Issues Resolved in 6.14.0
Released on 7th August 2018
Technical Requirement
ECA-6978 - Implement Rest conventions
ECA-7022 - Specify license information for swagger dependencies
Bug
ECA-3298 - One Junit failure on DB2
ECA-4729 - getRequestServerName with ejbca behind a reverse proxy via ajp returns wrong server name
ECA-5416 - SoftCryptoToken used for database protection always debug logs stacktrace about PKCS12 keystore password
ECA-6292 - Common PKI CertHash OCSP extension should be a singleExtension instead of a responseExtension
ECA-6654 - PublicCryptoToken can't be used for database protection verification
ECA-6763 - EJB CLI still logs too much irrelevant info
ECA-6774 - Fix the active status logo in internal key binding.
ECA-6848 - Regression: 'Provide request info' hidden when only 'Select key algorithm' should be
ECA-6862 - CertificateDataSessionBean.findUsernameByIssuerDnAndSerialNumber declared final
ECA-6869 - Upgrade code for 6.11 creates access rules that are not normalized
ECA-6880 - fix unit tests for Commuity MariaDB+ubuntu+JBOSS711GA configuration
ECA-6887 - Return value for rejected approvals in EjbcaWS.getRemainingNumberOfApprovals(int) is incorrect
ECA-6895 - Refine behavior of ApprovalSessionBean.getRemainingNumberOfApprovals(int)
ECA-6901 - Handle non-DNs gracefully in CertTools.isDNReversed
ECA-6923 - Missed slashes in documentation links
ECA-6947 - Validator view not refreshed, editing Validators modifies cache content
ECA-6950 - Documentation: Custom certificate extension data link broken
ECA-6951 - Documentation links on Admin GUI overview page broken
ECA-6959 - Cache CA name lookup in RoleMembers page view scope
ECA-6997 - Database upgrade version comparison does not handle varying number if fields
ECA-7000 - Improve isFullQualifiedDomainName
ECA-7001 - ExternalCommandCertificateValidator handles stdout and stderr incorrectly
ECA-7004 - Public key blacklist validator fails match on RSA keys when not all algorithms are specified in validator
ECA-7014 - External Command Certificate Validator should fail on non-zero exit code
ECA-7015 - The enum constant UNKNOWN needs a corresponding case label in this enum switch
ECA-7016 - Unlikely argument problems in ACME implementation
ECA-7027 - WS API documentation has wrong URL
ECA-7031 - Documentation Link broken for 'Manage Publishers'
ECA-7040 - Regression: External RA (polling) does not work for Keystore Requests
ECA-7043 - Upgrade with long version number can fail
ECA-7057 - Fix documentation link from Public Web
ECA-7063 - Peer connector settings are not saved when creating a new peer connector
ECA-7078 - Jenkins builds failure for test EjbcaWSCVCTest
ECA-7079 - Jenkins builds failure for SystemTests of REST API
ECA-7080 - Jenkins builds failure for AcmeWorkflowTest of ACME
ECA-7083 - CaaValidator always succeeds when the domain ignore list matches
ECA-7084 - Fix Jenkins test error: Non unique method in RA Master API
ECA-7085 - Some JUnit tests don't run
ECA-7086 - Regression: Help labels and at least one option is gone from the CAA Validator
ECA-7088 - some REST-related unit tests are failing in EJBCA_TRUNK_UNIT_PUPPET
ECA-7090 - Swagger inputs in snakecase are not evaluated in REST method input
ECA-7094 - Error "Can't reset to root in the middle of the path" during `ant install` on JBoss ≥6.4.19
ECA-7099 - CRL generation as CRL Issue interval can miss some intervals
ECA-7100 - Revocation CA lookup for nonConflictingCertificateData does not use normalized DN format
ECA-7101 - EjbcaWS.getProfile leaks information about CA's and EEPs
ECA-7108 - X509CA.upgrade could upgrade CA Overlap Time wrong from ancient version
ECA-7111 - Troubleshooting missing from documentation
ECA-7112 - Fix test failure EndEntityProfileSessionBeanTest.testAuthorization
ECA-7115 - WS customLog call calculates CA ID wrong if caName is missing
