summaryrefslogtreecommitdiffstats
path: root/base/java-tools/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Added CLIs to inspect PKCS #12 file.Endi S. Dewata2016-02-126-0/+415
| | | | | | | The pki pkcs12-cert-find and pki pkcs12-key-find commands have been added to list the certificates and keys in a PKCS #12 file. https://fedorahosted.org/pki/ticket/1742
* Refactored PKCS12Export.Endi S. Dewata2016-02-121-194/+21
| | | | | | | | | | | | | The code to export NSS database into PKCS #12 file in PKCS12Export tool has been refactored into PKCS12Util class to simplify further enhancements. The PKCS12Export tool has also been modified to use Java Logging API. A default logging configuration file has been added. The command-line wrapper has been modified to get the path to the logging configuration file from pki.conf. https://fedorahosted.org/pki/ticket/1742
* PKI TRAC Ticket #1850 - Rename DRMTool --> KRAToolMatthew Harmsen2016-02-114-880/+880
|
* Fixed token modify operation.Endi S. Dewata2016-02-081-30/+0
| | | | | | | The TPS UI and CLI have been modified to accept only user ID and policy attributes when modifying a token. https://fedorahosted.org/pki/ticket/1687
* Added resource bundle for token state labels.Endi S. Dewata2016-02-051-2/+18
| | | | | | | | | | | | | | | The labels for token states and the transitions are now stored in token-states.properties. The default file will be stored in the /usr/share/pki/tps/conf, but it can be overriden by copying and customizing the file into <instance>/tps/conf. When the UI retrieves the token data the labels for the current state and the valid transitions will be loaded from the file and returned to the UI. The UI will show the transition labels in the dropdown list for changing token status. https://fedorahosted.org/pki/ticket/1289 https://fedorahosted.org/pki/ticket/1291
* Fixed token add operation.Endi S. Dewata2016-02-051-3/+11
| | | | | | | | The TPS UI and CLI have been modified to accept only token ID, and optionally user ID and policy attributes when adding a token. https://fedorahosted.org/pki/ticket/1477 https://fedorahosted.org/pki/ticket/1687
* Fixed TPS token state transitions.Endi S. Dewata2016-02-032-8/+54
| | | | | | | | | | | | | | | | | | | | The TPS service has been modified to provide a list of allowed state transitions based on the current token state. The TPS UI was modified to display only the allowed state transitions when changing the token status. The allowed state transition list has been modified to remove invalid token transitions including: * UNINITIALIZED -> FOUND * UNINITIALIZED -> TEMP_LOST_PERM_LOST The token FOUND state has been renamed to ACTIVE for clarity. The token TEMP_LOST_PERM_LOST state has been merged into PERM_LOST since they are identical in the database. https://fedorahosted.org/pki/ticket/1289 https://fedorahosted.org/pki/ticket/1291 https://fedorahosted.org/pki/ticket/1684
* Updated CLI to run individual selftests.Endi S. Dewata2016-01-181-6/+42
| | | | | | | | | The pki selftest-run command has been modified to execute the specified selftests, or all selftests if nothing is specified. The command will also display the status of each test and the stack trace if it fails. https://fedorahosted.org/pki/ticket/1502
* Added CLI options to simplify submitting CSR.Endi S. Dewata2015-11-161-10/+136
| | | | | | | | | | The pki ca-cert-request-submit command has been modified to provide options to specify the profile name and the CSR which will be used to create and populate the request object. This way it's no longer necessary to download the request template and insert the CSR manually. https://fedorahosted.org/pki/ticket/456
* Lightweight CAs: implement deletion API and CLIFraser Tweedale2015-10-062-0/+73
| | | | | | | Implement lightweight authority deletion including CLI command. To be deleted an authority must be disabled and have no sub-CAs. Fixes: https://fedorahosted.org/pki/ticket/1324
* Added Java client and CLI support for Feature resource.Ade Lee2015-10-024-0/+223
|
* Added default subject DN for pki client-cert-request.Endi S. Dewata2015-10-011-8/+16
| | | | | | | | The pki client-cert-request CLI has been modified to generate a default subject DN if it's not specified. The man page has been updated accordingly. https://fedorahosted.org/pki/ticket/1463
* Added support for directory-authenticated profiles in CLI.Endi S. Dewata2015-09-302-30/+89
