| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
The CertUtil.updateLocalRequest() has been modified to no longer
ignore exceptions.
Change-Id: I57907a54f51f65369a062dfc396741d87874660c
|
|
|
|
|
|
|
|
|
|
|
| |
The code that sets the certificate request extra data has been
moved into CertUtil.createLocalRequest().
The incorrect profile ID in subsystemCert.profile has been fixed.
https://pagure.io/dogtagpki/issue/2280
Change-Id: Ic76ac3dfcbf0c4ab95abea0680697d87f00f292b
|
|
|
|
|
|
|
|
|
| |
The code for creating and importing local cert into NSS database
has been moved into ConfigurationUtils.handleLocalCert().
https://pagure.io/dogtagpki/issue/2280
Change-Id: Idac7bc3e08e95f94fe50c417898ef12b2288d17c
|
|
|
|
|
|
|
|
|
| |
The code for importing external cert into NSS database has been
moved into CertUtil.importExternalCert().
https://pagure.io/dogtagpki/issue/2280
Change-Id: Icb347943fc432ad97105229c14768822b070d99f
|
|
|
|
|
|
|
|
|
| |
The code for importing certificate into NSS database has been
moved into CertUtil.importCert().
https://pagure.io/dogtagpki/issue/2280
Change-Id: I6a7a01b9170a5c0e9973ab1d5a7484349765dc5e
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following methods have been moved into CertUtil for clarity:
* ConfigurationUtils.findCertificate()
* ConfigurationUtils.findBootstrapServerCert()
* ConfigurationUtils.deleteCert()
* ConfigurationUtils.deleteBootstrapServerCert()
https://pagure.io/dogtagpki/issue/2280
Change-Id: I860cacd3dd34144ce92c674e9ff08cb46ee2194b
|
|
|
|
|
|
|
|
|
| |
Unused methods and variables related to CertUtil.createLocalCert()
have been removed for clarity.
https://pagure.io/dogtagpki/issue/2280
Change-Id: If71e909f05b7e51288c444d67cbbba7fce2cfd81
|
|
|
|
|
|
|
|
|
| |
The code in CertUtil.createLocalCert() has been reformatted
for clarity.
https://pagure.io/dogtagpki/issue/2280
Change-Id: I9fd18fac7313a0c41cf6e061ae7608722cf76894
|
|
|
|
|
|
|
|
|
|
| |
The error handling in CertUtil.createLocalCert() has been modified
such that errors are no longer ignored. The changes also guarantee
that some variable cannot be null, so the code can be simplified.
https://pagure.io/dogtagpki/issue/2280
Change-Id: I9f1961d538cdbba99c8e3474ba3c601eb8416baf
|
|
|
|
|
|
| |
Ticket #2764.
This relatively simple fix involves making sure the correct crypto token is being used to search for the master key int the case of symmetric key changover where the master key resides on an HSM.
|
|
|
|
|
|
|
|
|
| |
Some code in ConfigurationUtils.configCert() has been moved into
a new configRemoteCert() for clarity.
https://pagure.io/dogtagpki/issue/2280
Change-Id: Ie0b04f8c2445ee088782ed10391a250f45a6bebf
|
|
|
|
|
|
|
|
|
| |
Some code in ConfigurationUtils.configCert() has been moved into
a new configLocalCert() for clarity.
https://pagure.io/dogtagpki/issue/2280
Change-Id: I3473aa5f1a1d64b3714257d3fc285660ac1d955a
|
|
|
|
|
|
|
|
|
|
| |
The audit events classes have been modified to inherit from
SignedAuditEvent class since AuditEvent class is actually used
for transaction log.
https://pagure.io/dogtagpki/issue/2689
Change-Id: If41c99c1d165075d330033d44799145c784c2905
|
|
|
|
|
|
|
|
|
| |
To help troubleshooting the error message on invalid log type has
been modified to include the invalid value.
https://pagure.io/dogtagpki/issue/2689
Change-Id: Ie245bd9e3a3925979af4708fa911697a9746e54b
|
|
|
|
|
|
|
|
|
| |
Duplicate log() methods for audit events have been merged into the
Logger class.
https://pagure.io/dogtagpki/issue/2689
Change-Id: I7a5147ff3221a52a82e69f56faf2156c04256db2
|
|
|
|
|
|
|
|
|
| |
A new LogEvent class has been added as the base for all log events.
Common fields and methods have been moved into the base class.
https://pagure.io/dogtagpki/issue/2689
Change-Id: I775556edf367b972ad56b35f4b4ea025a72e962f
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the --cert option has not been implemented for
`pki-server subsystem-cert-update` command. The --cert takes
certificate name that needs to be added to the NSS database
and replaces the existing certificate (if exists) in the
database
https://pagure.io/dogtagpki/issue/2756
Change-Id: If8be9edd55a673230f86e213fc803be365e55a92
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Signed audit logger creation has been simplified into:
Logger signedAuditLogger = SignedAuditLogger.getLogger();
The null checks on signed audit logger have been removed since
it cannot be null. Audit messages can be logged as follows:
signedAuditLogger.log(message);
https://pagure.io/dogtagpki/issue/2689
Change-Id: I3bf781b0194a6cbb166f71751c098d1c2a3a657a
|
|
|
|
|
|
|
|
|
| |
The Logger class has been modified to provide a way to specify
the default log level.
https://pagure.io/dogtagpki/issue/2689
Change-Id: Iaab5d95b7dfa1bfa814c7270259e01e019a33678
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch contains the following update:
* Structurely, CMCStatusInfo to CMCStatusInfoV2 update; no extendedFailInfo has been added at this point
* In case of EncryptedPOP, instead of returning with CMCStatus pending where
PendInfo contains the requestID, it now returns CMCStatus failed whith
responseInfo control contains the requestID. On the client side, CMCRequest
now processes the responseInfo and returns the DecryptedPOP with requestID in
the regInfo control. CMCResponse has been updated to handle the new controls
as well.
* A number of fail info codes are now being supported by the server to add
clarity to CMC failed status, including:
badMessageCheck, badRequest, unsuportedExt, badIdentity, popRequired, and popFailed.
|
|
|
|
|
|
|
|
|
| |
Some Logger classes have been moved into com.netscape.cms.logging
due to dependency requirements in subsequent changes.
https://pagure.io/dogtagpki/issue/2689
Change-Id: I1e8ec247764d344647a519618a7523c51799f3de
|
|
|
|
|
|
|
|
|
| |
To help troubleshoot build issues the CMake script for pki-cms.jar
has been modified to run after building the client tools.
https://pagure.io/dogtagpki/issue/2689
Change-Id: Icf1aea2a14d9502a6ab791331fcfe49d7ecdab21
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The Logger class has been modified to provide an interface to
create a Logger instance that stores the log category and log
source.
https://pagure.io/dogtagpki/issue/2689
Change-Id: I1dadcdf35af0f0a17e02328c73ef6d95ca691e7f
|
|
|
|
|
|
|
|
|
|
| |
A new LogFactory base class has been added to store the
common fields and methods of the classes implementing
ILogEventFactory interface.
https://pagure.io/dogtagpki/issue/2689
Change-Id: Ife683856e769bd95f22e0fc06e8b65853c3708a2
|
|
|
|
|
|
|
|
|
| |
A LogSource enumeration has been added to replace the integer
log source in the Logger class.
https://pagure.io/dogtagpki/issue/2689
Change-Id: I6f69219fbbfa00d83f26a32174c75ff2782eb6af
|
|
|
|
|
|
|
|
|
| |
A LogCategory enumeration has been added to replace the integer
log category in the Logger class.
https://pagure.io/dogtagpki/issue/2689
Change-Id: Ic92e64c3abdf859841eaf1006afc61bbf573086d
|
|
|
|
|
|
|
|
|
|
|
|
| |
The LogQueue class has been refactored such that the list of
listeners is never null.
The Logger class has been modified to get the LogQueue singleton
directly instead of through LogSubsystem.
https://pagure.io/dogtagpki/issue/2689
Change-Id: Id5d3c132215014a238fc5ecd5f80d60d687e3dd9
|
|
|
|
|
|
|
|
|
| |
To help troubleshoot build issues the CMake script for javadoc has
been modified to run after building all Java packages.
https://pagure.io/dogtagpki/issue/2689
Change-Id: I5ca681880d72688b49f73eeb242182b6707bec50
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Travis CI is configured to build dogtag RPMs, test CA and KRA and
finally do a smoke test with stable FreeIPA. Smoke test runs cert
related tests:
- test_caacl_plugin
- test_caacl_profile_enforcement
- test_cert_plugin
- test_certprofile_plugin
- test_vault_plugin
https://pagure.io/dogtagpki/issue/2743
Change-Id: I894133f585772673932d1e8d8420c5c4c5ed6b7e
|
|
|
|
|
|
|
|
|
| |
Some OCSP-related classes have been modified to detect errors and
handle exceptions properly.
https://pagure.io/dogtagpki/issue/2652
Change-Id: Ifd054c47d04ff106120df2d7f3705366c7de9da9
|
|
|
|
|
|
|
|
|
| |
Some log messages have been added into OCSP-related classes for
clarity.
https://pagure.io/dogtagpki/issue/2652
Change-Id: I7eda806a3103ac235a5d3e073db8c60a9b3d482d
|
|
|
|
|
|
|
|
|
|
| |
In encryption mode, the archival of the geenrated key uses the
wrapIV, while the recovery uses the encryptIV. To make sure
these are consistent, they need to be set to be the same.
