pki.git/base/tks/shared, branch master Unnamed repository; edit this file 'description' to name the repository. Moved TokenServlet into pki-tks package. 2017-05-23T20:19:36+00:00 Endi S. Dewata edewata@redhat.com 2017-05-20T00:37:18+00:00 6dd0800d8bb24d9d2d3f9e377a90f641612c7c78 The TokenServlet has been moved into pki-tks package in order to use the JssSubsystem in pki-cmscore package. Some constants in SecureChannelProtocol have been made public so they can be accessed by the TokenServlet. https://pagure.io/dogtagpki/issue/2695 Change-Id: I5542e5dcf09c3d081a131af042d833203bcc086c 
The TokenServlet has been moved into pki-tks package in order to
use the JssSubsystem in pki-cmscore package.

Some constants in SecureChannelProtocol have been made public so
they can be accessed by the TokenServlet.

https://pagure.io/dogtagpki/issue/2695

Change-Id: I5542e5dcf09c3d081a131af042d833203bcc086c
SCP03 support for g&d sc 7 card. 2017-04-13T01:47:49+00:00 Jack Magne jmagne@dhcp-16-206.sjc.redhat.com 2017-03-24T22:56:17+00:00 164087b1fc302dd8b125cd52e9e55f54ea97e09d This allows the use of the g&d 7 card. This will require the following: 1. An out of band method is needed to generate an AES based master key. We do not as of yet have support with tkstool for this: Ex: /usr/lib64/nss/unsupported-tools/symkeyutil -d . -K -n new_master_aes -t aes -s 16 2. There are some new config params that can be adjusted to support either the 6.0 or 7.0 cards: Ex: tks.defKeySet._005=## tks.prot3 , protocol 3 specific settings tks.defKeySet._006=## divers= emv,visa2 : Values for the master key case, or > version one. tks.defKeySet._007=## diversVer1 = emv,visa2, or none. This is for developer or version one keyset tks.defKeySet._008=## devKeyType = DES3or AES. This is for the key type of developer or version one keys. tks.defKeySet._009=## masterKeyType = DES3 or AES. This is for the type of key for the master key. tks.defKeySet._010=## tks.defKeySet._011=## Only supports two tokens now: G&D Smart Cafe 6 and Smart Cafe 7, use these exact settings tks.defKeySet._013=## Smart Cafe 6 settings: tks.defKeySet._014=## tks.defKeySet.prot3.divers=emv tks.defKeySet._015=## tks.defKeySet.prot3.diversVer1Keys=emv tks.defKeySet._016=## tks.defKeySet.prot3.devKeyType=DES3 tks.defKeySet._017=## tks.defKeySet.prot3.masterKeyType=DES3 tks.defKeySet._018=##Smart Cafe 7 settings: tks.defKeySet._019=## tks.defKeySet.prot3.divers=none tks.defKeySet._020=## tks.defKeySet.prot3.diversVer1Keys=none tks.defKeySet._021=## tks.defKeySet.prot3.devKeyType=AES tks.defKeySet._022=## tks.defKeySet.prot3.masterKeyType=AES tks.defKeySet._023=## tks.defKeySet._024=## 
This allows the use of the g&d 7 card.
This will require the following:

1. An out of band method is needed to generate an AES based master key.
We do not as of yet have support with tkstool for this:

Ex:

/usr/lib64/nss/unsupported-tools/symkeyutil -d . -K -n new_master_aes -t aes -s 16

2. There are some new config params that can be adjusted to support either the 6.0 or 7.0 cards:

Ex:

tks.defKeySet._005=## tks.prot3   , protocol 3 specific settings
tks.defKeySet._006=## divers= emv,visa2 : Values for the master key case, or > version one.
tks.defKeySet._007=## diversVer1 = emv,visa2, or none. This is for developer or version one keyset
tks.defKeySet._008=## devKeyType = DES3or AES. This is for the key type of developer or version one keys.
tks.defKeySet._009=## masterKeyType = DES3 or AES. This is for the type of key for the master key.
tks.defKeySet._010=##
tks.defKeySet._011=## Only supports two tokens now: G&D Smart Cafe 6 and Smart Cafe 7, use these exact settings
tks.defKeySet._013=## Smart Cafe 6 settings:
tks.defKeySet._014=##    tks.defKeySet.prot3.divers=emv
tks.defKeySet._015=##    tks.defKeySet.prot3.diversVer1Keys=emv
tks.defKeySet._016=##    tks.defKeySet.prot3.devKeyType=DES3
tks.defKeySet._017=##    tks.defKeySet.prot3.masterKeyType=DES3
tks.defKeySet._018=##Smart Cafe 7 settings:
tks.defKeySet._019=##    tks.defKeySet.prot3.divers=none
tks.defKeySet._020=##    tks.defKeySet.prot3.diversVer1Keys=none
tks.defKeySet._021=##    tks.defKeySet.prot3.devKeyType=AES
tks.defKeySet._022=##    tks.defKeySet.prot3.masterKeyType=AES
tks.defKeySet._023=##
tks.defKeySet._024=##
Added CLIs to access audit log files. 2017-04-04T20:07:54+00:00 Endi S. Dewata edewata@redhat.com 2017-03-28T19:02:22+00:00 88cd07655268831e14e7cd4f6f6a65e331f86583 New pki audit commands have been added to list and retrieve audit log files. Change-Id: I785fa6f55d9b143f513d9210ebf82d04e06eaed5 
New pki audit commands have been added to list and retrieve audit
log files.

