pki.git/base/tps/src, branch master Unnamed repository; edit this file 'description' to name the repository. Consolidated log() for audit events. 2017-06-27T05:32:52+00:00 Endi S. Dewata edewata@redhat.com 2017-06-24T02:11:41+00:00 c297d987d29755452b192ae1306610733381771a Duplicate log() methods for audit events have been merged into the Logger class. https://pagure.io/dogtagpki/issue/2689 Change-Id: I7a5147ff3221a52a82e69f56faf2156c04256db2 
Duplicate log() methods for audit events have been merged into the
Logger class.

https://pagure.io/dogtagpki/issue/2689

Change-Id: I7a5147ff3221a52a82e69f56faf2156c04256db2
Refactored signed audit logger. 2017-06-23T22:04:03+00:00 Endi S. Dewata edewata@redhat.com 2017-06-20T22:48:39+00:00 db84bffad64dd4b9a9d684255794719ae13d677f Signed audit logger creation has been simplified into: Logger signedAuditLogger = SignedAuditLogger.getLogger(); The null checks on signed audit logger have been removed since it cannot be null. Audit messages can be logged as follows: signedAuditLogger.log(message); https://pagure.io/dogtagpki/issue/2689 Change-Id: I3bf781b0194a6cbb166f71751c098d1c2a3a657a 
Signed audit logger creation has been simplified into:

  Logger signedAuditLogger = SignedAuditLogger.getLogger();

The null checks on signed audit logger have been removed since
it cannot be null. Audit messages can be logged as follows:

  signedAuditLogger.log(message);

https://pagure.io/dogtagpki/issue/2689

Change-Id: I3bf781b0194a6cbb166f71751c098d1c2a3a657a
Resolve #1663 Add SCP03 support . 2017-06-02T23:34:56+00:00 Jack Magne jmagne@dhcp-16-206.sjc.redhat.com 2017-06-02T22:40:52+00:00 a614eb15476adb00df571d3ea05fdd8ea282141d This particular fix resolves a simple issue when formatting a token in FIPS mode for SCP03. 
This particular fix resolves a simple issue when formatting a token in FIPS mode for SCP03.
Non server keygen issue in SCP03. 2017-05-06T00:00:15+00:00 Jack Magne jmagne@dhcp-16-206.sjc.redhat.com 2017-05-05T18:44:17+00:00 f26b3aaee1cf36941f387b464b937ffee1403048 Ticket 1663 Add SCP03 support: https://pagure.io/dogtagpki/issue/1663 We discovered a minor issue when trying to log values that don't exist when performing the non server side keygen case. For instance , we don't need to generate a kek session key in this case, and we were trying to print info about it to the logs. This fix allows this case to work without issue. 
Ticket 1663 Add SCP03 support: https://pagure.io/dogtagpki/issue/1663

We discovered a minor issue when trying to log values that don't exist when performing the non server side keygen case. For instance , we don't need to generate a kek session key in this case, and we were trying to print info about it to the logs. This fix allows this case to work without issue.
Added methods to log AuditEvent object. 2017-04-13T00:35:13+00:00 Endi S. Dewata edewata@redhat.com 2017-04-12T23:45:37+00:00 92b68d7ab3f58ad80a545f550f0598de2c43da2c New audit(AuditEvent) methods have been added alongside the existing audit(String) methods. Change-Id: Ia02a7daa8b9e8693208fe34309d8d727cc32ce54 
New audit(AuditEvent) methods have been added alongside the
existing audit(String) methods.

