" 
> To: "pki-devel" 
> Sent: Friday, June 3, 2016 10:22:07 AM
> Subject: [Pki-devel] [PATCH] 
> pki-cfu-0129-Ticket-2352-TMS-missing-netkeyKeyRecovery-requests-o.patch
> 
> https://fedorahosted.org/pki/ticket/2352
>  Ticket #2352 [TMS] missing netkeyKeyRecovery requests option in KRA
> agent for "List Request"
>  This patch allows KRA agent to list netkeyKeyRecovery requests
> 
> thanks,
> Christina
> 
> ___
> Pki-devel mailing list
> Pki-devel@redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

Re: [Pki-devel] [PATCH] 320 - pki-server db changes

2016-06-03 Thread Ade Lee 
With patch this time:


On Fri, 2016-06-03 at 08:59 -0400, Ade Lee wrote:
> commit 9450b5f7695cc827cced6e86281694daa1e5c2c8
> Author: Ade Lee 
> Date:   Thu Jun 2 09:41:35 2016 -0400
> 
> Add commands to db-server to help with DB related changes
> 
> Added pki-server kra-db-vlv-add, kra-db-vlv-del, kra-db-vlv
> -reindex
> Added pki-server db-schema-upgrade
> 
> If the admin has the directory manager (or equivalent) simple
> creds,
> then they can enter them as parameters and perform the
> operations.
> 
> Otherwise, they can specify --generate-ldif to generate LDIF
> files
> containing the changes that need to be implemented, and implement
> them using GSSAPI or otherwise.
> 
> Tickets 2320, 2319
> 
> Please review,
> Thanks,
> Ade
> 
> ___
> Pki-devel mailing list
> Pki-devel@redhat.com
> https://www.redhat.com/mailman/listinfo/pki-develFrom 9450b5f7695cc827cced6e86281694daa1e5c2c8 Mon Sep 17 00:00:00 2001
From: Ade Lee 
Date: Thu, 2 Jun 2016 09:41:35 -0400
Subject: [PATCH] Add commands to db-server to help with DB related changes

Added pki-server kra-db-vlv-add, kra-db-vlv-del, kra-db-vlv-reindex
Added pki-server db-schema-upgrade

If the admin has the directory manager (or equivalent) simple creds,
then they can enter them as parameters and perform the operations.

Otherwise, they can specify --generate-ldif to generate LDIF files
containing the changes that need to be implemented, and implement
them using GSSAPI or otherwise.

Tickets 2320, 2319
---
 base/server/python/pki/server/__init__.py |  11 +-
 base/server/python/pki/server/cli/db.py   |  89 +++-
 base/server/python/pki/server/cli/kra.py  | 352 ++
 3 files changed, 449 insertions(+), 3 deletions(-)

diff --git a/base/server/python/pki/server/__init__.py b/base/server/python/pki/server/__init__.py
index 47f6aa5b46af6cf38b231d94a88e6bb02c7d99b1..8347311cfe1692a500f21d86b0ac0c8261e1d752 100644
--- a/base/server/python/pki/server/__init__.py
+++ b/base/server/python/pki/server/__init__.py
@@ -318,7 +318,8 @@ class PKISubsystem(object):
 def disable(self):
 self.instance.undeploy(self.name)
 
-def open_database(self, name='internaldb'):
+def open_database(self, name='internaldb', bind_dn=None,
+  bind_password=None):
 
 # TODO: add LDAPI support
 hostname = self.config['%s.ldapconn.host' % name]
@@ -341,7 +342,13 @@ class PKISubsystem(object):
 connection.set_security_database(self.instance.nssdb_dir)
 
 auth_type = self.config['%s.ldapauth.authtype' % name]
-if auth_type == 'BasicAuth':
+if (bind_dn is not None and bind_password is not None):
+# connect using the provided credentials
+connection.set_credentials(
+bind_dn=bind_dn,
+bind_password=bind_password
+)
+elif auth_type == 'BasicAuth':
 connection.set_credentials(
 bind_dn=self.config['%s.ldapauth.bindDN' % name],
 bind_password=self.instance.get_password(name)
diff --git a/base/server/python/pki/server/cli/db.py b/base/server/python/pki/server/cli/db.py
index 6cfd6b410eb75394f4b88b087b43a0538d3db6c6..709b39e2c576ffe60cfc04e71ebc9c3f3739bef5 100644
--- a/base/server/python/pki/server/cli/db.py
+++ b/base/server/python/pki/server/cli/db.py
@@ -23,6 +23,7 @@ from __future__ import print_function
 import getopt
 import ldap
 import nss.nss as nss
+import subprocess
 import sys
 
