pki.git/base/java-tools, branch branch-10.2.7-dev1 Unnamed repository; edit this file 'description' to name the repository. Added support for cloning 3rd-party CA certificates. 2016-04-02T05:48:58+00:00 Endi S. Dewata edewata@redhat.com 2016-03-17T14:23:34+00:00 9eba5f33f04348ee4b243d3fc0d095268f824115 The installation code has been modified such that it imports all CA certificates from the PKCS #12 file for cloning before the server is started using certutil. The user certificates will continue to be imported using the existing JSS code after the server is started. This is necessary since JSS is unable to preserve the CA certificate nicknames. The PKCS12Util has been modified to support multiple certificates with the same nicknames. The pki pkcs12-cert-find has been modified to show certificate ID and another field indicating whether the certificate has a key. The pki pkcs12-cert-export has been modified to accept either certificate nickname or ID. The pki pkcs12-import has been modified to provide options for importing only user certificates or CA certificates. https://fedorahosted.org/pki/ticket/1742 
The installation code has been modified such that it imports all
CA certificates from the PKCS #12 file for cloning before the
server is started using certutil. The user certificates will
continue to be imported using the existing JSS code after the
server is started. This is necessary since JSS is unable to
preserve the CA certificate nicknames.

The PKCS12Util has been modified to support multiple certificates
with the same nicknames.

The pki pkcs12-cert-find has been modified to show certificate ID
and another field indicating whether the certificate has a key.

The pki pkcs12-cert-export has been modified to accept either
certificate nickname or ID.

The pki pkcs12-import has been modified to provide options for
importing only user certificates or CA certificates.

https://fedorahosted.org/pki/ticket/1742
Additional clean-ups for PKCS #12 utilities. 2016-04-02T05:48:04+00:00 Endi S. Dewata edewata@redhat.com 2016-03-17T14:23:34+00:00 9bd9548d5c1718ad8159f2134f170649c092a581 The pki_server_external_cert_path has been renamed to pki_server_external_certs_path to match the file name. A default pki_server_external_certs_path has been added to default.cfg. The pki pkcs12-export has been modified to export into existing PKCS #12 file by default. The pki-server instance-cert-export has been modified to accept a list of nicknames to export. https://fedorahosted.org/pki/ticket/1742 
The pki_server_external_cert_path has been renamed to
pki_server_external_certs_path to match the file name.

A default pki_server_external_certs_path has been added to
default.cfg.

The pki pkcs12-export has been modified to export into existing
PKCS #12 file by default.

The pki-server instance-cert-export has been modified to accept a
list of nicknames to export.

https://fedorahosted.org/pki/ticket/1742
Renamed PKCS #12 options for consistency. 2016-04-02T05:46:22+00:00 Endi S. Dewata edewata@redhat.com 2016-03-17T09:59:19+00:00 a1de52ab41d0b0c9d5df4163224525ce940e91a8 The pki CLI's --pkcs12 options has been renamed to --pkcs12-file for consistency with pki-server CLI options. https://fedorahosted.org/pki/ticket/1742 
The pki CLI's --pkcs12 options has been renamed to --pkcs12-file
for consistency with pki-server CLI options.

https://fedorahosted.org/pki/ticket/1742
Added workaround for JSS limitation in pki pkcs12-import. 2016-04-02T05:06:17+00:00 Endi S. Dewata edewata@redhat.com 2016-02-25T20:31:24+00:00 489fb993aeadf6f21f6a4a9655c2af2dc13eebcf Currently JSS is unable to import CA certificates while preserving their nicknames. As a workaround, the pki pkcs12-import has been modified such that it exports individual CA certificates from PKCS The remaining user certificates will continue to be imported using JSS. A new pki pkcs12-cert-export command has been added to export individual certificates from PKCS #12 file into PEM files. The pki pkcs12-import has been modified to take a list of nicknames of the certificates to be imported into NSS database. https://fedorahosted.org/pki/ticket/1742 
Currently JSS is unable to import CA certificates while preserving
their nicknames. As a workaround, the pki pkcs12-import has been
modified such that it exports individual CA certificates from PKCS
The remaining user certificates will continue to be imported using
JSS.

A new pki pkcs12-cert-export command has been added to export
individual certificates from PKCS #12 file into PEM files.

The pki pkcs12-import has been modified to take a list of nicknames
of the certificates to be imported into NSS database.

https://fedorahosted.org/pki/ticket/1742
Added Python wrapper for pki pkcs12-import. 2016-04-02T04:51:18+00:00 Endi S. Dewata edewata@redhat.com 2016-02-24T21:22:10+00:00 bd99e5bb6a0d286b2e83115a85cdcc95a52b654d A Python wrapper module has been added for the pki pkcs12-import command to provide a mechanism to implement a workaround for JSS import limitation. Additional fixes by cheimes have been merged into this patch: setup.py: We must track all sub-packages manually. pylint-build-scan.py: pylint confuses the 'pki' package with the 'pki' command. The workaround symlinks the command and analysis the command under its alternative name. https://fedorahosted.org/pki/ticket/1742 
A Python wrapper module has been added for the pki pkcs12-import
command to provide a mechanism to implement a workaround for JSS
import limitation.

