| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Make sure the new TPS packages all the applet files, like the old TPS has done.
2. Create a small new package called "pki-tps-client", which will hold ONLY the
command line utility "tpsclient" and all of its supporting libraries.
3. Move the directory pki/base/tps to pki/base/tps-client
We will do this until we can rewrite "tpclien" on the new Java TPS system.
Add package pki-tps-client.
|
|
|
|
| |
* PKI TRAC Ticket #567 - ui needs to be scrubbed for missing images
|
| |
|
|
|
|
|
| |
As per review, modified to return CertEnrollmentResult objects.
Ticket 1109
|
|
|
|
|
|
|
|
| |
The missing token policy attribute has been added to token database. The
REST services, CLI, and UI have been fixed accordingly. Other missing
attributes in tokenRecord object class are unused.
Ticket #1085
|
|
|
|
| |
- PKI TRAC Ticket #555 - Other ways to specify CLI password
|
|
|
|
|
|
|
| |
The new command allows users to view the information about
kra connectors registered with the CA.
Ticket #479
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch implements server side keygen when so configured in the CS.cfg.
1. In this case, the encryption cert's private key is generated on the KRA and archived by the KRA.
2. The private key is then injected onto the token.
3. This will allows us to later implement certificate recovery.
4. Fixed some minor issues discovered with the code that interfaces with the TKS and DRM.
5. Final certificate tested to work with Relyea's "SmartCard" utility to perform legal crypto operations.
Minor change.
|
| |
|
| |
|
| |
|
|
|
|
| |
Some formatting, uninitialized variables.
|
|
|
|
|
|
|
|
| |
Current pkidestroy fails to remove a system that has been configured to
use proxy ports because the wrong ports are passed into the
updateDomainXML servlet. This small patch fixes this problem.
Ticket #1095
|
| |
|
|
|
|
|
| |
* PKI TRAC Ticket #905 - 2 Step Configuration of CA instance using
pkispawn fails
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
other topologies.
|
|
|
|
|
|
|
|
|
|
| |
Updated man page for all the new CLI commands added
for the Key and KeyRequest resources.
Also added missing code to retrieve a secret wrapped in a
user specified passphrase.
Ticket #945
|
|
|
|
| |
- PKI TRAC Ticket #965 - Improve error message - remove ACL mapping to the user
|
|
|
|
|
|
|
|
|
| |
1. Created code to actually change the key over to a new key set.
2. Made calls to the code from the format and enrollment operations,
the Pin Reset processor will do so when completed.
3. Tested with real card. Was able to change to key set #2 and then back to stock
Ticket #878.
|
|
|
|
|
|
|
| |
switching between ESC and tpsclient needs to change CS.cfg param
value and restart TPS. This fix makes the issue go away.
The actual issue is the differences between "loginRequest" and
"extendedLoginRequeest".
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following features implemented for enrollment.
1. Standard enrollment of a list of RSA certificates.
2. Certificates are only done with token side keygen.
3. Minimual enrollment based pin reset functionality implemented to create
a pin for the enrolled token.
4. Much work done to the PKCS11 object code, which allows us to write the
compressed object blob to the token, allowing coolkey to access it and use
the certs and keys on the token.
5. Tested with Bob Relyea's "smartcard" utility to prove that signing and encryption
operations worked as expected.
6. Some work done to get authentication working with esc.
7. Added stub for stand alone Pin Reset processor.
8. CFU review fixes.
|
| |
|
|
|
|
|
| |
- PKI TRAC Ticket #992 - pki cert-request-profile-find doesn't display list
of profiles by default
|
| |
|
| |
|
|
|
|
| |
Reordering the cases in pki-cert-cli-request-profile-find-ca.sh
|
|
|
|
|
| |
Added Track ticket 1072 to failed tests 0124 and
0125 in pki cert-find automation script
|
|
|
|
| |
Re-added pki cert-find in Makefile and runtest
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the ability to create a subsystem that uses
an existing subtree to create the internal basedn. This is useful
for instance, for IPA which will use the original o=ipaca as the
top level DN for a KRA, which will be situated at o=ipadrm, o=ipaca.
The patch also allows such a system to be cloned, but not to setup the
replication agreements, on the assumption that the data is already being
replicated at the top-level DN or some higher level.
The patch also contains some minor cleanups - removing unused imports and
removal of an invalid reference in the python code.
Ticket 1051
|
|
|
|
|
|
| |
- Bugzilla Bug #1120045 - pki-core: Switch to java-headless (build)requires --
drop dependency on java-atk-wrapper
- Removed 'java-atk-wrapper' dependency from 'pki-server'
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replaced the usage of python property feature with a dict
for attribute name conversion.
Fixed an issue caused to traversing the NOTYPES dict in
encoder.py to find the instance of an object. The traversal
causes an issue in the presence of subclassing.
Modified method attr_name_conversion to return a new dictionary with
modified attribute names rather than making changes to the object's
__dict__.
|
| |
|
|
|
|
|
| |
ca-user-membership-add, ca-user-membership-del
and ca-user-membership-find
|
|
|
|
| |
respective changes to Makefile and runtest.sh
|
|
|
|
|
|
|
|
| |
The REST service has been modified to return additional attributes
for transport certificate including serial number, issuer DN,
subject DN, and resource link.
Ticket #1065
|
|
|
|
|
|
|
|
|
|
| |
The REST service and client library have been fixed to use the correct
delimiters for transport certificate.
The REST service was also modified to insert a new line between the
header and the certificate data.
Ticket #1063
|
|
|
|
| |
group-find, group-member-add
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To simplify the usage, the SystemCertClient.get_transport_cert()
has been modified to parse and decode the PEM certificate in
CertData object, store the DER certificate back into the object,
and return the CertData object to the client. This way the client
will have access to the certificate attributes and both PEM and
DER certificates.
The PKIService.sendConditionalGetResponse() has been fixed to use
the requested format. This is needed to display the transport
certificate properly in the browser.
Ticket #1062
|
| |
|
|
|
|
|
|
|
|
|
| |
Modified submit_new_request to do substring match
of profile names, because we want to users to pass new
profile names.
Add new function generate_cert_request_xml which retrieves
the xml template of the profile and fills with the data provided
|
|
|
|
|
|
| |
Add new file shared/pki-profile-lib.sh
currently it adds new profiles based on Netscape
certificate extensions
|