ECA-7116 - WS customLog call swaps username and admin certificate parameters in log
ECA-7140 - Ignore Top Level Domains field in CAA Validators no longer work
ECA-7141 - orm entry for AcemNonceData incorrect for PostgreSQL
ECA-7142 - Documentation Link broken for under OcspKeyBinding Tab
ECA-7144 - RaMasterApi dispatches non-serializable objects
ECA-7145 - Invalid error handling for EjbcaWS.getProfile (remote)
ECA-7148 - Jenkin's job EJBCA_TRUNK_UNIT_PUPPET compilation failure
ECA-7149 - Jenkins job EJBCA_TRUNK_UNIT_PUPPET has failing unit test of RsaKeyValidatorTest.testRocaWeakKeys
ECA-7150 - Regression ejbca-db-cli crashes with ClassNotFoundException: AcmeNonceData
ECA-7155 - Manage ACME Aliases is linking to SCEP documentation
ECA-7157 - Fields notBefore and notAfter in the order object are optional
ECA-7158 - HEAD endpoint for new-order is missing and required for certbot compliance
ECA-7159 - REST API /expire offset and maxNumberofResults doesn't work on multiple nodes
ECA-7160 - HEAD endpoint for new-account is missing and required for certbot compliance
ECA-7167 - Regression: Cannot generate keystore with autogenerated password from RA
ECA-7173 - ConcurrentModificationException while editing end entity with custom, dynamic, extensions
ECA-7176 - Regression: RA Web upload CSR auto-parsing stopped working
ECA-7179 - Regression: RA Web cleanup deletes existing end entity
ECA-7180 - NPE in ProfileAndTraceInterceptor
ECA-7181 - CertBot fails due to null values in JSON
ECA-7182 - ACME Link headers are not encoded according to the standard
ECA-7183 - Fix ACME notAfter validation failure
ECA-7184 - Check for incorrect approval settings for ACME CA/profile fails
ECA-7192 - ziprelease excludes configdump.sh from release zip
New Feature
ECA-5711 - RA API call base for ACME
ECA-6750 - System tests: VA Publisher with Throwaway certs
ECA-6845 - Fixing unittests EJBCA_TRUNK_MARIADB_RHEL64_JBOSSEAP64_OPENJDK8 Jenkins build
ECA-6851 - Create automated test for ECAQA-3
ECA-6853 - Add Peer RA Protocol Rule for SCEP
ECA-6854 - Create automated test for ECAQA-76
ECA-6858 - Create automated test for ECAQA-67
ECA-6867 - Create automated test for ECAQA-24
ECA-6868 - Create automated test for ECAQA-62
ECA-6874 - Create module for REST API
ECA-6876 - Implement client certificate authentication for REST API
ECA-6878 - REST API call: List of CAs
ECA-6882 - Create JAXRS "certificate" endpoint in ejbca-rest-api module
ECA-6891 - POST service endpoint to certificatecontroller for requesting new server certificate
ECA-6893 - ACME: Implement dns-01 validation method
ECA-6896 - Create automated test for ECAQA-42
ECA-6897 - Create automated test for ECAQA-8
ECA-6898 - User documentation REST API
ECA-6902 - Create REST service for downloading CA certificates
ECA-6903 - REST method for revoking a certificate
ECA-6904 - GET method to get certificates that are about to expire
ECA-6934 - Add RA proxying of EjbcaWS.findUser(UserMatch) and EjbcaWS.editUser(UserDataVOWS)
ECA-6937 - Create a common exception handler for the REST API
ECA-6941 - Add Swagger to the REST API
ECA-6942 - Create automated test for ECAQA-74
ECA-6944 - Create automated test for ECAQA-28
ECA-6948 - Use HEX serial number as identifier in the REST API
ECA-6953 - REST Json provider configuration
ECA-6954 - REST exceptions cleanup
ECA-6955 - REST soft exceptions
ECA-6956 - Create remaining JUnit test for REST
ECA-6957 - REST system tests
ECA-6958 - REST Use profile names as input instead of ID
ECA-6964 - Refactor cert enrollment REST service to do profile and endentity lookups behind RaMasterApi to improve performance
ECA-6970 - Add RA Proxying of EjbcaWS.getAvailableCertificateProfiles
ECA-6971 - Add RA Proxying of EjbcaWS.getAvailableCAsInProfile
ECA-6972 - Add RA proxying to EjbcaWS.processCertReq
ECA-6973 - Add RA proxying to EjbcaWS.cvcRequest
ECA-6974 - Add RA proxying to EjbcaWS.customLog