Additional fixes by cheimes have been merged into this patch:

setup.py:
We must track all sub-packages manually.

pylint-build-scan.py:
pylint confuses the 'pki' package with the 'pki' command. The
workaround symlinks the command and analysis the command under its
alternative name.

https://fedorahosted.org/pki/ticket/1742
Updated PKCS12Util. 2016-04-02T04:07:30+00:00 Endi S. Dewata edewata@redhat.com 2016-02-22T17:29:46+00:00 943b62447dc41286e172bd8e11f747a0f524695b The PKCSUtil has been updated to match the functionality provided by JSS. In order to import a certificate properly, the certificate needs to be exported with its private key and certificate chain, so the option to export without key or without the certificate chain has been removed. The option to export only the certificate chain has also been removed since it can be done by exporting the complete certificate chain, then remove the leaf certificate while keeping the chain. The pki pkcs12-cert-add has been modified to provide an option to create a new PKCS #12 file to store the certificate. The pki pkcs12-export has been modified to always overwrite existing file to match the behavior of PKCS12Export. It also has been modified to accept a list of nicknames of certificates to export. https://fedorahosted.org/pki/ticket/1742 
The PKCSUtil has been updated to match the functionality provided
by JSS.

In order to import a certificate properly, the certificate needs
to be exported with its private key and certificate chain, so the
option to export without key or without the certificate chain has
been removed. The option to export only the certificate chain has
also been removed since it can be done by exporting the complete
certificate chain, then remove the leaf certificate while keeping
the chain.

The pki pkcs12-cert-add has been modified to provide an option
to create a new PKCS #12 file to store the certificate.

The pki pkcs12-export has been modified to always overwrite
existing file to match the behavior of PKCS12Export. It also has
been modified to accept a list of nicknames of certificates to
export.

https://fedorahosted.org/pki/ticket/1742
Added CLI to manage keys in PKCS #12 file. 2016-04-02T04:07:06+00:00 Endi S. Dewata edewata@redhat.com 2016-02-17T17:06:55+00:00 ba3bbf837ef840453cc2d718e6e7ad09743ee296 A new CLI has been added to remove a key from a PKCS #12 file based on the key ID. https://fedorahosted.org/pki/ticket/1742 
A new CLI has been added to remove a key from a PKCS #12 file
based on the key ID.

https://fedorahosted.org/pki/ticket/1742
Added CLI to manage certs in PKCS #12 file. 2016-04-02T04:06:49+00:00 Endi S. Dewata edewata@redhat.com 2016-02-15T04:27:19+00:00 27771f580f836b3b4130cc979635db4838933540 New CLIs have been added to add a certificate from NSS database and to remove a certificate from the PKCS #12 file. https://fedorahosted.org/pki/ticket/1742 
New CLIs have been added to add a certificate from NSS database and
to remove a certificate from the PKCS #12 file.

https://fedorahosted.org/pki/ticket/1742
Refactored PKCS12Util to use PKCS12 object. 2016-04-02T03:14:31+00:00 Endi S. Dewata edewata@redhat.com 2016-02-15T04:27:19+00:00 2c9776a6efe1afcc3021f369dc694b0a33a47ed0 The PKCS12Util has been modified such that it stores the certs and keys in PKCS12 object instead of PFX object. The PKCS12 object can be loaded either from NSS database or PKCS #12 file. The PKCS12 object can later be stored into NSS database or PKCS #12 file. The pki pkcs12-cert-find and pkcs12-key-find commands were modified to require PKCS #12 password. https://fedorahosted.org/pki/ticket/1742 
The PKCS12Util has been modified such that it stores the certs and
keys in PKCS12 object instead of PFX object. The PKCS12 object can
be loaded either from NSS database or PKCS #12 file. The PKCS12
object can later be stored into NSS database or PKCS #12 file.

The pki pkcs12-cert-find and pkcs12-key-find commands were modified
to require PKCS #12 password.

https://fedorahosted.org/pki/ticket/1742
Refactored PKCS12CertInfo and PKCS12KeyInfo classes. 2016-04-02T03:14:00+00:00 Endi S. Dewata edewata@redhat.com 2016-02-15T15:52:23+00:00 5f48cd624742c897979ac977bfe9d71e26a9e697 The PKCS12CertInfo and PKCS12KeyInfo classes have been moved out of PKCS12Util into separate classes. The createLocalKeyID() has been modified to return BigInteger instead of byte array. https://fedorahosted.org/pki/ticket/1742 
The PKCS12CertInfo and PKCS12KeyInfo classes have been moved out
of PKCS12Util into separate classes.

The createLocalKeyID() has been modified to return BigInteger
instead of byte array.

https://fedorahosted.org/pki/ticket/1742