summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Temp SSL Certificate Creation - Offline System Certificate RenewalHEADmasterDinesh Prasanth M K2017-07-132-53/+443
| | | | | | | | | | | | `pki-server subsystem-cert-renew` can be used to generate a temporary SSL cert (Signed by CA) and replace the expired SSL cert in NSS DB. This helps to bring up the PKI server temporarily. The online System Certificate renewal procedure can then be used without backdating the system to update other system certificates. Ticket: https://pagure.io/dogtagpki/issue/2776 Change-Id: I411586e70f80029b76890e24425331d657ac71e9
* Refactored server restart code.Endi S. Dewata2017-07-112-21/+28
| | | | | | | | | The code that restarts the server at the end of installation has been moved into configuration.py to allow further enhancements. https://pagure.io/dogtagpki/issue/2280 Change-Id: I1de49ab9e7ec9f86dd1adfd945e6162948fd445a
* Refactored ConfigClient.configure_pki_data().Endi S. Dewata2017-07-112-96/+107
| | | | | | | | | | | | | The ConfigClient.configure_pki_data() has been modified to return the server response to the caller to allow more flexibility in processing the configuration result. The code that handles system certificate requests generated by the server has been moved into configuration.py. https://pagure.io/dogtagpki/issue/2280 Change-Id: Id902fcc10fbdcb270e3b00e219c3356d1319bde1
* Fixed CertUtil.updateLocalRequest().Endi S. Dewata2017-07-111-2/+7
| | | | | | | | | | The CertUtil.updateLocalRequest() has been modified to return silently if the certificate does not have a corresponding request record. https://pagure.io/dogtagpki/issue/2280 Change-Id: I0d225a6db84d2d719091dbd84ee76b73bfb4408c
* Merge pull request #5 from amolkahat/type_fixEndi S. Dewata2017-07-101-1/+1
|\ | | | | Fixed typo in pki-server db command
| * Fixed typo in pki-server db commandAmol Kahat2017-07-031-1/+1
| |
* | Refactored SystemConfigService.processCert().Endi S. Dewata2017-07-081-19/+18
| | | | | | | | | | | | | | | | | | The code in SystemConfigService.processCert() that handles external cert has been reorganized for clarity. https://pagure.io/dogtagpki/issue/2280 Change-Id: Ia1800cc6560dce1757959bea9e352a2e6d30307e
* | Refactored SystemConfigService.processKeyPair().Endi S. Dewata2017-07-082-45/+59
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The code in SystemConfigService.processCert() that loads or generates key pair has been moved into processKeyPair(). The code that sets key pair properties in createECCKeyPair() and createRSAKeyPair() has been replaced with storeKeyPair(). The processCert() has been modified to return a Cert object. Some debug messages have been added for clarity. https://pagure.io/dogtagpki/issue/2280 Change-Id: Ica16c7ce4f33fb23df2813a8b65d66fc2d4ea198
* | Fixed error message in SystemConfigService.processCerts().Endi S. Dewata2017-07-081-77/+60
| | | | | | | | | | | | | | | | | | | | The exception handler in SystemConfigService.processCerts() has been removed since it's redundant and generates misleading error message. https://pagure.io/dogtagpki/issue/2280 Change-Id: I3aa4f0414519a7cd2c53481663f4880c5c1dafd0
* | Refactored ConfigurationUtils.updateCloneConfig().Endi S. Dewata2017-07-085-29/+55
| | | | | | | | | | | | | | | | | | The ConfigurationUtils.updateCloneConfig() invocation has been modified such that it will only be executed once. https://pagure.io/dogtagpki/issue/2280 Change-Id: I1d42acb8cf7c7ffedcd109fcd5252a03fb9622e7
* | Refactored ConfigurationUtils.updateServerCertNickConf().Endi S. Dewata2017-07-082-13/+25
| | | | | | | | | | | | | | | | | | | | The code that updates serverCertNick.conf has been moved into ConfigurationUtils.updateServerCertNickConf() and will only be executed once. https://pagure.io/dogtagpki/issue/2280 Change-Id: Iaae4429724ece683939aea8defe6fceeca237c4b
* | Ticket #2757 CMC enrollment profiles for system certificatesChristina Fu2017-07-0716-11/+872
