summaryrefslogtreecommitdiffstats
path: root/base/java-tools/src/com
Commit message (Collapse)AuthorAgeFilesLines
...
* Refactored CA ProfileMappingCLI.Endi S. Dewata2017-03-276-9/+22
| | | | | The CA ProfileMappingCLI and its submodules have been modified to use lazy initialization to get the PKIClient object.
* Refactored CA ProfileCLI.Endi S. Dewata2017-03-279-18/+41
| | | | | The CA ProfileCLI and its submodules have been modified to use lazy initialization to get the PKIClient object.
* Refactored KRAConnectorCLI for CA.Endi S. Dewata2017-03-274-9/+19
| | | | | The KRAConnectorCLI for CA and its submodules have been modified to use lazy initialization to get the PKIClient object.
* Refactored FeatureCLI.Endi S. Dewata2017-03-273-5/+14
| | | | | The FeatureCLI and its submodules have been modified to use lazy initialization to get the PKIClient object.
* Refactored AuthorityCLI.Endi S. Dewata2017-03-277-9/+26
| | | | | The AuthorityCLI and its submodules have been modified to use lazy initialization to get the PKIClient object.
* Change CRMFPopClient to use AES-KeyWrap with paddingAde Lee2017-03-241-16/+40
| | | | | | | | | | | | | | | | | | Also made a couple of small changes to WrappingParams. * Set the wrapIV to null when AES KeyWrap is used. Trying to unpack the PKIArchiveOptions package with this IV set to null fails. * removed superfluous this modifiers. Added a parameter KEY_WRAP_PARAMETER_SET which is set in /etc/pki/pki.conf. If this parameter is set to 0, we will use the old DES3 algorithms. This can be set by clients talking to old servers. CRMFPopClient has the ability to automatically submit requests to a CA. In this case, we shouldcontact the server and determine the version using InfoClient, and choose the algorithm accordingly. We will implement this in a separate patch. Change-Id: Ib4a99545cb59b62a96c272311595e96dda10979e
* Merge github.com:dogtagpki/pkiAde Lee2017-03-2466-229/+306
|\
| * Refactored UserCLI.Endi S. Dewata2017-03-2415-38/+57
| | | | | | | | | | The UserCLI and its submodules have been modified to use lazy initialization to get the PKIClient object.
| * Refactored SecurityDomainCLI.Endi S. Dewata2017-03-242-4/+9
| | | | | | | | | | The SecurityDomainCLI and its submodule have been modified to use lazy initialization to get the PKIClient object.
| * Refactored KRA KeyCLI.Endi S. Dewata2017-03-2411-31/+56
| | | | | | | | | | The KRA KeyCLI and its submodules have been modified to use lazy initialization to get the PKIClient object.
| * Refactored GroupCLI.Endi S. Dewata2017-03-2411-28/+43
| | | | | | | | | | The CertCLI and its submodules have been modified to use lazy initialization to get the PKIClient object.
| * Refactored CA CertCLI.Endi S. Dewata2017-03-2412-39/+61
| | | | | | | | | | The CA CertCLI and its submodules have been modified to use lazy initialization to get the PKIClient object.
| * Refactored SubsystemCLI.Endi S. Dewata2017-03-246-70/+52
| | | | | | | | | | | | The SubsystemCLI and its subclasses have been modified to use lazy initialization to get the PKIClient object. They also have been simplified by moving common methods to the base class.
| * Refactored ProxyCLI.Endi S. Dewata2017-03-241-2/+2
| | | | | | | | | | The ProxyCLI has been modified to use lazy initialization to get the PKIClient object.
| * Refactored ClientCLI.Endi S. Dewata2017-03-246-14/+12
| | | | | | | | | | The ClientCLI and its submodules have been modified to use lazy initialization to get the PKIClient object.
| * Refactored CLI.getClient().Endi S. Dewata2017-03-242-3/+4
| | | | | | | | | | The CLI.getClient() has been modified to return the parent CLI's PKIClient object if available.
| * Added CLI.getConfig().Endi S. Dewata2017-03-242-0/+10
| | | | | | | | | | A new CLI.getConfig() has been added to return the parent CLI's configuration if available.