Change-Id: I785fa6f55d9b143f513d9210ebf82d04e06eaed5
Added audit service and CLI to all subsystems. 2017-04-03T22:29:44+00:00 Endi S. Dewata edewata@redhat.com 2017-03-27T22:15:28+00:00 8e7653987bf592ae6a5968fc0c5ef6696f13d348 Previously the audit service and CLI were only available on TPS. Now they have been added to all subsystems. Change-Id: I3b472254641eb887289c5122df390c46ccd97d47 
Previously the audit service and CLI were only available on TPS.
Now they have been added to all subsystems.

Change-Id: I3b472254641eb887289c5122df390c46ccd97d47
Added audit logs for SSL/TLS events. 2017-03-27T22:37:55+00:00 Endi S. Dewata edewata@redhat.com 2017-01-17T11:19:52+00:00 18412763e4ec09f4892c2a7b502d72ebfd9fec2a The CMSStartServlet has been modified to register an SSL socket listener called PKIServerSocketListener to TomcatJSS. The PKIServerSocketListener will receive the alerts generated by SSL server sockets and generate ACCESS_SESSION_* audit logs. The CS.cfg for all subsystems have been modified to include ACCESS_SESSION_* audit events. https://pagure.io/dogtagpki/issue/2602 Change-Id: If7fb6c1b096ec8c68d1fd08f9132baf099816f11 
The CMSStartServlet has been modified to register an SSL socket
listener called PKIServerSocketListener to TomcatJSS.

The PKIServerSocketListener will receive the alerts generated by
SSL server sockets and generate ACCESS_SESSION_* audit logs.

The CS.cfg for all subsystems have been modified to include
ACCESS_SESSION_* audit events.

https://pagure.io/dogtagpki/issue/2602

Change-Id: If7fb6c1b096ec8c68d1fd08f9132baf099816f11
Added access banner to TKS UI. 2017-02-24T16:58:31+00:00 Endi S. Dewata edewata@redhat.com 2017-02-21T15:33:51+00:00 ec0da23e5215f73c05a632da55b95acd52506a2b All pages in TKS UI have been modified to retrieve access banner and display it once at the beginning of the SSL connection. https://fedorahosted.org/pki/ticket/2582 
All pages in TKS UI have been modified to retrieve access banner
and display it once at the beginning of the SSL connection.

https://fedorahosted.org/pki/ticket/2582
Renamed index.html to index.jsp in TKS UI. 2017-02-20T16:06:24+00:00 Endi S. Dewata edewata@redhat.com 2017-02-20T16:06:24+00:00 530236ceef49fcea9c69c7784747d5ebe7ce8354 The index.html files in TKS UI have been renamed to index.jsp such that they can be protected by access banner. https://fedorahosted.org/pki/ticket/2582 
The index.html files in TKS UI have been renamed to index.jsp such
that they can be protected by access banner.

https://fedorahosted.org/pki/ticket/2582
Removed unused OCSP, TKS, and TPS logging.properties. 2016-11-18T01:40:33+00:00 Endi S. Dewata edewata@redhat.com 2016-11-18T01:36:55+00:00 3d1b89070c252668352be34c1ed98aaa2e4ee199 The logging.properties files in OCSP, TKS, and TPS folders are never deployed so they have been removed. https://fedorahosted.org/pki/ticket/1897 
The logging.properties files in OCSP, TKS, and TPS folders are
never deployed so they have been removed.

https://fedorahosted.org/pki/ticket/1897
UdnPwdDirAuth authentication plugin instance is not working. 2016-06-17T21:45:40+00:00 Jack Magne jmagne@dhcp-16-206.sjc.redhat.com 2016-06-07T23:39:40+00:00 b32aae9f0923e0d9fb4da12b45f478552fb53676 Ticket #1579 : UdnPwdDirAuth authentication plugin instance is not working. Since this class no longer works, we felt it best to just remove it from the server. This patch removes the references and files associated with this auth method. 
Ticket #1579 : UdnPwdDirAuth authentication plugin instance is not working.

Since this class no longer works, we felt it best to just remove it from the server.

This patch removes the references and files associated with this auth method.
Removed unused Tomcat 6 files. 2016-06-17T18:18:58+00:00 Endi S. Dewata edewata@redhat.com 2016-06-16T20:35:20+00:00 502e9ee5eb52bda8cb5bdf4ac4ef1d32dbded98f https://fedorahosted.org/pki/ticket/2363 
https://fedorahosted.org/pki/ticket/2363