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch supports CMC-based system certificate requests. This patch contains the following: * The code in CMCAuth (agent-based) to check ssl client auth cert against the CMC signing cert * The cmc-based system enrollment profiles: caCMCauditSigningCert.cfg caCMCcaCert.cfg caCMCkraStorageCert.cfg caCMCkraTransportCert.cfg caCMCocspCert.cfg caCMCserverCert.cfg caCMCsubsystemCert.cfg * new URI's in web.xml as new access points Usage example can be found here: http://pki.fedoraproject.org/wiki/PKI_10.4_CMC_Feature_Update_(RFC5272)#Examples_.28System_Certificates.29
* | Ticket #2779 cmc plugin default changeChristina Fu2017-07-071-2/+2
| |
* | Refactored CertUtil.updateLocalRequest().Endi S. Dewata2017-07-071-27/+32
| | | | | | | | | | | | | | The CertUtil.updateLocalRequest() has been modified to no longer ignore exceptions. Change-Id: I57907a54f51f65369a062dfc396741d87874660c
* | Refactored CertUtil.createLocalRequest().Endi S. Dewata2017-07-072-48/+63
| | | | | | | | | | | | | | | | | | | | | | The code that sets the certificate request extra data has been moved into CertUtil.createLocalRequest(). The incorrect profile ID in subsystemCert.profile has been fixed. https://pagure.io/dogtagpki/issue/2280 Change-Id: Ic76ac3dfcbf0c4ab95abea0680697d87f00f292b
* | Refactored ConfigurationUtils.handleLocalCert().Endi S. Dewata2017-07-072-48/+51
| | | | | | | | | | | | | | | | | | The code for creating and importing local cert into NSS database has been moved into ConfigurationUtils.handleLocalCert(). https://pagure.io/dogtagpki/issue/2280 Change-Id: Idac7bc3e08e95f94fe50c417898ef12b2288d17c
* | Refactored CertUtil.importExternalCert().Endi S. Dewata2017-07-053-94/+101
| | | | | | | | | | | | | | | | | | The code for importing external cert into NSS database has been moved into CertUtil.importExternalCert(). https://pagure.io/dogtagpki/issue/2280 Change-Id: Icb347943fc432ad97105229c14768822b070d99f
* | Refactored CertUtil.importCert().Endi S. Dewata2017-07-053-29/+37
| | | | | | | | | | | | | | | | | | The code for importing certificate into NSS database has been moved into CertUtil.importCert(). https://pagure.io/dogtagpki/issue/2280 Change-Id: I6a7a01b9170a5c0e9973ab1d5a7484349765dc5e
* | Moved cert management methods into CertUtil.Endi S. Dewata2017-07-052-104/+116
|/ | | | | | | | | | | | The following methods have been moved into CertUtil for clarity: * ConfigurationUtils.findCertificate() * ConfigurationUtils.findBootstrapServerCert() * ConfigurationUtils.deleteCert() * ConfigurationUtils.deleteBootstrapServerCert() https://pagure.io/dogtagpki/issue/2280 Change-Id: I860cacd3dd34144ce92c674e9ff08cb46ee2194b
* Refactored CertUtil.createLocalCert() (part 3).Endi S. Dewata2017-07-012-48/+17
| | | | | | | | | Unused methods and variables related to CertUtil.createLocalCert() have been removed for clarity. https://pagure.io/dogtagpki/issue/2280 Change-Id: If71e909f05b7e51288c444d67cbbba7fce2cfd81
* Refactored CertUtil.createLocalCert() (part 2).Endi S. Dewata2017-07-011-144/+140
| | | | | | | | | The code in CertUtil.createLocalCert() has been reformatted for clarity. https://pagure.io/dogtagpki/issue/2280 Change-Id: I9fd18fac7313a0c41cf6e061ae7608722cf76894
* Refactored CertUtil.createLocalCert() (part 1).Endi S. Dewata2017-07-011-62/+10
| | | | | | | | | | The error handling in CertUtil.createLocalCert() has been modified such that errors are no longer ignored. The changes also guarantee that some variable cannot be null, so the code can be simplified. https://pagure.io/dogtagpki/issue/2280 Change-Id: I9f1961d538cdbba99c8e3474ba3c601eb8416baf
* SCP03 support: fix Key Changeover with HSM (RHCS)Jack Magne2017-06-301-11/+18
| | | | | | Ticket #2764. This relatively simple fix involves making sure the correct crypto token is being used to search for the master key int the case of symmetric key changover where the master key resides on an HSM.
* Refactored ConfigurationUtils.configRemoteCert().Endi S. Dewata2017-06-301-98/+149
| | | | | | | | | Some code in ConfigurationUtils.configCert() has been moved into a new configRemoteCert() for clarity. https://pagure.io/dogtagpki/issue/2280 Change-Id: Ie0b04f8c2445ee088782ed10391a250f45a6bebf
* Refactored ConfigurationUtils.configLocalCert().Endi S. Dewata2017-06-301-99/+100
| | | | | | | | | Some code in ConfigurationUtils.configCert() has been moved into a new configLocalCert() for clarity. https://pagure.io/dogtagpki/issue/2280 Change-Id: I3473aa5f1a1d64b3714257d3fc285660ac1d955a
* Fixed audit events class hierarchy.Endi S. Dewata2017-06-3031-107/+122
| | | | | | | | | | The audit events classes have been modified to inherit from SignedAuditEvent class since AuditEvent class is actually used for transaction log. https://pagure.io/dogtagpki/issue/2689 Change-Id: If41c99c1d165075d330033d44799145c784c2905
* Fixed error message on invalid log type.Endi S. Dewata2017-06-273-8/+6
| | | | | | | | | To help troubleshooting the error message on invalid log type has been modified to include the invalid value. https://pagure.io/dogtagpki/issue/2689 Change-Id: Ie245bd9e3a3925979af4708fa911697a9746e54b
* Consolidated log() for audit events.Endi S. Dewata2017-06-2745-321/+133
| | | | | | | | | Duplicate log() methods for audit events have been merged into the Logger class. https://pagure.io/dogtagpki/issue/2689 Change-Id: I7a5147ff3221a52a82e69f56faf2156c04256db2
* Added LogEvent class.Endi S. Dewata2017-06-274-735/+367
| | | | | | | | | A new LogEvent class has been added as the base for all log events. Common fields and methods have been moved into the base class. https://pagure.io/dogtagpki/issue/2689 Change-Id: I775556edf367b972ad56b35f4b4ea025a72e962f
* Patch for "pki-server subsystem-cert-update" commandDinesh Prasanth M K2017-06-231-1/+28
| | | | | | | | | | | | Currently, the --cert option has not been implemented for `pki-server subsystem-cert-update` command. The --cert takes certificate name that needs to be added to the NSS database and replaces the existing certificate (if exists) in the database https://pagure.io/dogtagpki/issue/2756 Change-Id: If8be9edd55a673230f86e213fc803be365e55a92
* Refactored signed audit logger.Endi S. Dewata2017-06-2444-591/+186
| | | | | | | | | | | | | | | Signed audit logger creation has been simplified into: Logger signedAuditLogger = SignedAuditLogger.getLogger(); The null checks on signed audit logger have been removed since it cannot be null. Audit messages can be logged as follows: signedAuditLogger.log(message); https://pagure.io/dogtagpki/issue/2689 Change-Id: I3bf781b0194a6cbb166f71751c098d1c2a3a657a
* Added default log level for Logger.Endi S. Dewata2017-06-241-12/+37
| | | | | | | | | The Logger class has been modified to provide a way to specify the default log level. https://pagure.io/dogtagpki/issue/2689 Change-Id: Iaab5d95b7dfa1bfa814c7270259e01e019a33678
* Ticket #2616 CMC: id-cmc-statusInfo ==> id-cmc-statusInfoV2Christina Fu2017-06-2314-210/+747
| | | | | | | | | | | | | | This patch contains the following update: * Structurely, CMCStatusInfo to CMCStatusInfoV2 update; no extendedFailInfo has been added at this point * In case of EncryptedPOP, instead of returning with CMCStatus pending where PendInfo contains the requestID, it now returns CMCStatus failed whith responseInfo control contains the requestID. On the client side, CMCRequest now processes the responseInfo and returns the DecryptedPOP with requestID in the regInfo control. CMCResponse has been updated to handle the new controls as well. * A number of fail info codes are now being supported by the server to add clarity to CMC failed status, including: badMessageCheck, badRequest, unsuportedExt, badIdentity, popRequired, and popFailed.
* Reorganized Logger classes.Endi S. Dewata2017-06-239-9/+10
| | | | | | | | | Some Logger classes have been moved into com.netscape.cms.logging due to dependency requirements in subsequent changes. https://pagure.io/dogtagpki/issue/2689 Change-Id: I1e8ec247764d344647a519618a7523c51799f3de
* Fixed build dependency for pki-cms.jar.Endi S. Dewata2017-06-231-1/+1
| | | | | | | | | To help troubleshoot build issues the CMake script for pki-cms.jar has been modified to run after building the client tools. https://pagure.io/dogtagpki/issue/2689 Change-Id: Icf1aea2a14d9502a6ab791331fcfe49d7ecdab21
* Synced up local spec files with latest release (10.4.8)Matthew Harmsen2017-06-224-5/+53
|
* dogtagpki Pagure Issue #2745 - Platform Dependent Python ImportMatthew Harmsen2017-06-221-1/+4
|
* Refactored Logger class.Endi S. Dewata2017-06-224-21/+47
| | | | | | | | | | The Logger class has been modified to provide an interface to create a Logger instance that stores the log category and log source. https://pagure.io/dogtagpki/issue/2689 Change-Id: I1dadcdf35af0f0a17e02328c73ef6d95ca691e7f
* Refactored ILogEventFactory implementations.Endi S. Dewata2017-06-224-108/+65
| | | | | | | | | | A new LogFactory base class has been added to store the common fields and methods of the classes implementing ILogEventFactory interface. https://pagure.io/dogtagpki/issue/2689 Change-Id: Ife683856e769bd95f22e0fc06e8b65853c3708a2
* Added LogSource enumeration.Endi S. Dewata2017-06-2218-115/+185
| | | | | | | | | A LogSource enumeration has been added to replace the integer log source in the Logger class. https://pagure.io/dogtagpki/issue/2689 Change-Id: I6f69219fbbfa00d83f26a32174c75ff2782eb6af
* Added LogCategory enumeration.Endi S. Dewata2017-06-2214-74/+109
| | | | | | | | | A LogCategory enumeration has been added to replace the integer log category in the Logger class. https://pagure.io/dogtagpki/issue/2689 Change-Id: Ic92e64c3abdf859841eaf1006afc61bbf573086d
* Refactored LogQueue class.Endi S. Dewata2017-06-223-16/+3
| | | | | | | | | | | | The LogQueue class has been refactored such that the list of listeners is never null. The Logger class has been modified to get the LogQueue singleton directly instead of through LogSubsystem. https://pagure.io/dogtagpki/issue/2689 Change-Id: Id5d3c132215014a238fc5ecd5f80d60d687e3dd9
* Fixed build dependency for javadoc.Endi S. Dewata2017-06-221-1/+2
| | | | | | | | | To help troubleshoot build issues the CMake script for javadoc has been modified to run after building all Java packages. https://pagure.io/dogtagpki/issue/2689 Change-Id: I5ca681880d72688b49f73eeb242182b6707bec50
* Ticket #2618 UniqueKeyConstraint fix on subjectDN comparisonChristina Fu2017-06-201-5/+1
|
* Smoke test with FreeIPADinesh Prasanth M K2017-06-203-5/+179
| | | | | | | | | | | | | | | Travis CI is configured to build dogtag RPMs, test CA and KRA and finally do a smoke test with stable FreeIPA. Smoke test runs cert related tests: - test_caacl_plugin - test_caacl_profile_enforcement - test_cert_plugin - test_certprofile_plugin - test_vault_plugin https://pagure.io/dogtagpki/issue/2743 Change-Id: I894133f585772673932d1e8d8420c5c4c5ed6b7e
* Fixed OCSP service error handling.Endi S. Dewata2017-06-204-15/+23
| | | | | | | | | Some OCSP-related classes have been modified to detect errors and handle exceptions properly. https://pagure.io/dogtagpki/issue/2652 Change-Id: Ifd054c47d04ff106120df2d7f3705366c7de9da9
* Added log messages for OCSP service.Endi S. Dewata2017-06-204-58/+128
| | | | | | | | | Some log messages have been added into OCSP-related classes for clarity. https://pagure.io/dogtagpki/issue/2652 Change-Id: I7eda806a3103ac235a5d3e073db8c60a9b3d482d
* Fix token enrollment and recovery ivsAde Lee2017-06-161-0/+6
| | | | | | | | | | In encryption mode, the archival of the geenrated key uses the wrapIV, while the recovery uses the encryptIV. To make sure these are consistent, they need to be set to be the same. Bugzilla BZ #1458043 Change-Id: I1ecece74bd6e486c0f37b5e1df4929744fac262b
* Added pki ca-cert-status.Endi S. Dewata2017-06-172-0/+166
| | | | | | | | | | A new pki ca-cert-status CLI has been added to check certificate validity using OCSP. By default the CLI will use the CA's internal OCSP service. https://pagure.io/dogtagpki/issue/2652 Change-Id: I0fe3b2f1ca8c7979f9e5fa6d048be2c9883a875d
* Added search filter for pki ca-authority-find.Endi S. Dewata2017-06-174-10/+70
| | | | | | | | | | The pki ca-authority-find CLI has been modified to provide search filter based on the authority ID, parent ID, authority DN, and issuer DN. https://pagure.io/dogtagpki/issue/2652 Change-Id: I563a0b93eb7a00ae4771069812455ecc552f407c
generated by cgit (git 2.34.1) at 2024-05-01 21:45:28 +0000