* | Refactor code that creates PKIArchiveOptions objectsAde Lee2017-03-233-75/+56
|/ | | | | | | | | | | | | | * Refactor code in CryptoUtil to parametrize the algorithms used. * Moved WrappingParams to utils jar to allow correct compilation. * Removed code that created a PKIArchiveOptions structure from CRMFPopClient and replaced with calls to CryptoUtil methods. Note that the algorithms have been left as DES3. They will be changed to AES in the next patch. * Converted code in AuthorityKeyExportCLI to use the new methods in CryptoUtil. * Removed DRMTest this code is no longer maintained or used. Change-Id: I8f625f0310877dca68f6a01285b6ff4e27e7f34a
* Allowing client cert auth without NSS database password.Endi S. Dewata2017-03-211-11/+0
| | | | | The PKI CLI has been modified to support client cert authentication without NSS database password.
* Allowing pki client-init without NSS database password.Endi S. Dewata2017-03-211-10/+20
| | | | | The pki client-init has been modified to support creating NSS database without password.
* Fixed default value for SSL datagram.Endi S. Dewata2017-03-201-1/+1
| | | | | The minimum SSL version for datagram should have been TLS 1.1 to match the default in pki.conf.
* Added hard-coded default values for SSL parameters in PKI CLI.Endi S. Dewata2017-03-201-5/+5
| | | | | The PKI CLI has been modified to use hard-coded default values in case the pki.conf is not available (e.g. in Eclipse).
* Added pki.conf parameter for default SSL ciphers.Endi S. Dewata2017-03-191-1/+6
| | | | | A new parameter has been added to pki.conf to enable/disable the default SSL ciphers for PKI CLI.
* Added pki.conf parameter for SSL ciphers.Endi S. Dewata2017-03-191-0/+3
| | | | | A new parameter has been added to pki.conf to configure the SSL ciphers used by PKI CLI in addition to the default ciphers.
* Renamed CryptoUtil.setClientCiphers().Endi S. Dewata2017-03-192-2/+2
| | | | | The setClientCiphers() in CryptoUtil has been renamed to setDefaultSSLCiphers() for clarity.
* Added configuration parameters for SSL version ranges.Endi S. Dewata2017-03-191-2/+18
| | | | | The hard-coded SSL version ranges in PKI CLI have been converted into configurable parameters in the pki.conf.
* Fixed PKIClient initialization in PKI CLI.Endi S. Dewata2017-03-193-2/+13
| | | | | | | | The PKI CLI has been modified such that it initializes the PKIClient (and retrieves the access banner) only if the CLI needs to access the PKI server. https://pagure.io/dogtagpki/issue/2612
* Moved default SSL configuration out of PKIConnection.Endi S. Dewata2017-03-171-0/+5
| | | | | | | To prevent conflicts, the code that configures the default SSL version ranges and ciphers for all SSL sockets created afterwards has been moved out of PKIConnection into the main program (i.e. PKI CLI).
* Default NSS database for PKI CLI.Endi S. Dewata2017-03-171-4/+24
| | | | | | The PKI CLI has been modified to create a default NSS database without a password if there is no existing database at the expected location.
* Removed duplicate code to configure SSL version ranges.Endi S. Dewata2017-03-171-19/+5
| | | | | The duplicate code for configuring default SSL version ranges has been merged into reusable methods in CryptoUtil.
* Troubleshooting improvement for ClientCertValidateCLI.Endi S. Dewata2017-03-151-3/+6
| | | | | The ClientCertValidateCLI has been modified to display the NSS error code and error message for invalid certificates.
* Refactor crypto codeAde Lee2017-03-141-7/+7
| | | | | | Move some of the crypto functions in EncryptionUnit to CryptoUtil. Change-Id: Iee391392fb88a87f6af3b450b69508fd52729a62
* Added access banner for PKI CLI.Endi S. Dewata2017-02-242-0/+83
| | | | | | | | | The PKI CLI has been modified to retrieve access banner from the server and ask for user confirmation at the beginning of the program. An --ignore-banner option was added to allow bypassing the banner for automation. https://fedorahosted.org/pki/ticket/2582
* Cleaned up error handling in TPS CLIs.Endi S. Dewata2017-02-0829-442/+90
| | | | | The TPS CLIs have been modified to use Exceptions instead of System.exit() such that errors can be handled consistently.
