pki.git/base/java-tools/src/com/netscape, branch master Unnamed repository; edit this file 'description' to name the repository. Ticket #2757 CMC enrollment profiles for system certificates 2017-07-07T23:51:22+00:00 Christina Fu cfu@redhat.com 2017-06-27T01:09:55+00:00 65b1242cd139e6306fb3e039193a3a6b223ea9b1 This patch supports CMC-based system certificate requests. This patch contains the following: * The code in CMCAuth (agent-based) to check ssl client auth cert against the CMC signing cert * The cmc-based system enrollment profiles: caCMCauditSigningCert.cfg caCMCcaCert.cfg caCMCkraStorageCert.cfg caCMCkraTransportCert.cfg caCMCocspCert.cfg caCMCserverCert.cfg caCMCsubsystemCert.cfg * new URI's in web.xml as new access points Usage example can be found here: http://pki.fedoraproject.org/wiki/PKI_10.4_CMC_Feature_Update_(RFC5272)#Examples_.28System_Certificates.29 
This patch supports CMC-based system certificate requests.

This patch contains the following:
* The code in CMCAuth (agent-based) to check ssl client auth cert against the CMC signing cert
* The cmc-based system enrollment profiles:
caCMCauditSigningCert.cfg
caCMCcaCert.cfg
caCMCkraStorageCert.cfg
caCMCkraTransportCert.cfg
caCMCocspCert.cfg
caCMCserverCert.cfg
caCMCsubsystemCert.cfg
* new URI's in web.xml as new access points

Usage example can be found here:
http://pki.fedoraproject.org/wiki/PKI_10.4_CMC_Feature_Update_(RFC5272)#Examples_.28System_Certificates.29
Ticket #2616 CMC: id-cmc-statusInfo ==> id-cmc-statusInfoV2 2017-06-23T17:07:40+00:00 Christina Fu cfu@redhat.com 2017-06-17T01:20:38+00:00 6273907e0ca36425fa30c106b7fdd28c510b1162 This patch contains the following update: * Structurely, CMCStatusInfo to CMCStatusInfoV2 update; no extendedFailInfo has been added at this point * In case of EncryptedPOP, instead of returning with CMCStatus pending where PendInfo contains the requestID, it now returns CMCStatus failed whith responseInfo control contains the requestID. On the client side, CMCRequest now processes the responseInfo and returns the DecryptedPOP with requestID in the regInfo control. CMCResponse has been updated to handle the new controls as well. * A number of fail info codes are now being supported by the server to add clarity to CMC failed status, including: badMessageCheck, badRequest, unsuportedExt, badIdentity, popRequired, and popFailed. 
This patch contains the following update:
* Structurely, CMCStatusInfo to CMCStatusInfoV2 update; no extendedFailInfo has been added at this point
* In case of EncryptedPOP, instead of returning with CMCStatus pending where
  PendInfo contains the requestID, it now returns CMCStatus failed whith
  responseInfo control contains the requestID. On the client side, CMCRequest
  now processes the responseInfo and returns the DecryptedPOP with requestID in
  the regInfo control. CMCResponse has been updated to handle the new controls
  as well.
* A number of fail info codes are now being supported by the server to add
  clarity to CMC failed status, including:
  badMessageCheck, badRequest, unsuportedExt, badIdentity, popRequired, and popFailed.
Added pki ca-cert-status. 2017-06-16T22:46:43+00:00 Endi S. Dewata edewata@redhat.com 2017-05-23T16:15:17+00:00 80ca2e30cd90023ba39b0c93e10b98029ccdf455 A new pki ca-cert-status CLI has been added to check certificate validity using OCSP. By default the CLI will use the CA's internal OCSP service. https://pagure.io/dogtagpki/issue/2652 Change-Id: I0fe3b2f1ca8c7979f9e5fa6d048be2c9883a875d 
A new pki ca-cert-status CLI has been added to check certificate
validity using OCSP. By default the CLI will use the CA's
internal OCSP service.

https://pagure.io/dogtagpki/issue/2652

Change-Id: I0fe3b2f1ca8c7979f9e5fa6d048be2c9883a875d
Added search filter for pki ca-authority-find. 2017-06-16T22:37:45+00:00 Endi S. Dewata edewata@redhat.com 2017-06-15T02:00:52+00:00 8803f28aca4d0b4b55825d13c29772b87aa0de92 The pki ca-authority-find CLI has been modified to provide search filter based on the authority ID, parent ID, authority DN, and issuer DN. https://pagure.io/dogtagpki/issue/2652 Change-Id: I563a0b93eb7a00ae4771069812455ecc552f407c 
The pki ca-authority-find CLI has been modified to provide search
filter based on the authority ID, parent ID, authority DN, and
issuer DN.