ECA-6975 - Add RA proxying to EjbcaWS.findCerts
ECA-6982 - Add RA proxying to EjbcaWS.getAuthorizedEndEntityProfiles
ECA-6983 - Add RA proxying to EjbcaWS.getCertificate(String, String)
ECA-6984 - Add RA proxying to EjbcaWS.getCertificatesByExpirationTime
ECA-6985 - Add RA proxying to EjbcaWS.getCertificatesByExpirationTimeAndType
ECA-6986 - Add RA proxying to EjbcaWS.getCertificatesByExpirationTimeAndIssuer
ECA-6987 - Add RA proxying to EjbcaWS.getLastCAChain
ECA-6988 - Add RA proxying to EjbcaWS.getProfile(int, String)
ECA-6989 - Add RA proxying to EjbcaWS. getLatestCRL
ECA-6990 - Add RA proxying to EjbcaWS.getRemainingNumberOfApprovals
ECA-6991 - Add RA proxying to EjbcaWS.isApproved(int)
ECA-6992 - Add RA proxying to EjbcaWS.isAuthorized(int)
ECA-6993 - Add RA proxying to EjbcaWS.pkcs12Req(String, String, String, String, String)
ECA-6994 - Add RA proxying to EjbcaWS.republishCertificate(int)
ECA-6999 - REST endpoint for keystore enrollment
ECA-7007 - REST endpoint to get CRL
ECA-7008 - REST endpoint to search for certificates
ECA-7010 - REST endpoint to check certificate revocation status
ECA-7011 - Start using Converters in REST related response, request and entity classes
ECA-7029 - Link Rest API documentation to the proper place
ECA-7030 - Prevent Swagger exposure in Production
ECA-7032 - Add RA proxying to EjbcaWS.getPublisherQueueLength(String)
ECA-7033 - REST endpoint to finalize enrollment after approval
ECA-7034 - Add RA proxying to EjbcaWS.revokeUser(String, int, boolean)
ECA-7035 - Add CLI command to list publishers
ECA-7038 - Extend EJBCA EJB CLI to allow adding RoleMembers of any supported type
ECA-7039 - Add Cavium Nitrox III as known HSM driver
ECA-7051 - Add protocol configuration for REST
ECA-7052 - Add REST APIs to Peer RA Protocol access rules
ECA-7053 - Add ACME to Peer RA Protocol access rules
ECA-7067 - Add positive audit log messages for all Validation operations
ECA-7076 - REST API - SystemTest - Authorized client requesting a new server certificate
ECA-7077 - REST API - SystemTest - Authorized client revokes a certificate
ECA-7092 - REST API license headers to Enterprise
ECA-7122 - Add RA proxying to EjbcaWS with request local instance first.
ECA-7126 - Add RA Proxying of EjbcaWS.getAvailableCAs
ECA-7127 - Rest APi unit tests are not run in Jenkins
ECA-7156 - Implement CAA identities
ECA-7178 - contacts should not be mandatory for ACME's POST newAccount endpoint
Task
ECA-6861 - Initial prototype of REST API
ECA-6871 - Add Fabiens cmp monitoring script to extras
ECA-6879 - Identification of certificates in REST API
ECA-6890 - Document Wildfly 12 configuration
ECA-6949 - Fix the Jenkins build EJBCA_TRUNK_MARIADB_RHEL64_JBOSSEAP64_OPENJDK8
ECA-7136 - Ensure quality in CAA Validator
ECA-7137 - Ensure quality in REST-API
ECA-7139 - Ensure quality in WS RA-proxying
Improvement
ECA-6090 - Add ability to specify multiple issuers in CAA validator
ECA-6162 - CT log request - optional full hierarchy, full Json request in debug log
ECA-6436 - Ability to set explicit.ecc.publickey.parameters for crypto tokens
ECA-6849 - Simplification of p11 token login (Crypto Token Activation)
ECA-6856 - Use consistent format of library license references
ECA-6863 - Fix easy to fix compiler warnings in Admin GUI classes
ECA-6873 - Improve handling when receiving SCEP getCACaps request for missing CA
ECA-6883 - Refactor X509CAInfo constructors to use build pattern
ECA-6884 - Run Web Tests on windows
ECA-6885 - CMP: add senderKID to responses when they are signed
ECA-6888 - unidfnr.enabled should have a default value
ECA-6892 - Create exhaustive regression tests for ApprovalSessionBean.getRemainingNumberOfApprovals(int)
ECA-6900 - Shift "Contributors" page from ejbca.org into Confluence Documentation
ECA-6905 - ACME draft-12 update: Remove tls-sni-02 and oob-01
ECA-6906 - ACME draft-12 update: Use camelcase instead of dash
