pki.git/base/tps, branch master Unnamed repository; edit this file 'description' to name the repository. Consolidated log() for audit events. 2017-06-27T05:32:52+00:00 Endi S. Dewata edewata@redhat.com 2017-06-24T02:11:41+00:00 c297d987d29755452b192ae1306610733381771a Duplicate log() methods for audit events have been merged into the Logger class. https://pagure.io/dogtagpki/issue/2689 Change-Id: I7a5147ff3221a52a82e69f56faf2156c04256db2 
Duplicate log() methods for audit events have been merged into the
Logger class.

https://pagure.io/dogtagpki/issue/2689

Change-Id: I7a5147ff3221a52a82e69f56faf2156c04256db2
Refactored signed audit logger. 2017-06-23T22:04:03+00:00 Endi S. Dewata edewata@redhat.com 2017-06-20T22:48:39+00:00 db84bffad64dd4b9a9d684255794719ae13d677f Signed audit logger creation has been simplified into: Logger signedAuditLogger = SignedAuditLogger.getLogger(); The null checks on signed audit logger have been removed since it cannot be null. Audit messages can be logged as follows: signedAuditLogger.log(message); https://pagure.io/dogtagpki/issue/2689 Change-Id: I3bf781b0194a6cbb166f71751c098d1c2a3a657a 
Signed audit logger creation has been simplified into:

  Logger signedAuditLogger = SignedAuditLogger.getLogger();

The null checks on signed audit logger have been removed since
it cannot be null. Audit messages can be logged as follows:

  signedAuditLogger.log(message);

https://pagure.io/dogtagpki/issue/2689

Change-Id: I3bf781b0194a6cbb166f71751c098d1c2a3a657a
Resolve #1663 Add SCP03 support . 2017-06-02T23:34:56+00:00 Jack Magne jmagne@dhcp-16-206.sjc.redhat.com 2017-06-02T22:40:52+00:00 a614eb15476adb00df571d3ea05fdd8ea282141d This particular fix resolves a simple issue when formatting a token in FIPS mode for SCP03. 
This particular fix resolves a simple issue when formatting a token in FIPS mode for SCP03.
Non server keygen issue in SCP03. 2017-05-06T00:00:15+00:00 Jack Magne jmagne@dhcp-16-206.sjc.redhat.com 2017-05-05T18:44:17+00:00 f26b3aaee1cf36941f387b464b937ffee1403048 Ticket 1663 Add SCP03 support: https://pagure.io/dogtagpki/issue/1663 We discovered a minor issue when trying to log values that don't exist when performing the non server side keygen case. For instance , we don't need to generate a kek session key in this case, and we were trying to print info about it to the logs. This fix allows this case to work without issue. 
Ticket 1663 Add SCP03 support: https://pagure.io/dogtagpki/issue/1663

We discovered a minor issue when trying to log values that don't exist when performing the non server side keygen case. For instance , we don't need to generate a kek session key in this case, and we were trying to print info about it to the logs. This fix allows this case to work without issue.
SCP03 support for g&d sc 7 card. 2017-04-13T01:47:49+00:00 Jack Magne jmagne@dhcp-16-206.sjc.redhat.com 2017-03-24T22:56:17+00:00 164087b1fc302dd8b125cd52e9e55f54ea97e09d This allows the use of the g&d 7 card. This will require the following: 1. An out of band method is needed to generate an AES based master key. We do not as of yet have support with tkstool for this: Ex: /usr/lib64/nss/unsupported-tools/symkeyutil -d . -K -n new_master_aes -t aes -s 16 2. There are some new config params that can be adjusted to support either the 6.0 or 7.0 cards: Ex: tks.defKeySet._005=## tks.prot3 , protocol 3 specific settings tks.defKeySet._006=## divers= emv,visa2 : Values for the master key case, or > version one. tks.defKeySet._007=## diversVer1 = emv,visa2, or none. This is for developer or version one keyset tks.defKeySet._008=## devKeyType = DES3or AES. This is for the key type of developer or version one keys. tks.defKeySet._009=## masterKeyType = DES3 or AES. This is for the type of key for the master key. tks.defKeySet._010=## tks.defKeySet._011=## Only supports two tokens now: G&D Smart Cafe 6 and Smart Cafe 7, use these exact settings tks.defKeySet._013=## Smart Cafe 6 settings: tks.defKeySet._014=## tks.defKeySet.prot3.divers=emv tks.defKeySet._015=## tks.defKeySet.prot3.diversVer1Keys=emv tks.defKeySet._016=## tks.defKeySet.prot3.devKeyType=DES3 tks.defKeySet._017=## tks.defKeySet.prot3.masterKeyType=DES3 tks.defKeySet._018=##Smart Cafe 7 settings: tks.defKeySet._019=## tks.defKeySet.prot3.divers=none tks.defKeySet._020=## tks.defKeySet.prot3.diversVer1Keys=none tks.defKeySet._021=## tks.defKeySet.prot3.devKeyType=AES tks.defKeySet._022=## tks.defKeySet.prot3.masterKeyType=AES tks.defKeySet._023=## tks.defKeySet._024=## 
This allows the use of the g&d 7 card.
This will require the following:

1. An out of band method is needed to generate an AES based master key.
We do not as of yet have support with tkstool for this:

Ex:

/usr/lib64/nss/unsupported-tools/symkeyutil -d . -K -n new_master_aes -t aes -s 16

2. There are some new config params that can be adjusted to support either the 6.0 or 7.0 cards:

Ex:

tks.defKeySet._005=## tks.prot3   , protocol 3 specific settings
tks.defKeySet._006=## divers= emv,visa2 : Values for the master key case, or > version one.
tks.defKeySet._007=## diversVer1 = emv,visa2, or none. This is for developer or version one keyset
tks.defKeySet._008=## devKeyType = DES3or AES. This is for the key type of developer or version one keys.
tks.defKeySet._009=## masterKeyType = DES3 or AES. This is for the type of key for the master key.
tks.defKeySet._010=##
tks.defKeySet._011=## Only supports two tokens now: G&D Smart Cafe 6 and Smart Cafe 7, use these exact settings
tks.defKeySet._013=## Smart Cafe 6 settings:
tks.defKeySet._014=##    tks.defKeySet.prot3.divers=emv
tks.defKeySet._015=##    tks.defKeySet.prot3.diversVer1Keys=emv
tks.defKeySet._016=##    tks.defKeySet.prot3.devKeyType=DES3
tks.defKeySet._017=##    tks.defKeySet.prot3.masterKeyType=DES3
tks.defKeySet._018=##Smart Cafe 7 settings:
tks.defKeySet._019=##    tks.defKeySet.prot3.divers=none
tks.defKeySet._020=##    tks.defKeySet.prot3.diversVer1Keys=none
tks.defKeySet._021=##    tks.defKeySet.prot3.devKeyType=AES
tks.defKeySet._022=##    tks.defKeySet.prot3.masterKeyType=AES
tks.defKeySet._023=##
tks.defKeySet._024=##
Added methods to log AuditEvent object. 2017-04-13T00:35:13+00:00 Endi S. Dewata edewata@redhat.com 2017-04-12T23:45:37+00:00 92b68d7ab3f58ad80a545f550f0598de2c43da2c New audit(AuditEvent) methods have been added alongside the existing audit(String) methods. Change-Id: Ia02a7daa8b9e8693208fe34309d8d727cc32ce54 
New audit(AuditEvent) methods have been added alongside the
existing audit(String) methods.

Change-Id: Ia02a7daa8b9e8693208fe34309d8d727cc32ce54
Added audit event constants for TPS. 2017-04-12T14:22:13+00:00 Endi S. Dewata edewata@redhat.com 2017-04-12T00:28:31+00:00 e22d0e99aa33bccc3e4041f5ed501fedf0dcae49 Change-Id: Id7845ebf2a14cebe25189a8363cee759030a16cb 
Change-Id: Id7845ebf2a14cebe25189a8363cee759030a16cb
Added CLIs to access audit log files. 2017-04-04T20:07:54+00:00 Endi S. Dewata edewata@redhat.com 2017-03-28T19:02:22+00:00 88cd07655268831e14e7cd4f6f6a65e331f86583 New pki audit commands have been added to list and retrieve audit log files. Change-Id: I785fa6f55d9b143f513d9210ebf82d04e06eaed5 
New pki audit commands have been added to list and retrieve audit
log files.

Change-Id: I785fa6f55d9b143f513d9210ebf82d04e06eaed5
Added audit service and CLI to all subsystems. 2017-04-03T22:29:44+00:00 Endi S. Dewata edewata@redhat.com 2017-03-27T22:15:28+00:00 8e7653987bf592ae6a5968fc0c5ef6696f13d348 Previously the audit service and CLI were only available on TPS. Now they have been added to all subsystems. Change-Id: I3b472254641eb887289c5122df390c46ccd97d47 
Previously the audit service and CLI were only available on TPS.
Now they have been added to all subsystems.

Change-Id: I3b472254641eb887289c5122df390c46ccd97d47
Removed redundant Context attributes. 2017-03-31T17:31:26+00:00 Endi S. Dewata edewata@redhat.com 2017-03-31T17:23:43+00:00 7fc7d3e8844d4992db60a637370b8599bff5a282 All subclasses of PKIService have been modified to remove the Context attribute since they have been declared in the base class. Change-Id: Icdbe97efa2b910a579264099f817930c2cc2ed1a 
All subclasses of PKIService have been modified to remove the
Context attribute since they have been declared in the base class.

Change-Id: Icdbe97efa2b910a579264099f817930c2cc2ed1a