https://pagure.io/dogtagpki/issue/2652

Change-Id: I563a0b93eb7a00ae4771069812455ecc552f407c
Fixed pki ca-cert-find and ca-cert-show output. 2017-06-15T03:11:30+00:00 Endi S. Dewata edewata@redhat.com 2017-06-15T00:22:49+00:00 9c13f3705d55897fd35bbe09c3f3f240a10ed21b The pki ca-cert-find and ca-cert-show output has been modified for consistency. https://pagure.io/dogtagpki/issue/2652 Change-Id: Ieb3550f7c18904ef26bc9a31529e2fa9a87de519 
The pki ca-cert-find and ca-cert-show output has been modified for
consistency.

https://pagure.io/dogtagpki/issue/2652

Change-Id: Ieb3550f7c18904ef26bc9a31529e2fa9a87de519
Fixed initial audit log signature verification. 2017-06-14T22:33:46+00:00 Endi S. Dewata edewata@redhat.com 2017-06-13T01:35:47+00:00 ab2e24b3087368a2aadfcda77323a7d0aa70db80 The AuditVerify has been modified to find the first signature properly and start the signature verification only after finding the first signature. https://pagure.io/dogtagpki/issue/2634 Change-Id: Ic35fc88e75173e65d8786bf7b62407fce0952f3e 
The AuditVerify has been modified to find the first signature
properly and start the signature verification only after finding
the first signature.

https://pagure.io/dogtagpki/issue/2634

Change-Id: Ic35fc88e75173e65d8786bf7b62407fce0952f3e
Fixed access banner normalization. 2017-06-14T00:33:51+00:00 Endi S. Dewata edewata@redhat.com 2017-06-05T19:50:00+00:00 5e0dcb69a734c9f52cca673a7a5189d31fb15774 The PKIService has been modified to trim whitespaces in access banner before returning the value to the client. The clients have been modified to no longer trim the banner. https://pagure.io/dogtagpki/issue/2671 Change-Id: I51c5e78d11c89c711e369328def27bb352aa49e6 
The PKIService has been modified to trim whitespaces in access
banner before returning the value to the client. The clients
have been modified to no longer trim the banner.

https://pagure.io/dogtagpki/issue/2671

Change-Id: I51c5e78d11c89c711e369328def27bb352aa49e6
Refactored AuditVerify (part 3). 2017-06-13T04:46:07+00:00 Endi S. Dewata edewata@redhat.com 2017-06-13T01:30:37+00:00 8096811531aaf2040bfcd0e4f14b11aa9ff66e7a The AuditVerify.verify() has been cleaned up and some debug messages have been added for clarity. https://pagure.io/dogtagpki/issue/2634 Change-Id: Id1c510dd0081e3abb4fb34da0737ea6a3a335ba4 
The AuditVerify.verify() has been cleaned up and some debug
messages have been added for clarity.

https://pagure.io/dogtagpki/issue/2634

Change-Id: Id1c510dd0081e3abb4fb34da0737ea6a3a335ba4
Refactored AuditVerify (part 2). 2017-06-13T04:46:00+00:00 Endi S. Dewata edewata@redhat.com 2017-06-12T15:16:45+00:00 fbcbc909481cf2e3a3046f5f2adfbb4293febb5c The code that performs the audit log verification in AuditVerify has been moved into a new verify() method. https://pagure.io/dogtagpki/issue/2634 Change-Id: Ic6d0f08b754feaac8779d7051e591ea03726df65 
The code that performs the audit log verification in AuditVerify
has been moved into a new verify() method.

https://pagure.io/dogtagpki/issue/2634

Change-Id: Ic6d0f08b754feaac8779d7051e591ea03726df65
Refactored AuditVerify (part 1). 2017-06-13T04:45:53+00:00 Endi S. Dewata edewata@redhat.com 2017-06-12T15:12:12+00:00 e481a42fd64864a7b1ce8061b4d74d6331125729 The code that retrieves and verifies the signing certificate in AuditVerify has been moved into a new setSigningCert() method. https://pagure.io/dogtagpki/issue/2634 Change-Id: I37b9d73a2ff162735359d2eed222296bbb1fcd60 
The code that retrieves and verifies the signing certificate in
AuditVerify has been moved into a new setSigningCert() method.

https://pagure.io/dogtagpki/issue/2634

Change-Id: I37b9d73a2ff162735359d2eed222296bbb1fcd60