| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
The UserCLI and its submodules have been modified to use lazy
initialization to get the PKIClient object.
|
| |
|
|
|
| |
The SecurityDomainCLI and its submodule have been modified to use
lazy initialization to get the PKIClient object.
|
| |
|
|
|
| |
The KRA KeyCLI and its submodules have been modified to use lazy
initialization to get the PKIClient object.
|
| |
|
|
|
| |
The CertCLI and its submodules have been modified to use lazy
initialization to get the PKIClient object.
|
| |
|
|
|
| |
The CA CertCLI and its submodules have been modified to use lazy
initialization to get the PKIClient object.
|
| |
|
|
|
|
| |
The SubsystemCLI and its subclasses have been modified to use
lazy initialization to get the PKIClient object. They also have
been simplified by moving common methods to the base class.
|
| |
|
|
|
| |
The ProxyCLI has been modified to use lazy initialization to get
the PKIClient object.
|
| |
|
|
|
| |
The ClientCLI and its submodules have been modified to use lazy
initialization to get the PKIClient object.
|
| |
|
|
|
| |
The CLI.getClient() has been modified to return the parent CLI's
PKIClient object if available.
|
| |
|
|
|
| |
A new CLI.getConfig() has been added to return the parent CLI's
configuration if available.
|
| |
|
|
|
| |
The PKI CLI has been modified to support client cert authentication
without NSS database password.
|
| |
|
|
|
| |
The pki client-init has been modified to support creating NSS
database without password.
|
| |
|
|
|
| |
The minimum SSL version for datagram should have been TLS 1.1 to
match the default in pki.conf.
|
| |
|
|
|
| |
The PKI CLI has been modified to use hard-coded default values
in case the pki.conf is not available (e.g. in Eclipse).
|
| |
|
|
|
| |
A new parameter has been added to pki.conf to enable/disable the
default SSL ciphers for PKI CLI.
|
| |
|
|
|
| |
A new parameter has been added to pki.conf to configure the SSL
ciphers used by PKI CLI in addition to the default ciphers.
|
| |
|
|
|
| |
The setClientCiphers() in CryptoUtil has been renamed to
setDefaultSSLCiphers() for clarity.
|
| |
|
|
|
| |
The hard-coded SSL version ranges in PKI CLI have been converted
into configurable parameters in the pki.conf.
|
| |
|
|
|
|
|
|
| |
The PKI CLI has been modified such that it initializes the
PKIClient (and retrieves the access banner) only if the CLI
needs to access the PKI server.
https://pagure.io/dogtagpki/issue/2612
|
| |
|
|
|
|
|
| |
To prevent conflicts, the code that configures the default SSL
version ranges and ciphers for all SSL sockets created afterwards
has been moved out of PKIConnection into the main program (i.e.
PKI CLI).
|
| |
|
|
|
|
| |
The PKI CLI has been modified to create a default NSS database
without a password if there is no existing database at the
expected location.
|
| |
|
|
|
| |
The duplicate code for configuring default SSL version ranges has
been merged into reusable methods in CryptoUtil.
|
| |
|
|
|
| |
The ClientCertValidateCLI has been modified to display the NSS
error code and error message for invalid certificates.
|
| |
|
|
|
|
| |
Move some of the crypto functions in EncryptionUnit to CryptoUtil.
Change-Id: Iee391392fb88a87f6af3b450b69508fd52729a62
|
| |
|
|
|
|
|
|
|
| |
The PKI CLI has been modified to retrieve access banner from
the server and ask for user confirmation at the beginning of the
program. An --ignore-banner option was added to allow bypassing
the banner for automation.
https://fedorahosted.org/pki/ticket/2582
|
| |
|
|
|
| |
The TPS CLIs have been modified to use Exceptions instead of
System.exit() such that errors can be handled consistently.
|
| |
|
|
|
|
| |
The system, logging, and selftest CLIs have been modified to use
Exceptions instead of System.exit() such that errors can be
handled consistently.
|
| |
|
|
|
|
| |
The feature and authority CLIs have been modified to use
Exceptions instead of System.exit() such that errors can be
handled consistently.
|
| |
|
|
|
|
| |
The client and PKCS12 CLIs have been modified to use Exceptions
instead of System.exit() such that errors can be handled
consistently.
|
| |
|
|
|
| |
A new parameter has been added to set the serial number field in
CertEnrollmentRequest and in profile input if available.
|
| |
|
|
|
| |
A new parameter has been added to set the renewal field in
CertEnrollmentRequest.
|
| |
|
|
|
| |
The names of restricted commands have been moved into a list for
clarity.
|
| |
|
|
|
| |
The key CLIs have been modified to use Exceptions instead of
System.exit() such that errors can be handled consistently.
|
| |
|
|
|
|
| |
The cert and profile CLIs have been modified to use Exceptions
instead of System.exit() such that errors can be handled
consistently.
|
| |
|
|
|
|
|
|
|
| |
Direct invocations of CryptoManager.getTokenByName() have been
replaced with CryptoUtil.getCryptoToken() and getKeyStorageToken()
to ensure that internal token names are handled consistently both
in normal mode and FIPS mode.
https://fedorahosted.org/pki/ticket/2556
|
| |
|
|
|
|
|
|
| |
The codes that detect internal token name have been modified to
use CryptoUtil.isInternalToken() such that the comparison can be
done consistently both in normal mode and FIPS mode.
https://fedorahosted.org/pki/ticket/2556
|
| |
|
|
|
|
|
| |
The internal token short name literals have been replaced with
CryptoUtil.INTERNAL_TOKEN_NAME.
https://fedorahosted.org/pki/ticket/2556
|
| |
|
|
|
|
|
| |
The internal token full name literals have been replaced with
CryptoUtil.INTERNAL_TOKEN_FULL_NAME.
https://fedorahosted.org/pki/ticket/2556
|
| |
|
|
|
|
|
| |
The HttpClient.PR_INTERNAL_TOKEN_NAME has been replaced with
CryptoUtil.INTERNAL_TOKEN_NAME since they are identical.
https://fedorahosted.org/pki/ticket/2556
|
| |
|
|
|
|
|
| |
The CMCRevoke.PR_INTERNAL_TOKEN_NAME has been replaced with
CryptoUtil.INTERNAL_TOKEN_NAME since they are identical.
https://fedorahosted.org/pki/ticket/2556
|
| |
|
|
|
|
|
| |
The CMCRequest.PR_INTERNAL_TOKEN_NAME has been replaced with
CryptoUtil.INTERNAL_TOKEN_NAME since they are identical.
https://fedorahosted.org/pki/ticket/2556
|
| |
|
|
|
|
|
| |
The KRATool.INTERNAL_TOKEN has been replaced with
CryptoUtil.INTERNAL_TOKEN_FULL_NAME since they are identical.
https://fedorahosted.org/pki/ticket/2556
|
| |
|
|
|
|
| |
The user and group CLIs have been modified to use Exception
instead of System.exit() such that errors can be handled
consistently.
|
| |
|
|
|
| |
The MainCLI has been modified to use Exceptions instead of
System.exit() such that errors can be handled consistently.
|
| |
|
|
|
|
|
|
| |
To help troubleshooting build issues the pki-tools build targets
have been modified such that they run sequentially. This way error
messages will be easier to find in the build log.
https://fedorahosted.org/pki/ticket/2463
|
| |
|
|
|
|
|
| |
Commit db58e6071f6bb57de006e6499c0a0c6a8c8e67bf has been reverted
due to build issue on RHEL/CentOS.
https://fedorahosted.org/pki/ticket/2531
|
| |
|
|
|
|
|
| |
Commit f9ddb2e875355e882b14529979f6c9ae03cf720e has been reverted
due to build issue on RHEL/CentOS.
https://fedorahosted.org/pki/ticket/2535
|
| |
|
|
|
|
|
|
| |
The list of source and class files in some CMake files have been
generalized to allow renaming Java packages without changing the
CMake files again.
https://fedorahosted.org/pki/ticket/6
|
| |
|
|
|
| |
If a retrieval is non-sychronous, we create a non-ephemeral recovery
request and return this Request ID to the client.
|
| |
|
|
|
|
| |
Continuation of the previous patch. These are client changes
to allow the client to pass through an approved recovery request
to retrieveKey()
|