* Cleaned up error handling in system, logging, and selftest CLIs.Endi S. Dewata2017-02-0816-228/+47
| | | | | | The system, logging, and selftest CLIs have been modified to use Exceptions instead of System.exit() such that errors can be handled consistently.
* Cleaned up error handling in feature and authority CLIs.Endi S. Dewata2017-02-049-177/+57
| | | | | | The feature and authority CLIs have been modified to use Exceptions instead of System.exit() such that errors can be handled consistently.
* Cleaned up error handling in client and PKCS12 CLIs.Endi S. Dewata2017-02-0217-330/+80
| | | | | | The client and PKCS12 CLIs have been modified to use Exceptions instead of System.exit() such that errors can be handled consistently.
* Added --serial param to pki ca-cert-request-submit.Endi S. Dewata2017-02-021-0/+23
| | | | | A new parameter has been added to set the serial number field in CertEnrollmentRequest and in profile input if available.
* Added --renewal param to pki ca-cert-request-submit.Endi S. Dewata2017-02-021-0/+9
| | | | | A new parameter has been added to set the renewal field in CertEnrollmentRequest.
* Refactored restricted command list in PKI CLI.Endi S. Dewata2017-01-301-5/+15
| | | | | The names of restricted commands have been moved into a list for clarity.
* Cleaned up error handling in key CLIs.Endi S. Dewata2017-01-3012-304/+70
| | | | | The key CLIs have been modified to use Exceptions instead of System.exit() such that errors can be handled consistently.
* Cleaned up error handling in cert and profile CLIs.Endi S. Dewata2017-01-3021-395/+107
| | | | | | The cert and profile CLIs have been modified to use Exceptions instead of System.exit() such that errors can be handled consistently.
* Replaced CryptoManager.getTokenByName().Endi S. Dewata2017-01-2710-81/+27
| | | | | | | | | Direct invocations of CryptoManager.getTokenByName() have been replaced with CryptoUtil.getCryptoToken() and getKeyStorageToken() to ensure that internal token names are handled consistently both in normal mode and FIPS mode. https://fedorahosted.org/pki/ticket/2556
* Fixed inconsistent internal token detection.Endi S. Dewata2017-01-266-25/+25
| | | | | | | | The codes that detect internal token name have been modified to use CryptoUtil.isInternalToken() such that the comparison can be done consistently both in normal mode and FIPS mode. https://fedorahosted.org/pki/ticket/2556
* Replaced internal token short name literals.Endi S. Dewata2017-01-243-14/+18
| | | | | | | The internal token short name literals have been replaced with CryptoUtil.INTERNAL_TOKEN_NAME. https://fedorahosted.org/pki/ticket/2556
* Replaced internal token full name literals.Endi S. Dewata2017-01-241-1/+1
| | | | | | | The internal token full name literals have been replaced with CryptoUtil.INTERNAL_TOKEN_FULL_NAME. https://fedorahosted.org/pki/ticket/2556
* Refactored HttpClient.PR_INTERNAL_TOKEN_NAME.Endi S. Dewata2017-01-211-3/+1
| | | | | | | The HttpClient.PR_INTERNAL_TOKEN_NAME has been replaced with CryptoUtil.INTERNAL_TOKEN_NAME since they are identical. https://fedorahosted.org/pki/ticket/2556
* Refactored CMCRevoke.PR_INTERNAL_TOKEN_NAME.Endi S. Dewata2017-01-211-3/+3
| | | | | | | The CMCRevoke.PR_INTERNAL_TOKEN_NAME has been replaced with CryptoUtil.INTERNAL_TOKEN_NAME since they are identical. https://fedorahosted.org/pki/ticket/2556
* Refactored CMCRequest.PR_INTERNAL_TOKEN_NAME.Endi S. Dewata2017-01-211-4/+3
| | | | | | | The CMCRequest.PR_INTERNAL_TOKEN_NAME has been replaced with CryptoUtil.INTERNAL_TOKEN_NAME since they are identical. https://fedorahosted.org/pki/ticket/2556
* Refactored KRATool.INTERNAL_TOKEN.Endi S. Dewata2017-01-211-7/+5
| | | | | | | The KRATool.INTERNAL_TOKEN has been replaced with CryptoUtil.INTERNAL_TOKEN_FULL_NAME since they are identical. https://fedorahosted.org/pki/ticket/2556
generated by cgit (git 2.34.1) at 2025-09-26 22:07:44 +0000