ECA-6907 - ACME draft-12 update: New finalize workflow
ECA-6908 - ACME draft-12 update: Update and review all JavaDoc
ECA-6910 - ACME draft-12 update: Remove authz and cert resources "up" Link
ECA-6911 - ACME draft-12 update: newNonce should respond with HTTP 200
ECA-6912 - ACME draft-12 update: Update AcmeAccount creation workflow
ECA-6913 - ACME draft-12 update: Directory meta info should indicate if external account is required
ECA-6914 - ACME draft-12 update: Wildcard certificate issuance
ECA-6915 - ACME draft-12 update: Remove AcmeAuthorization scope
ECA-6916 - ACME draft-12 update: Update AcmeChallenge workflow
ECA-6917 - ACME draft-12 update: Verify response code for wrong content type
ECA-6918 - ACME: AcmeAccount should belong to an AcmeConfiguration
ECA-6920 - ACME persistence: AcmeNonceData
ECA-6922 - ACME draft-06 cleanup: Remove custom JAX-B serialization
ECA-6924 - ACME: Verify certbot compliance
ECA-6926 - ACME: Enable as part of release
ECA-6931 - ACME: Implement the missing calls in RaMasterApi to allow proxy use
ECA-6932 - ACME UI Configuration: GlobalAcmeConfiguration and AcmeConfigurations
ECA-6960 - ACME draft-12 update: Remove authzDeactivate resource "up" Link
ECA-6966 - Info log details when a database upgrade is started
ECA-6977 - Certificate Transparency, add verification of embedded SCTs and upgrade version of google/certificate-transparency-java
ECA-6980 - Remove root certificate from CT submission
ECA-6981 - GUI: Crypto Tokens form usability
ECA-6995 - GUI: End Entities search result revocation usability
ECA-7005 - Small improvement to CT debug logging
ECA-7017 - REST Jackson library unification
ECA-7018 - Add ACME to modular protocols configuration
ECA-7020 - When a CT log returns an error, log at info level instead of debug
ECA-7028 - modify REST enrollKeystore to accept JSON body rather than query parameters
ECA-7036 - Unidfnr data class should have unid as part of protection string.
ECA-7037 - File system property to disable X.509 client cert requirement for Admin GUI
ECA-7041 - Access rule '/cryptotoken/keys/generate/' is required to create CSR for OCSP Key Binding
ECA-7044 - Support Role namespace in EJB CLI
ECA-7045 - Reorganize crypto tokens documentation into a concept and an operational section
ECA-7048 - Adapt new RA API methods to RA API Guidelines
ECA-7049 - Make sure all RA API methods work both locally and remotely, where applicable
ECA-7056 - Create a "CA Overview" page in the documentation
ECA-7081 - Log all CRL parameters used when making a decision to generate a CRL or not
ECA-7087 - improve EJBCA_TRUNK_UNIT_PUPPET jenkins build (or runsa ant target) somehow, so that build error would make the build red
ECA-7091 - Remove Norwegian FNR from log
ECA-7095 - Enable "Don’t allow ROCA weak keys" in CA/B Forum RSA Key Validation Template
ECA-7097 - Merge REST revocation response classes
ECA-7113 - Make the dns resolver and iana root anchor configurable for acme
ECA-7121 - REST - return correct response code from POST and PUT endpoints
ECA-7123 - REST revocationstatus returns 'revoked' for non-existing entries
ECA-7124 - Complete IEjbcaWS JavaDoc for new RA master API calls.
ECA-7129 - Use static json for static swagger REST API documentation
ECA-7131 - SystemTest for REST Certificates search
ECA-7132 - Remove "default" ACME alias
ECA-7134 - Improve REST endpoint Swagger descriptions
ECA-7147 - Use consistent serial number response format in REST API
ECA-7166 - Update the documentation links for the OCSP keybindings page
ECA-7172 - Add new index for searches on AuditRecordData
ECA-7174 - Improve ProfileAndTraceInterceptor to print arguments properly
ECA-7177 - Increase CRL upload size from 60 KB to 250 MB
ECA-7186 - ACME Configuration: Hide EMPTY profile and add info text about Default CA etc.
ECA-7191 - Add request/response logging for REST calls