Change-Id: Ia02a7daa8b9e8693208fe34309d8d727cc32ce54
Added audit event constants for TPS. 2017-04-12T14:22:13+00:00 Endi S. Dewata edewata@redhat.com 2017-04-12T00:28:31+00:00 e22d0e99aa33bccc3e4041f5ed501fedf0dcae49 Change-Id: Id7845ebf2a14cebe25189a8363cee759030a16cb 
Change-Id: Id7845ebf2a14cebe25189a8363cee759030a16cb
Removed redundant Context attributes. 2017-03-31T17:31:26+00:00 Endi S. Dewata edewata@redhat.com 2017-03-31T17:23:43+00:00 7fc7d3e8844d4992db60a637370b8599bff5a282 All subclasses of PKIService have been modified to remove the Context attribute since they have been declared in the base class. Change-Id: Icdbe97efa2b910a579264099f817930c2cc2ed1a 
All subclasses of PKIService have been modified to remove the
Context attribute since they have been declared in the base class.

Change-Id: Icdbe97efa2b910a579264099f817930c2cc2ed1a
First cut of scp03 support. Supports the g&d smartcafe out of the box. 2017-03-14T22:25:34+00:00 Jack Magne jmagne@dhcp-16-206.sjc.redhat.com 2016-06-01T17:23:33+00:00 6d6b6f954a5bf6730d4b53875c7cc122eb3ab5eb Developer keyset token operations and key change over supported. Caveats. -The diversification step going from master key to card key uses DES3 as required for the token. -After that point, everything is scp03 to the spec with minor excpetions so far. Supports 128 bit AES for now. Will resolve this. Minor config tweaks: TPS Symmetric Key Changeover Use this applet for scp03: RSA/KeyRecovery/GP211/SCP02/SCP03 applet : 1.5.558cdcff.ijc TKS: Symmetric Key Changeover tks.mk_mappings.#02#03=internal:new_master tks.defKeySet.mk_mappings.#02#03=internal:new_master Use the uncommented one because scp03 returns a different key set data string. ToDo: -Support the rest of the AES sizes other than 128. -Support optional RMAC apdu. -Test and adjust the config capability for other tokens. -Support AES master key. Right now the standard key ends up creating AES card and session keys. 
Developer keyset token operations and key change over supported.

Caveats.

-The diversification step going from master key to card key uses DES3 as required for the token.
-After that point, everything is scp03 to the spec with minor excpetions so far.

Supports 128 bit AES for now. Will resolve this.

Minor config tweaks:

TPS

Symmetric Key Changeover

Use this applet for scp03:

RSA/KeyRecovery/GP211/SCP02/SCP03 applet : 1.5.558cdcff.ijc

TKS:

Symmetric Key Changeover

tks.mk_mappings.#02#03=internal:new_master

tks.defKeySet.mk_mappings.#02#03=internal:new_master

Use the uncommented one because scp03 returns a different key set data string.

ToDo:

-Support the rest of the AES sizes other than 128.
-Support optional RMAC apdu.
-Test and adjust the config capability for other tokens.
-Support AES master key. Right now the standard key ends up creating AES card and session keys.
Refactored PKIService class. 2017-02-15T22:26:19+00:00 Endi S. Dewata edewata@redhat.com 2017-01-30T21:32:15+00:00 a850db6a1dee8ce32513d7d1e6d4eeecac48e8d2 The subsystem-based methods and fields in PKIService class have been moved into a new SubsystemService class to allow creating more generic non-subsystem-based services. The classes that use these methods and fields have been updated accordingly. 
The subsystem-based methods and fields in PKIService class have
been moved into a new SubsystemService class to allow creating
more generic non-subsystem-based services.

The classes that use these methods and fields have been updated
accordingly.
Fixed inconsistent internal token detection. 2017-01-25T23:56:15+00:00 Endi S. Dewata edewata@redhat.com 2017-01-20T22:57:11+00:00 48cefdea31e62d49c8b728576d29e0f298141a04 The codes that detect internal token name have been modified to use CryptoUtil.isInternalToken() such that the comparison can be done consistently both in normal mode and FIPS mode. https://fedorahosted.org/pki/ticket/2556 
The codes that detect internal token name have been modified to
use CryptoUtil.isInternalToken() such that the comparison can be
done consistently both in normal mode and FIPS mode.

https://fedorahosted.org/pki/ticket/2556