 import pki.cli
@@ -35,6 +36,92 @@ class DBCLI(pki.cli.CLI):
 'db', 'DB management commands')
 
 self.add_module(DBUpgrade())
+self.add_module(DBSchemaUpgrade())
+
+
+class DBSchemaUpgrade(pki.cli.CLI):
+
+SCHEMA_PATH = '/usr/share/pki/server/conf/schema.ldif'
+
+def __init__(self):
+super(DBSchemaUpgrade, self).__init__(
+'schema-upgrade', 'Upgrade PKI database schema')
+
+def usage(self):
+print('Usage: pki-server db-schema-upgrade [OPTIONS]')
+print()
+print('  -i, --instanceInstance ID (default: pki-tomcat).')
+print('  -D, --bind-dn DN to connect to DB (default: cn=Directory Manager).')
+print('  -w, --bind-password  Password to connect to DB.')
+print('  -v, --verbose  Run in verbose mode.')
+print('  --help Show help message.')
+print()
+
+def execute(self, args):
+try:
+opts, _ = getopt.gnu_getopt(
+args, 'i:D:w:v', ['instance=', 'bind-dn=', 'bind-password=',
+  'verbose', 'help'])
+
+except getopt.GetoptError as e:
+print('ERROR: ' + str(e))
+self.usage()
+sys.exit(1)
+
+instance_name = 'pki-tomcat'
+bind_dn = 'cn=Directory

[Pki-devel] [PATCH] 320 - pki-server db changes

2016-06-03 Thread Ade Lee 
commit 9450b5f7695cc827cced6e86281694daa1e5c2c8
Author: Ade Lee 
Date:   Thu Jun 2 09:41:35 2016 -0400

Add commands to db-server to help with DB related changes

Added pki-server kra-db-vlv-add, kra-db-vlv-del, kra-db-vlv-reindex
Added pki-server db-schema-upgrade

If the admin has the directory manager (or equivalent) simple creds,
then they can enter them as parameters and perform the operations.

Otherwise, they can specify --generate-ldif to generate LDIF files
containing the changes that need to be implemented, and implement
them using GSSAPI or otherwise.

Tickets 2320, 2319

Please review,
Thanks,
Ade

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

Re: [Pki-devel] [PATCH] 0120..0121 Remove pki-ipa-retrieve-key script

2016-06-03 Thread Fraser Tweedale 
On Thu, Jun 02, 2016 at 11:45:43PM -0500, Endi Sukma Dewata wrote:
> On 5/31/2016 11:45 PM, Fraser Tweedale wrote:
> > G'day comrades,
> > 
> > Please review the attached two patches, which...
> > 
> > (Patch 0120)
> > 
> > - provide for passing of configuration (from CS.cfg) to KeyRetriever
> >   implementations
> > 
> > - generalise IPACustodiaKeyRetriever to ExternalProcessKeyRetriever,
> >   which executes a configured executable rather than a hardcoded one
> > 
> > (Patch 0121)
> > 
> > - remove pki-ipa-retrieve-key script; it is being moved to FreeIPA
> >   repo
> > 
> > Cheers,
> > Fraser
> 
> ACK.
> 
> Separate issue. Instead of returning multiple binary attributes delimited
> with 0 byte through standard output, it might be better to use JSON file
> instead. So the command can be defined something like this:
> 
> features.authority.keyRetrieverConfig.exec=/usr/libexec/pki-ipa-retrieve-key
> -o {output}
> 
> The ExternalProcessKeyRetriever will replace the {output} with a temporary
> file, then later parse the result from that file.
> 
Thanks Endi; pushed to master:

419ca3000142c60f176aabc68a2c5c3a1a3c1ea9 Lightweight CAs: remove 
pki-ipa-retrieve-key script
f11e0b372e3a0736050dd9e2858fce3178171ee6 Lightweight CAs: generalise 
subprocess-based key retrieval

I agree with the JSON enhancement, but not with using a temporary
file; we can just send the JSON through stdout.  I filed ticket:
https://fedorahosted.org/pki/ticket/2351

Cheers,
Fraser

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel