| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
Change-Id: Ie05572677de0e8eb1244dc6caf2b4a48514a2542
|
| |
|
|
| |
Change-Id: Ib4586443f7e6f759d227975f9736cdd30b8f32e8
|
| |
|
|
| |
Change-Id: I407a7a13c4e428e01632536faa27583e7c6d577e
|
| |
|
|
| |
Change-Id: Iade8cb7fdf3c3f93afb13ff814da0f72dc8f8049
|
| |
|
|
| |
Change-Id: I3eb97554a1d0f4b86c981692ab0130b28c9c5288
|
| |
|
|
| |
Change-Id: I7fee37c8369945c6aedae78bd56063bc4488c0f7
|
| |
|
|
| |
Change-Id: Ic4a79b0c73812c7b89daca3c804e6a88c738536a
|
| |
|
|
| |
Change-Id: Id7845ebf2a14cebe25189a8363cee759030a16cb
|
| |
|
|
| |
Change-Id: I73b3a69ffc289ad6bf89eebaa2d95237df25551f
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
This resource (which will be accessed at /ca/rest/info)
will initially return the mechanism for archival.
This is needed by clients to know how to package secrets when
archiving. We may add the transport cert later.
Change-Id: Ib13d52344e38dc9b54c0d2a1645f1211dd84069b
|
| |
|
|
|
|
|
|
|
|
| |
This resource (which will be accessed at /kra/rest/info)
will initially return the mechanism for archival or retrieval.
This is needed by clients to know how to package secrets when
archiving.
Change-Id: I6990ebb9c9dafc4158e51ba61a30e773d1d953ec
|
| |
|
|
|
|
|
| |
A new pki-server <subsystem>-audit-file-verify CLI has been added
to verify audit log files on the server.
Change-Id: I88e827d45cfb83cf34052146e2ec678f4cd2345f
|
| |
|
|
|
|
|
| |
A new pki-server <subsystem>-audit-file-find CLI has been added
to list audit log files on the server.
Change-Id: I88e827d45cfb83cf34052146e2ec678f4cd2345f
|
| |
|
|
|
|
|
|
|
|
| |
A new function has been added to generate a random password that
meets FIPS requirements for a strong password. This function is
used to generate NSS database password during installation.
https://pagure.io/dogtagpki/issue/2556
Change-Id: I64dd36125ec968f6253f90835e6065325d720032
|
| |
|
|
|
|
|
| |
The MainCLI has been modified to generate a deprecation warning
for the -t option.
Change-Id: I28ac45954a900f6944528ef52913982d72896c92
|
| |
|
|
|
|
|
|
|
| |
The UserCLI and GroupCLI have been fixed to use the subsystem name
in the client configuration object if available.
https://pagure.io/dogtagpki/issue/2626
Change-Id: Ibf099cefe880a238468fad7fb2aabc9cc2d55c1f
|
| |
|
|
|
|
|
|
|
|
| |
To help troubleshooting the PKIConnection has been modified to
register an SSL socket listener which will display SSL alerts
that it has received or sent.
https://pagure.io/dogtagpki/issue/2625
Change-Id: I8f2e4f55a3d6bc8a7360f666c9b18e4c0d6c6d83
|
| |
|
|
|
|
|
| |
The pki_console_wrapper script has been fixed to load cascading
pki.conf properly and to set the logging configuration property.
Change-Id: Ie7b83f3c87bea133ee61d018457d7d4daf0fb757
|
| |
|
|
| |
Change-Id: Idb3871eaa76ce79d222e71caeaa6dd0289c63fad
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added code to:
* Add an InfoClient to the KRAClient
* Check the server, client and crypto provider keyset levels and
select the highest possible level accordingly.
* Added new fields as returned by the server for retrieval.
* Added new fields to KeyRecoveryRequest as added in AES changes.
Changes to decode keywrapped symmetirc and asymmetric keys will
be added in subsequent patches. Right now, encrypt/decrypt works.
Change-Id: Ifa7748d822c6b6f9a7c4afb395fb1388c587174d
|
| |
|
|
|
|
|
|
|
|
|
| |
The python-cryptography provider is added. It will use AES
mechanisms by default. The eventual goal is to use this
provider by default, and to obsolete the NSS CryptoProvider.
Added some methods to determine which crypto keyset levels are
supported by the crypto provider.
Change-Id: Ifd47f0de765a9f0d157e8be678d5d06437bda819
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The PKIServerSocketListener.alertReceived() has been fixed to
generate audit log when the SSL socket is closed by the client.
The log message has been modified to include the reason for the
termination.
https://pagure.io/dogtagpki/issue/2602
Change-Id: Ief2817f2b2b31cf6f60fae0ee4c55c17024f7988
|
| |
|
|
|
|
|
| |
New pki audit commands have been added to list and retrieve audit
log files.
Change-Id: I785fa6f55d9b143f513d9210ebf82d04e06eaed5
|
| | |
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| | |
This is needed to set the same environment as the pki CLI
and pick up any client specific changes.
Change-Id: I92b4df75f2e3ee5112499a1d138e7e649a1214fc
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add python client code to read from the InfoResource class and get
the server version. As the PKIConnection in the python client
currently requires a subsystem, it is difficult to add an infoclient
to an existing KRAClient (or any other client).
To get around this, I modified the PKIConnection to allow using the
rootURI.
Change-Id: Ided75f45f741e2ba3fc86acec715d24b829c8a97
|
| | | |
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is needed to set the same environment as the pki CLI
and pick up any client specific changes.
Change-Id: I92b4df75f2e3ee5112499a1d138e7e649a1214fc
|
| |\| |
| |/
|/| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add python client code to read from the InfoResource class and get
the server version. As the PKIConnection in the python client
currently requires a subsystem, it is difficult to add an infoclient
to an existing KRAClient (or any other client).
To get around this, I modified the PKIConnection to allow using the
rootURI.
Change-Id: Ided75f45f741e2ba3fc86acec715d24b829c8a97
|
| | |
| |
| |
| |
| |
| |
| | |
A new PKIRESTProvider has been added to send and receive
StreamingOutput object through REST API.
Change-Id: Iefc513aacb9fc26bc7c8c5cbfb4550a4a98da52e
|
| | |
| |
| |
| |
| |
| |
| | |
Previously the audit service and CLI were only available on TPS.
Now they have been added to all subsystems.
Change-Id: I3b472254641eb887289c5122df390c46ccd97d47
|
| |/ |
|
| |
|
|
|
|
|
| |
Most of the research out there seems to indicate that AES-128 is
more than sufficient for security. Use this as default.
Change-Id: Ie333282eacc5ce628c90296561e4cd6a76dcbd8e
|
| |
|
|
|
|
|
|
|
|
|
| |
Old CRMFPopClients add the OID for ECC public keys in the encryption
algorithm OID for no obvious reason (considering the OID was never
read on the server side to begin with).
Now that we do read and use that field, we need to set it properly,
and also special case on the server side to handle old clients.
Change-Id: I0d753e572206e9062746c879ce683978e5e657bd
|
| | |
|
| |
|
|
|
|
|
| |
The AuditCLI has been modified to create the AuditClient with lazy
initialization.
Change-Id: I61b08e92a2f2de983fc77513dde89e1d5e1254b9
|
| |
|
|
|
|
|
| |
All subclasses of PKIService have been modified to remove the
Context attribute since they have been declared in the base class.
Change-Id: Icdbe97efa2b910a579264099f817930c2cc2ed1a
|
| |
|
|
|
| |
Added 'pylint: disable=no-member' whenever module 're'
attempts to reference its 'MULTILINE' member.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
https://pagure.io/dogtagpki/issue/2627
Change-Id: I3111e78fc0afb63799e7bd707274ec7a9e8624ac
|
| |
|
|
|
|
| |
https://pagure.io/dogtagpki/issue/2627
Change-Id: Icd47be636c78224328438a8091c7c3bdd07c06bd
|
| |
|
|
|
|
|
|
|
|
| |
The top-level CLI commands have been modified to get the subsystem
name from the parent subsystem CLI if available, otherwise they
will use a hard-coded default value.
https://pagure.io/dogtagpki/issue/2626
Change-Id: Ieef45abfdfb4a6fc63fd06a6ccda4e70366de4a0
|
| |
|
|
| |
Change-Id: Ife9108019994b385fc452da0f29dee64d0ccc5d3
|
| |
|
|
| |
Change-Id: Ic2aa92985e8aee9b5405ad542c640ca67a0047c6
|