| | | | | | | | The pki cert-request-submit and client-cert-request CLIs have been modified to provide options to specify the username and password for directory-authenticated certificate enrollments. https://fedorahosted.org/pki/ticket/1463
* Lightweight CAs: REST cert request param to specify authorityFraser Tweedale2015-09-262-2/+44
| | | | | | | | Add the optional "ca" query parameter for REST cert request submission. Also update the ca-cert-request-submit CLI command with an option to provide an AuthorityID. Part of: https://fedorahosted.org/pki/ticket/1213
* Lightweight CAs: add ca-authority CLIFraser Tweedale2015-09-267-0/+395
| | | | | | Add CLI commands for creating, listing and showing lightweight CAs. Part of: https://fedorahosted.org/pki/ticket/1213
* Added support for secure database connection in CLI.Endi S. Dewata2015-09-221-64/+104
| | | | | | | | | | The pki-server subsystem-cert-update has been modified to support secure database connection with client certificate authentication. The pki client-cert-show has been modified to provide an option to export client certificate's private key. https://fedorahosted.org/pki/ticket/1551
* Fixed ObjectNotFoundException in PKCS12Export.Endi S. Dewata2015-07-201-6/+6
| | | | | | | The PKCS12Export has been fixed to handle ObjectNotFoundException when exporting certificates without private keys. https://fedorahosted.org/pki/ticket/1506
* Added pki-tps-profile man page.Endi S. Dewata2015-07-182-1/+6
| | | | | | | | | A new man page has been added for the pki tps-profile CLI. The CLI has been modified to refer to the new man page. Some other man pages have been cleaned up as well. https://fedorahosted.org/pki/ticket/1271
* Removed audit CLI from non-TPS subsystems.Endi S. Dewata2015-07-175-15/+13
| | | | | | | | | | Due to database upgrade issue the pki <subsystem>-audit CLI has been removed from all subsystems except TPS. The AuditModifyCLI has been modified to clarify that the --action and the --input parameters are mutually exclusive. https://fedorahosted.org/pki/ticket/1437
* Fixed PKCS12Export output.Endi S. Dewata2015-07-151-206/+262
| | | | | | | | | | | | The PKCS12Export has been modified such that if an error occurs in normal mode it will display the error message and in debug mode it will display the full stack trace. The code has also been refactored such that it can be reused as a library in addition to command-line tool. The code will now throw exceptions instead of exiting to the system. https://fedorahosted.org/pki/ticket/1224
* Ticket 1459 Dogtag clients cannot connect when CS is configured with ECCChristina Fu2015-07-131-0/+5
| | | | clients are: cli, HttpClient, and java console
* Fixed NPE during key-retrieve.Endi S. Dewata2015-07-131-73/+53
| | | | | | | | | | | | Keys archived through the KRA connector in CA have null data type attribute which causes a NPE during retrieval using the key-retrieve CLI. The SecurityDataRecoveryService has been modified to consider null data type attribute as asymmetric key type. The KeyRetrieveCLI and KeyService have been modified to generate better debugging messages to help troubleshooting. https://fedorahosted.org/pki/ticket/1481
* Fixed user-cert-add --serial with remote CA.Endi S. Dewata2015-07-093-15/+48
| | | | | | | | | | | | | | | | | The user-cert-add command has been modified to ask the user for the CA server URI if the CA is not available locally. A new SubsystemClient.exists() method has been added to check whether a subsystem is deployed on the target instance. The SubsystemCLI has been modified to call logout() only if the operation is executed successfully. The certificate approval callback class has been refactored out of PKIConnection into a separate class to clean up circular dependency with PKIClient. https://fedorahosted.org/pki/ticket/1448
* Fixed default cert-find filter.Endi S. Dewata2015-07-061-1/+0
| | | | | | | | To improve the performance the default LDAP filter generated by cert-find has been changed to (certStatus=*) to match an existing VLV index. https://fedorahosted.org/pki/ticket/1449
* Fixed NPE in key-archive CLI.Endi S. Dewata2015-07-022-15/+16
| | | | | | | | The pki CLI has been modified such that if the security database location (-d) is not specified, the config.certDatabase will be initialized with the default value (i.e. ~/.dogtag/nssdb). The config.certDatabase is needed by the CLI to prepare the client library for key archival operations.
