| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
The TPS CLIs have been modified to use Exceptions instead of
System.exit() such that errors can be handled consistently.
|
| |
|
|
|
|
| |
The system, logging, and selftest CLIs have been modified to use
Exceptions instead of System.exit() such that errors can be
handled consistently.
|
| |
|
|
|
|
| |
The feature and authority CLIs have been modified to use
Exceptions instead of System.exit() such that errors can be
handled consistently.
|
| |
|
|
|
|
| |
The client and PKCS12 CLIs have been modified to use Exceptions
instead of System.exit() such that errors can be handled
consistently.
|
| |
|
|
|
| |
A new parameter has been added to set the serial number field in
CertEnrollmentRequest and in profile input if available.
|
| |
|
|
|
| |
A new parameter has been added to set the renewal field in
CertEnrollmentRequest.
|
| |
|
|
|
| |
The names of restricted commands have been moved into a list for
clarity.
|
| |
|
|
|
| |
The key CLIs have been modified to use Exceptions instead of
System.exit() such that errors can be handled consistently.
|
| |
|
|
|
|
| |
The cert and profile CLIs have been modified to use Exceptions
instead of System.exit() such that errors can be handled
consistently.
|
| |
|
|
|
|
|
|
|
| |
Direct invocations of CryptoManager.getTokenByName() have been
replaced with CryptoUtil.getCryptoToken() and getKeyStorageToken()
to ensure that internal token names are handled consistently both
in normal mode and FIPS mode.
https://fedorahosted.org/pki/ticket/2556
|
| |
|
|
|
|
|
|
| |
The codes that detect internal token name have been modified to
use CryptoUtil.isInternalToken() such that the comparison can be
done consistently both in normal mode and FIPS mode.
https://fedorahosted.org/pki/ticket/2556
|
| |
|
|
|
|
|
| |
The internal token short name literals have been replaced with
CryptoUtil.INTERNAL_TOKEN_NAME.
https://fedorahosted.org/pki/ticket/2556
|
| |
|
|
|
|
|
| |
The internal token full name literals have been replaced with
CryptoUtil.INTERNAL_TOKEN_FULL_NAME.
https://fedorahosted.org/pki/ticket/2556
|
| |
|
|
|
|
|
| |
The HttpClient.PR_INTERNAL_TOKEN_NAME has been replaced with
CryptoUtil.INTERNAL_TOKEN_NAME since they are identical.
https://fedorahosted.org/pki/ticket/2556
|
| |
|
|
|
|
|
| |
The CMCRevoke.PR_INTERNAL_TOKEN_NAME has been replaced with
CryptoUtil.INTERNAL_TOKEN_NAME since they are identical.
https://fedorahosted.org/pki/ticket/2556
|
| |
|
|
|
|
|
| |
The CMCRequest.PR_INTERNAL_TOKEN_NAME has been replaced with
CryptoUtil.INTERNAL_TOKEN_NAME since they are identical.
https://fedorahosted.org/pki/ticket/2556
|
| |
|
|
|
|
|
| |
The KRATool.INTERNAL_TOKEN has been replaced with
CryptoUtil.INTERNAL_TOKEN_FULL_NAME since they are identical.
https://fedorahosted.org/pki/ticket/2556
|
| |
|
|
|
|
| |
The user and group CLIs have been modified to use Exception
instead of System.exit() such that errors can be handled
consistently.
|
| |
|
|
|
| |
The MainCLI has been modified to use Exceptions instead of
System.exit() such that errors can be handled consistently.
|
| |
|
|
|
|
|
| |
Commit db58e6071f6bb57de006e6499c0a0c6a8c8e67bf has been reverted
due to build issue on RHEL/CentOS.
https://fedorahosted.org/pki/ticket/2531
|
| |
|
|
|
|
|
| |
Commit f9ddb2e875355e882b14529979f6c9ae03cf720e has been reverted
due to build issue on RHEL/CentOS.
https://fedorahosted.org/pki/ticket/2535
|
| |
|
|
|
| |
If a retrieval is non-sychronous, we create a non-ephemeral recovery
request and return this Request ID to the client.
|
| |
|
|
|
|
| |
Continuation of the previous patch. These are client changes
to allow the client to pass through an approved recovery request
to retrieveKey()
|
| |
|
|
|
|
| |
The deprecated ProxyParser has been replaced with DefaultParser.
https://fedorahosted.org/pki/ticket/2535
|
| |
|
|
|
|
|
| |
The deprecated DefaultHttpClient in SubsystemClient, CRMFPopClient,
and OCSPProcessor has been replaced with HttpClientBuilder.
https://fedorahosted.org/pki/ticket/2531
|
| |
|
|
|
|
|
|
|
|
| |
The URLs were generated by a UriBuilder that referred to the resource's
annotated path. This top-level path changed though, even if the underlying
paths did not. Replace this with a reference to the getX methods instead.
Also fixed a few eclipse flagged warnings (unused imports etc).
Ticket 2447
|
| |
|
|
| |
* PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements
|
| |
|
|
| |
Signed-off-by: Geetika Kapoor <gkapoor@redhat.com>
|
| |
|
|
| |
Ticket 2412
|
| |
|
|
|
|
|
|
| |
The pki client-cert-validate has been modified to add the missing
EmailRecipient and to list the supported cert usages.
https://fedorahosted.org/pki/ticket/2376
https://fedorahosted.org/pki/ticket/2399
|
| |
|
|
|
|
|
| |
The pki client-cert-request CLI has been modified to validate the
boolean sensitive parameter.
https://fedorahosted.org/pki/ticket/2383
|
| |
|
|
|
|
|
| |
The pki client-cert-request CLI has been modified to validate the
boolean extractable parameter.
https://fedorahosted.org/pki/ticket/2383
|
| |
|
|
|
|
|
| |
The CLI has been modified to display the actual error message
instead of generic ProcessingException.
https://fedorahosted.org/pki/ticket/2377
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The pki pkcs12-import CLI has been modified not to import
certificates that already exist in the NSS database unless
specifically requested with the --overwrite parameter. This
will avoid changing the trust flags of the CA signing
certificate during KRA cloning.
The some other classes have been modified to provide better
debugging information.
https://fedorahosted.org/pki/ticket/2374
|
| | |
|
| |
|
|
|
| |
A new CLI has been added to update the certificate trust flags in
PKCS #12 file which will be useful to import OpenSSL certificates.
|
| | |
|
| |
|
|
|
|
|
| |
The date on which the certificate is revoked and the agent that
revoked it is displayed now in cert-find and cert-show output.
Ticket 1055
|
| |
|
|
|
|
|
|
|
| |
The REST API expects the integer revocation code to be passed
in a certificate search. We have modified the client to allow
the user to provide either a revocation code or a revocation
reason as a search parameter.
Ticket 1053
|
| |
|
|
|
|
|
|
| |
Add issuer DN and serial number to the AuthorityData object, as
read-only attributes. Values are displayed in the CLI, when present
in the response data.
Fixes: https://fedorahosted.org/pki/ticket/1618
|
| |
|
|
|
|
|
|
|
| |
Add the 'pki ca-authority-key-export' CLI command for exporting a
PKIArchiveOptions object containing a nominated target key, wrapped
by a nominated wrapping key. This command is to be used by Custodia
to export key data for transmission to a requesting clone.
Part of: https://fedorahosted.org/pki/ticket/1625
|
| |
|
|
|
|
|
|
| |
The TokenStatus enumeration has been converted into a class to
allow overriding the TokenStatus.valueOf() to provide backward
compatibility.
https://fedorahosted.org/pki/ticket/2286
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We add two different calls:
1. pki client-cert-validate - which checks a certificate in the client
certdb and calls the System cert verification call performed by JSS
in the system self test. This does some basic extensions and trust
tests, and also validates cert validity and cert trust chain.
2. pki-server subsystem-cert-validate <subsystem>
This calls pki client-cert-validate using the nssdb for the subsystem
on all of the system certificates by default (or just one if the
nickname is defined).
This is a great thing to call when healthchecking an instance,
and also will be used by pkispawn to verify the signing cert in the
externally signed CA case.
Trac Ticket 2043
|
| |
|
|
|
|
|
|
|
|
|
| |
1. Added query parameters for the realm. If a realm is
specified, then only the key requests and keys associated
with the realm are returned. If no realm is specified,
then only those requests and keys without a realm are returned.
2. Added parameters to keyClient and the CLI
Part of Trac Ticket #2041
|
| |
|
|
|
|
|
|
| |
This will allow users to specify the realm when generating
or archiving a request. No interface change is needed (yet)
because the extra parameter is passed through the request.
Part of Ticket #2041
|
| |
|
|
| |
Part of Trac Ticket# 2041
|
| |
|
|
|
|
|
|
| |
The CLIs for exporting PKCS #12 file have been modified to accept
options to export without trust flags, keys, and/or certificate
chain.
https://fedorahosted.org/pki/ticket/1736
|
| |
|
|
|
|
|
|
|
|
|
|
| |
For consistency the pki pkcs12-export has been modified to
overwrite the PKCS #12 output file by default. A new option has
been added to append the exported certificates and keys into the
output file if the file already exists.
The same option has been added to the The pki-server
instance-cert-export and subsystem-cert-export commands.
https://fedorahosted.org/pki/ticket/1736
|
| |
|
|
|
|
|
|
|
|
| |
When a lightweight CA is created, clones will initialise a local
object when the LDAP replication takes place, however, the signing
keys will not yet have been replicated. Therefore, indicate CA
readiness in authority data and respond appropriately (HTTP 503)
when signing operations are attempted.
Part of: https://fedorahosted.org/pki/ticket/1625
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ConfigurationUtils.backupKeys() has been modified to use
PKCS12Util to export the certificates and their trust flags into
a PKCS #12 file such that the file can be used for cloning.
The code to generate PFX object has been refactored from the
PKCS12Util.storeIntoFile() into a separate generatePFX() method.
The PKCS12Util.loadCertFromNSS() has been modified to provide
options to load a certificate from NSS database without the key
or the certificate chain. The CLIs have been modified to provide
the same options.
The PKCS12Util.getCertInfo() has modified to ignore missing
certificate attributes in the PKCS #12 file and generate a new
local ID.
https://fedorahosted.org/pki/ticket/2255
|
