summaryrefslogtreecommitdiffstats
path: root/base/java-tools/src/com
Commit message (Collapse)AuthorAgeFilesLines
...
* Cleaned up error handling in user and group CLIs.Endi S. Dewata2017-01-1821-325/+71
| | | | | | The user and group CLIs have been modified to use Exception instead of System.exit() such that errors can be handled consistently.
* Cleaned up error handling in PKI CLI.Endi S. Dewata2017-01-183-72/+48
| | | | | The MainCLI has been modified to use Exceptions instead of System.exit() such that errors can be handled consistently.
* Revert "Replaced deprecated DefaultHttpClient."Endi S. Dewata2016-12-021-3/+3
| | | | | | | Commit db58e6071f6bb57de006e6499c0a0c6a8c8e67bf has been reverted due to build issue on RHEL/CentOS. https://fedorahosted.org/pki/ticket/2531
* Revert "Replaced deprecated ProxyParser."Endi S. Dewata2016-12-023-6/+6
| | | | | | | Commit f9ddb2e875355e882b14529979f6c9ae03cf720e has been reverted due to build issue on RHEL/CentOS. https://fedorahosted.org/pki/ticket/2535
* Add field to KeyData to allow request to be returned when non-synchronousAde Lee2016-11-101-6/+12
| | | | | If a retrieval is non-sychronous, we create a non-ephemeral recovery request and return this Request ID to the client.
* Add option to pass existing request to retrieveKeyCLIAde Lee2016-11-101-3/+23
| | | | | | Continuation of the previous patch. These are client changes to allow the client to pass through an approved recovery request to retrieveKey()
* Replaced deprecated ProxyParser.Endi S. Dewata2016-11-043-6/+6
| | | | | | The deprecated ProxyParser has been replaced with DefaultParser. https://fedorahosted.org/pki/ticket/2535
* Replaced deprecated DefaultHttpClient.Endi S. Dewata2016-11-041-5/+5
| | | | | | | The deprecated DefaultHttpClient in SubsystemClient, CRMFPopClient, and OCSPProcessor has been replaced with HttpClientBuilder. https://fedorahosted.org/pki/ticket/2531
* Fix CertRequestInfo URLsAde Lee2016-09-021-2/+0
| | | | | | | | | | The URLs were generated by a UriBuilder that referred to the resource's annotated path. This top-level path changed though, even if the underlying paths did not. Replace this with a reference to the getX methods instead. Also fixed a few eclipse flagged warnings (unused imports etc). Ticket 2447
* pki-tools HEADER/FOOTER changesMatthew Harmsen2016-08-195-18/+29
| | | | * PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements
* Fixed NumberFormatException in tps-cert-findGeetika Kapoor2016-08-051-4/+16
| | | | Signed-off-by: Geetika Kapoor <gkapoor@redhat.com>
* Fix client-cert-import to set provided trust bitsAde Lee2016-07-291-4/+12
| | | | Ticket 2412
* Fixed cert usage list in pki client-cert-validate.Endi S. Dewata2016-07-151-1/+6
| | | | | | | | The pki client-cert-validate has been modified to add the missing EmailRecipient and to list the supported cert usages. https://fedorahosted.org/pki/ticket/2376 https://fedorahosted.org/pki/ticket/2399
* Added validation for pki client-cert-request sensitive parameter.Endi S. Dewata2016-07-061-0/+3
| | | | | | | The pki client-cert-request CLI has been modified to validate the boolean sensitive parameter. https://fedorahosted.org/pki/ticket/2383
* Added validation for pki client-cert-request extractable parameter.Endi S. Dewata2016-07-061-0/+3
| | | | | | | The pki client-cert-request CLI has been modified to validate the boolean extractable parameter. https://fedorahosted.org/pki/ticket/2383
* Fixed CLI error message on connection problemsEndi S. Dewata2016-07-061-1/+12
| | | | | | | The CLI has been modified to display the actual error message instead of generic ProcessingException. https://fedorahosted.org/pki/ticket/2377
* Fixed KRA cloning issue.Endi S. Dewata2016-06-291-2/+4
| | | | | | | | | | | | | The pki pkcs12-import CLI has been modified not to import certificates that already exist in the NSS database unless specifically requested with the --overwrite parameter. This will avoid changing the trust flags of the CA signing certificate during KRA cloning. The some other classes have been modified to provide better debugging information. https://fedorahosted.org/pki/ticket/2374
* Added debugging log in ClientCertImportCLI.Endi S. Dewata2016-06-161-0/+5
|
* Added pki pkcs12-cert-mod command.Endi S. Dewata2016-06-162-0/+175
| | | | | A new CLI has been added to update the certificate trust flags in PKCS #12 file which will be useful to import OpenSSL certificates.
* Add man page and clarify CLI for kra-connectorAde Lee2016-06-133-17/+74
|
* Add revocation information to pki CLI output.Ade Lee2016-05-241-0/+21
| | | | | | | The date on which the certificate is revoked and the agent that revoked it is displayed now in cert-find and cert-show output. Ticket 1055
* Allow cert-find using revocation reasonsAde Lee2016-05-241-2/+21
| | | | | | | | | The REST API expects the integer revocation code to be passed in a certificate search. We have modified the client to allow the user to provide either a revocation code or a revocation reason as a search parameter. Ticket 1053
* Lightweight CAs: add issuer DN and serial to AuthorityDataFraser Tweedale2016-05-134-4/+16
| | | | | | | | Add issuer DN and serial number to the AuthorityData object, as read-only attributes. Values are displayed in the CLI, when present in the response data. Fixes: https://fedorahosted.org/pki/ticket/1618
* Add ca-authority-key-export commandFraser Tweedale2016-05-032-0/+110
| | | | | | | | | Add the 'pki ca-authority-key-export' CLI command for exporting a PKIArchiveOptions object containing a nominated target key, wrapped by a nominated wrapping key. This command is to be used by Custodia to export key data for transmission to a requesting clone. Part of: https://fedorahosted.org/pki/ticket/1625
* Refactored TokenStatus enumeration.Endi S. Dewata2016-05-031-1/+7
| | | | | | | | The TokenStatus enumeration has been converted into a class to allow overriding the TokenStatus.valueOf() to provide backward compatibility. https://fedorahosted.org/pki/ticket/2286
* Add CLI to check system certificate statusAde Lee2016-05-022-0/+195
| | | | | | | | | | | | | | | | | | | We add two different calls: 1. pki client-cert-validate - which checks a certificate in the client certdb and calls the System cert verification call performed by JSS in the system self test. This does some basic extensions and trust tests, and also validates cert validity and cert trust chain. 2. pki-server subsystem-cert-validate <subsystem> This calls pki client-cert-validate using the nssdb for the subsystem on all of the system certificates by default (or just one if the nickname is defined). This is a great thing to call when healthchecking an instance, and also will be used by pkispawn to verify the signing cert in the externally signed CA case. Trac Ticket 2043
* Added realm to methods for listing requests and keysAde Lee2016-04-202-2/+12
| | | | | | | | | | | 1. Added query parameters for the realm. If a realm is specified, then only the key requests and keys associated with the realm are returned. If no realm is specified, then only those requests and keys without a realm are returned. 2. Added parameters to keyClient and the CLI Part of Trac Ticket #2041
* Added realm for archival and key generation through RESTAde Lee2016-04-202-9/+25
| | | | | | | | This will allow users to specify the realm when generating or archiving a request. No interface change is needed (yet) because the extra parameter is passed through the request. Part of Ticket #2041
* Add realm to the key recordAde Lee2016-04-201-0/+2
| | | | Part of Trac Ticket# 2041
* Fixed PKCS #12 export options.Endi S. Dewata2016-04-201-1/+1
| | | | | | | | The CLIs for exporting PKCS #12 file have been modified to accept options to export without trust flags, keys, and/or certificate chain. https://fedorahosted.org/pki/ticket/1736
* Updated pki pkcs12-export CLI.Endi S. Dewata2016-04-151-7/+7
| | | | | | | | | | | | For consistency the pki pkcs12-export has been modified to overwrite the PKCS #12 output file by default. A new option has been added to append the exported certificates and keys into the output file if the file already exists. The same option has been added to the The pki-server instance-cert-export and subsystem-cert-export commands. https://fedorahosted.org/pki/ticket/1736
* Lightweight CAs: indicate when CA does not yet have keysFraser Tweedale2016-04-144-3/+4
| | | | | | | | | | When a lightweight CA is created, clones will initialise a local object when the LDAP replication takes place, however, the signing keys will not yet have been replicated. Therefore, indicate CA readiness in authority data and respond appropriately (HTTP 503) when signing operations are attempted. Part of: https://fedorahosted.org/pki/ticket/1625
