pki.git/base/server/cmsbundle/src, branch branch-10.2.7-dev1 Unnamed repository; edit this file 'description' to name the repository. Fixed mismatching certificate validity calculation. 2016-02-23T03:19:55+00:00 Endi S. Dewata edewata@redhat.com 2015-12-20T20:46:56+00:00 576c3afbe96aed07d994533767f1b4aec1b88e4c The CAValidityDefault has been modified to use Calendar API to calculate the certificate validity range to be consistent with the ValidityConstraint and ValidityDefault. https://fedorahosted.org/pki/ticket/1682 (cherry picked from commit 9193fe5191d1bd857b7e1f5a398c6a279b42ec84) 
The CAValidityDefault has been modified to use Calendar API to
calculate the certificate validity range to be consistent with
the ValidityConstraint and ValidityDefault.

https://fedorahosted.org/pki/ticket/1682
(cherry picked from commit 9193fe5191d1bd857b7e1f5a398c6a279b42ec84)
Ticket 1160 audit needed for getKeyInfo; audit missing for auth/authz at REST. This patch addresses: (2) audit needed for getKeyInfo, the 2nd part of this ticket where the key services are missing some auditing. 2015-05-14T21:07:17+00:00 Christina Fu cfu@redhat.com 2015-05-08T17:27:37+00:00 c0d14140aca982ac637d5fd34f1c3ddb23836867 






Ticket 1160 audit logging needed: REST API auth/authz; kra for getKeyInfo
2015-05-13T16:05:38+00:00

Christina Fu
cfu@redhat.com

2015-05-07T19:14:19+00:00

ccf2eb507471a9f19a1768befadeff404c96635e

   - (1) REST API auth/authz - this patch addresses the first part of this
     ticket where auditing is completely missing for authentication and
     authorization at the REST interface.





   - (1) REST API auth/authz - this patch addresses the first part of this
     ticket where auditing is completely missing for authentication and
     authorization at the REST interface.







Ticket#1028 phase2: TPS rewrite: provide externalReg functionality
2015-04-14T23:45:17+00:00

Christina Fu
cfu@redhat.com

2015-04-10T18:26:25+00:00

711d3ca66b6702a33839c3a436550464fa49d0d8

This patch is the 2nd phase of the externalReg feature, it makes the
following improvements:
* added feature: recovery by keyid (v.s. by cert)
* fixed some auditing message errors
* added some missing ldapStringAttributes needed for delegation to work
properly
* added missing externalReg required config parameters
* made corrections to some externalReg related parameters to allow
delegation to work properly
* added handle of some error cases
* made sure externalReg enrollment does not go half-way (once fails,
bails out)

tested:
* enrollment of the three default TPS profiles (tokenTypes)
* format of the tokens enrolled with the three default tps profiles
* delegation enrollments
* cuid match check

next phase:
* cert/key retention (allow preserving existing certs/keys on the token)

note:
* some of the activity log and cert status related issues that are not
specifically relating to externalReg will be addressed in other more
relevant tickets.





This patch is the 2nd phase of the externalReg feature, it makes the
following improvements:
* added feature: recovery by keyid (v.s. by cert)
* fixed some auditing message errors
* added some missing ldapStringAttributes needed for delegation to work
properly
* added missing externalReg required config parameters
* made corrections to some externalReg related parameters to allow
delegation to work properly
* added handle of some error cases
* made sure externalReg enrollment does not go half-way (once fails,
bails out)

tested:
* enrollment of the three default TPS profiles (tokenTypes)
* format of the tokens enrolled with the three default tps profiles
* delegation enrollments
* cuid match check

next phase:
* cert/key retention (allow preserving existing certs/keys on the token)

note:
* some of the activity log and cert status related issues that are not
specifically relating to externalReg will be addressed in other more
relevant tickets.







Add LDAPProfileSubsystem to store profiles in LDAP
2015-04-08T02:38:10+00:00

Fraser Tweedale
ftweedal@redhat.com

2014-07-17T04:24:06+00:00

4785f08b9fa14e2abd60533542d763bdea8082a0

Add the LDAPProfileSubsystem as another IProfileSubsystem
implementation that can be used instead of ProfileSubsystem (which
stores profiles on the file system) to store files in LDAP so that
changes can be replicated.

Extract common behaviour in to new AbstractProfileSubsystem
superclass.

Also address the minor issue #1220.





Add the LDAPProfileSubsystem as another IProfileSubsystem
implementation that can be used instead of ProfileSubsystem (which
stores profiles on the file system) to store files in LDAP so that
changes can be replicated.

Extract common behaviour in to new AbstractProfileSubsystem
superclass.

Also address the minor issue #1220.







Ticket#1028 Phase1:TPS rewrite: provide externalReg functionality
2015-02-10T22:51:49+00:00

Christina Fu
cfu@redhat.com

2015-01-30T18:36:45+00:00

91c77390474d67cfd0c15b8b3377997b3f0cd38a












Ticket #864 866 (part 1 symkey, common) NIST SP800-108 KDF
2014-12-19T19:17:34+00:00

Christina Fu
cfu@redhat.com

2014-12-02T22:38:08+00:00

4c910296a6c6c8bf74fbdace740680db2f1fecab

 - this patch does not include TPS side of changes:
   (#865 needs to be rewritten in Java)





 - this patch does not include TPS side of changes:
   (#865 needs to be rewritten in Java)







Added rangeUnit property to certificate profiles.
2014-12-15T16:57:07+00:00

Endi S. Dewata
edewata@redhat.com

2014-12-02T22:25:55+00:00

5d82ad42001875e28a48ba374d4a467c9ec91f5c

A new optional property has been added to certificate profiles to
specify the range unit. The default range unit is 'day'. The code
has been modified to use the Calendar API to calculate the end of
validity range based on the range unit.

https://fedorahosted.org/pki/ticket/1226





A new optional property has been added to certificate profiles to
specify the range unit. The default range unit is 'day'. The code
has been modified to use the Calendar API to calculate the end of
validity range based on the range unit.

https://fedorahosted.org/pki/ticket/1226







Generate asymmetric keys in the DRM.
2014-08-27T05:15:35+00:00

Abhishek Koneru
akoneru@redhat.com

2014-07-24T15:20:12+00:00

6444287caa2ad171086d0ce9d93761a897247e06

Adds methods to key client to generate asymmetric keys using
algorithms RSA and DSA for a valid key sizes of 512, 1024, 2048,4096.
The generated keys are archived in the database.
Using the CLI, the public key(base64 encoded) can be retrieved by using
the key-show command.
The private key(base64 encoded) can be retrieved using the key-retrieve
command.

Ticket #1023





Adds methods to key client to generate asymmetric keys using
algorithms RSA and DSA for a valid key sizes of 512, 1024, 2048,4096.
The generated keys are archived in the database.
Using the CLI, the public key(base64 encoded) can be retrieved by using
the key-show command.
The private key(base64 encoded) can be retrieved using the key-retrieve
command.

Ticket #1023







Remove ACL mapping to user from error messages
2014-07-28T22:04:54+00:00

Matthew Harmsen
mharmsen@redhat.com

2014-07-28T21:27:20+00:00

7883dc39b639b825e7b6aeb6cce75878fc1d3e63

- PKI TRAC Ticket #965 - Improve error message - remove ACL mapping to the user





- PKI TRAC Ticket #965 - Improve error message - remove ACL mapping to the user