Bugzilla BZ #1458043
Change-Id: I1ecece74bd6e486c0f37b5e1df4929744fac262b
|
|
|
|
|
|
|
|
|
|
| |
A new pki ca-cert-status CLI has been added to check certificate
validity using OCSP. By default the CLI will use the CA's
internal OCSP service.
https://pagure.io/dogtagpki/issue/2652
Change-Id: I0fe3b2f1ca8c7979f9e5fa6d048be2c9883a875d
|
|
|
|
|
|
|
|
|
|
| |
The pki ca-authority-find CLI has been modified to provide search
filter based on the authority ID, parent ID, authority DN, and
issuer DN.
https://pagure.io/dogtagpki/issue/2652
Change-Id: I563a0b93eb7a00ae4771069812455ecc552f407c
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some pki-server CLIs have been added to inspect and validate the
content of the banner file.
The PKI server startup script has been modified to validate the
content of the banner file using the new CLI.
https://pagure.io/dogtagpki/issue/2671
Change-Id: Ibc51afee184d0a720cc0d2961af08ef75d2b54c4
|
|
|
|
|
|
|
|
|
|
|
|
| |
A previous commit mistakenly conflated the wrapping parameters for
DES and DES3 cases, resulting in incorrect data being stored if the
storage was successful at all. This broke ipa vault and probably
also token key archival and recovery.
This patch sets the right parameters for the 3DES case again.
Part of BZ# 1458043
Change-Id: Iae884715a0f510a4d492d64fac3d82cb8100deb4
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 633c7c6519c925af7e3700adff29961d72435c7f changed the PKCS #12
file handing to never deal with raw private key material.
PKCS12Util.addKeyBag() was changed to export the PrivateKey handle,
or fail. This change missed this case where a PKCS #12 file is
loaded from file, possibly modified, then written back to a file,
without involving an NSSDB. One example is pkcs12-cert-del which
deletes a certificate and associated key from a PKCS #12 file.
Fix the PKCS12Util.addKeyBag() method to use the stored
EncryptedPricateKeyInfo if available, otherwise export the
PrivateKey handle.
Fixes: https://pagure.io/dogtagpki/issue/2741
Change-Id: Ib8098126bc5a79b5dae19103e25b270e2f10ab5a
|
|
|
|
|
| |
This patch adds enforcement in CMCUserSignedAuth to make sure SSL client authentication is performed and the authenticated cert matches that of the CMC signing cert.
Some auditing adjustments are also done.
|
|
|
|
|
|
|
|
|
| |
The OCSPProcessor has been modified to provide a default URL for
all requests submitted using the processor.
https://pagure.io/dogtagpki/issue/2652
Change-Id: I0175947d7d6a6a0284837e0d0464b139a5802444
|
|
|
|
|
|
|
|
|
| |
The pki ca-cert-find and ca-cert-show output has been modified for
consistency.
https://pagure.io/dogtagpki/issue/2652
Change-Id: Ieb3550f7c18904ef26bc9a31529e2fa9a87de519
|
|
|
|
|
|
|
|
|
|
| |
The LogFile has been modified to set up log signing during its
initialization to ensure the signing works properly during log
rotation.
https://pagure.io/dogtagpki/issue/2561
Change-Id: I69d54a359ebe74557ca9b12ea7582f712fb31949
|
|
|
|
|
|
|
|
|
|
| |
The AuditVerify has been modified to find the first signature
properly and start the signature verification only after finding
the first signature.
https://pagure.io/dogtagpki/issue/2634
Change-Id: Ic35fc88e75173e65d8786bf7b62407fce0952f3e
|
|
|
|
|
|
|
|
|
|
|
|
| |
The code that reads the access banner from file has been modified
to explicitly use UTF-8 encoding.
The Info class and the PKI UI have been modified not to encode the
access banner in Base64 since it is not necessary.
https://pagure.io/dogtagpki/issue/2671
Change-Id: I5f41a8ebac0bc91623b27f14608bca294bc9bc38
|
|
|
|
|
|
|
|
|
|
| |
The Info service and client have been modified to transmit access
banner in Base64-encoded form. The PKI UI has been modified to
decode the access banner properly.
https://pagure.io/dogtagpki/issue/2671
Change-Id: Ic8526bac4c4d6b99e627aced64ab24cf675f5d50
|
|
|
|
|
|
|
|
|
|
| |
The PKIService has been modified to trim whitespaces in access
banner before returning the value to the client. The clients
have been modified to no longer trim the banner.
https://pagure.io/dogtagpki/issue/2671
Change-Id: I51c5e78d11c89c711e369328def27bb352aa49e6
|
|
|
|
|
|
|
|
|
|
| |
The DefaultParser used in PKI console has been replaced with
PosixParser for backward compatibility with Commons CLI 1.2
on RHEL.
https://pagure.io/dogtagpki/issue/2671
Change-Id: Ie36bfd4cbd83818cfc06f6a3f69e02214cff0db2
|
|
|
|
|
|
|
|
|
| |
The PKI console has been modified to provide a verbose option to
help troubleshooting.
https://pagure.io/dogtagpki/issue/2671
Change-Id: Ib231a278a8d000bdbe43513149331bb0ea1f2752
|