* Fixed missing trust flags in certificate backup.Endi S. Dewata2016-04-042-5/+14
| | | | | | | | | | | | | | | | | | | | The ConfigurationUtils.backupKeys() has been modified to use PKCS12Util to export the certificates and their trust flags into a PKCS #12 file such that the file can be used for cloning. The code to generate PFX object has been refactored from the PKCS12Util.storeIntoFile() into a separate generatePFX() method. The PKCS12Util.loadCertFromNSS() has been modified to provide options to load a certificate from NSS database without the key or the certificate chain. The CLIs have been modified to provide the same options. The PKCS12Util.getCertInfo() has modified to ignore missing certificate attributes in the PKCS #12 file and generate a new local ID. https://fedorahosted.org/pki/ticket/2255
* Added support for cloning 3rd-party CA certificates.Endi S. Dewata2016-03-183-20/+59
| | | | | | | | | | | | | | | | | | | | | | | The installation code has been modified such that it imports all CA certificates from the PKCS #12 file for cloning before the server is started using certutil. The user certificates will continue to be imported using the existing JSS code after the server is started. This is necessary since JSS is unable to preserve the CA certificate nicknames. The PKCS12Util has been modified to support multiple certificates with the same nicknames. The pki pkcs12-cert-find has been modified to show certificate ID and another field indicating whether the certificate has a key. The pki pkcs12-cert-export has been modified to accept either certificate nickname or ID. The pki pkcs12-import has been modified to provide options for importing only user certificates or CA certificates. https://fedorahosted.org/pki/ticket/1742
* Additional clean-ups for PKCS #12 utilities.Endi S. Dewata2016-03-182-3/+14
| | | | | | | | | | | | | | | | The pki_server_external_cert_path has been renamed to pki_server_external_certs_path to match the file name. A default pki_server_external_certs_path has been added to default.cfg. The pki pkcs12-export has been modified to export into existing PKCS #12 file by default. The pki-server instance-cert-export has been modified to accept a list of nicknames to export. https://fedorahosted.org/pki/ticket/1742
* Renamed PKCS #12 options for consistency.Endi S. Dewata2016-03-188-16/+16
| | | | | | | The pki CLI's --pkcs12 options has been renamed to --pkcs12-file for consistency with pki-server CLI options. https://fedorahosted.org/pki/ticket/1742
* Added TPS token filter dialog.Endi S. Dewata2016-03-171-2/+29
| | | | | | | | | | | The TPS UI Tokens page and the pki tps-token-find CLI have been modified to provide an interface to filter tokens based on their attributes. The TokenService.findTokens() has been modified to accept additional search criteria based on token attributes. https://fedorahosted.org/pki/ticket/1482
* Added workaround for JSS limitation in pki pkcs12-import.Endi S. Dewata2016-02-263-3/+189
| | | | | | | | | | | | | | | | Currently JSS is unable to import CA certificates while preserving their nicknames. As a workaround, the pki pkcs12-import has been modified such that it exports individual CA certificates from PKCS The remaining user certificates will continue to be imported using JSS. A new pki pkcs12-cert-export command has been added to export individual certificates from PKCS #12 file into PEM files. The pki pkcs12-import has been modified to take a list of nicknames of the certificates to be imported into NSS database. https://fedorahosted.org/pki/ticket/1742
* Updated PKCS12Util.Endi S. Dewata2016-02-242-17/+21
| | | | | | | | | | | | | | | | | | | | | | | The PKCSUtil has been updated to match the functionality provided by JSS. In order to import a certificate properly, the certificate needs to be exported with its private key and certificate chain, so the option to export without key or without the certificate chain has been removed. The option to export only the certificate chain has also been removed since it can be done by exporting the complete certificate chain, then remove the leaf certificate while keeping the chain. The pki pkcs12-cert-add has been modified to provide an option to create a new PKCS #12 file to store the certificate. The pki pkcs12-export has been modified to always overwrite existing file to match the behavior of PKCS12Export. It also has been modified to accept a list of nicknames of certificates to export. https://fedorahosted.org/pki/ticket/1742
* Added CLI to manage keys in PKCS #12 file.Endi S. Dewata2016-02-192-0/+151
| | | | | | | A new CLI has been added to remove a key from a PKCS #12 file based on the key ID. https://fedorahosted.org/pki/ticket/1742
* Added CLI to manage certs in PKCS #12 file.Endi S. Dewata2016-02-195-2/+331
| | | | | | | New CLIs have been added to add a certificate from NSS database and to remove a certificate from the PKCS #12 file. https://fedorahosted.org/pki/ticket/1742
* Refactored PKCS12Util to use PKCS12 object.Endi S. Dewata2016-02-197-20/+76
| | | | | | | | | | | | The PKCS12Util has been modified such that it stores the certs and keys in PKCS12 object instead of PFX object. The PKCS12 object can be loaded either from NSS database or PKCS #12 file. The PKCS12 object can later be stored into NSS database or PKCS #12 file. The pki pkcs12-cert-find and pkcs12-key-find commands were modified to require PKCS #12 password. https://fedorahosted.org/pki/ticket/1742
* Refactored PKCS12CertInfo and PKCS12KeyInfo classes.Endi S. Dewata2016-02-194-13/+13
| | | | | | | | | | The PKCS12CertInfo and PKCS12KeyInfo classes have been moved out of PKCS12Util into separate classes. The createLocalKeyID() has been modified to return BigInteger instead of byte array. https://fedorahosted.org/pki/ticket/1742
* Added PKCS #12 attribute to store certificate trust flags.Endi S. Dewata2016-02-174-3/+19
| | | | | | | | | A new PKCS #12 attribute has been defined to store NSS certificate trust flags in PKCS #12 file. The PKCS12Util has been modified to store the trust flags during export and reset the trust flags in NSS database during import. https://fedorahosted.org/pki/ticket/1742
* Added CLIs to import and export PKCS #12.Endi S. Dewata2016-02-174-0/+268
| | | | | | | | The pki pkcs12-import and pki pkcs12-export commands have been added to import and export PKCS #12 file into and from NSS database. https://fedorahosted.org/pki/ticket/1742
* Added CLIs to inspect PKCS #12 file.Endi S. Dewata2016-02-126-0/+415
| | | | | | | The pki pkcs12-cert-find and pki pkcs12-key-find commands have been added to list the certificates and keys in a PKCS #12 file. https://fedorahosted.org/pki/ticket/1742
* Refactored PKCS12Export.Endi S. Dewata2016-02-121-194/+21
| | | | | | | | | | | | | The code to export NSS database into PKCS #12 file in PKCS12Export tool has been refactored into PKCS12Util class to simplify further enhancements. The PKCS12Export tool has also been modified to use Java Logging API. A default logging configuration file has been added. The command-line wrapper has been modified to get the path to the logging configuration file from pki.conf. https://fedorahosted.org/pki/ticket/1742
* PKI TRAC Ticket #1850 - Rename DRMTool --> KRAToolMatthew Harmsen2016-02-113-879/+879
|
* Fixed token modify operation.Endi S. Dewata2016-02-081-30/+0
| | | | | | | The TPS UI and CLI have been modified to accept only user ID and policy attributes when modifying a token. https://fedorahosted.org/pki/ticket/1687
* Added resource bundle for token state labels.Endi S. Dewata2016-02-051-2/+18
| | | | | | | | | | | | | | | The labels for token states and the transitions are now stored in token-states.properties. The default file will be stored in the /usr/share/pki/tps/conf, but it can be overriden by copying and customizing the file into <instance>/tps/conf. When the UI retrieves the token data the labels for the current state and the valid transitions will be loaded from the file and returned to the UI. The UI will show the transition labels in the dropdown list for changing token status. https://fedorahosted.org/pki/ticket/1289 https://fedorahosted.org/pki/ticket/1291
generated by cgit (git 2.34.1) at 2025-09-27 08:10:37 +0000