* Fixed pki help CLI.Endi S. Dewata2015-07-0213-6/+148
| | | | | | A new findModules() method has been added to the CLI class to find the list of modules handling a command. The list will be used by the pki help CLI to find the proper man page for the specified command.
* CRMFPopClient improvements.Endi S. Dewata2015-06-161-12/+33
| | | | | | The CRMFPopClient has been modified to use the HttpClient library to connect to the server, to show the HTTP status code if an error occurs, and to show the NSS database directory in verbose mode.
* Fixed key archival problem in CLI with separate KRA instance.Endi S. Dewata2015-05-221-6/+12
| | | | | | | | | | The CLI has been modified such that when enrolling a certificate with key archival it will obtain the transport certificate from the CA instead of KRA because the KRA may not reside on the same instance. The CA REST service has been modified such that it will obtain the transport certificate from the KRA connector. https://fedorahosted.org/pki/ticket/1384
* Added key-show option.Endi S. Dewata2015-05-142-13/+30
| | | | | The key-show CLI has been modified to provide an option to find the active key info using the client key ID.
* Patches to get nuxwdog working with systemdAde Lee2015-05-101-1/+0
| | | | | | | | | | | | | | | | | | | | | | This patch adds some new unit files and targets for starting instances with nuxwdog, as well as logic within the pki-server nuxwdog module to switch to/from the old and new systemd unit files. It also corrects some issues found in additional testing of the nuxwdog change scripts. To use nuxwdog to start the instance, a user needs to do the following: 1. Create an instance normally. 2. Run: pki-server instance-nuxwdog-enable <instance_name> 3. Start the instance using: systemctl start pki-tomcatd-nuxwdog@<instance_name>.service To revert the instance, simply do the following: 1. Run: pki-server instance-nuxwdog-disable <instance_name> 2. Start the instance using: systemctl start pki-tomcatd@<instance_name>.service
* Fix #1351 pki securitydomain-get-install-token fails when run with caadmin user.Jack Magne2015-05-072-99/+0
| | | | | | | | | | The short term solution to this problem was to remove the man page information and all references to the command line module reponsible for this issue. The installer already has an alternative method to remove a subsystem from the security domain list. We now assume the alternate method and don't even try to find the token at this point. A user at the command line of the pki command will no longer be able to attempt this as well. Tested this to verify that the man page for the "securtydomain" command no longer mentions or documents the "get-install-token" variant. Tested to verify that this command can't be manually called from the command line using "pki". This attempt results in an "unknown module". Tested by installing and uninstalling a subsytem. The security domain was kept up to date as expected for each install over remove attempted.
* Add nuxwdog functionality to DogtagAde Lee2015-04-221-3/+0
| | | | | | | | | | | | This is the first of several commits. This adds a LifecycleListener to call init() on the nuxwdog client before any connectors or webapps start up, and call sendEndInit() once initialization completes. Code is also added to prompt for and test required passwords on startup. All that is required to use nuxwdog is to start the server using nuxwdog. An environment variable will be set that will trigger creation of the NuxwdogPasswordStore. We expect tags for the required passwords to be in cms.passwordList
* Added interface to show TPS token certificates.Endi S. Dewata2015-04-081-2/+8
| | | | | | | The TPS REST service, CLI, and UI have been modified to provide an interface to search for certificates belonging to a token. https://fedorahosted.org/pki/ticket/1164
* Update pki-profile CLI commands to work with "raw" formatFraser Tweedale2015-04-075-24/+188
| | | | | | | | Update CLI commands for working with the (now LDAP-based) profiles in the same format as was used by the files, by way of the --raw option. Also add the "edit" command to interactively edit a profile.
* Updated CRMFPopClient parameter handling.Endi S. Dewata2015-02-273-217/+353
| | | | | | | | | | | | The CRMFPopClient has been modified to use Apache Commons CLI library to handle the parameters. The help message has been rewritten to make it more readable. The submitRequest() will now display the error reason. The options in ClientCertRequestCLI have been simplified. A new option was added to generate CRMF request without POP. https://fedorahosted.org/pki/ticket/1074
* Refactored OCSPClient.Endi S. Dewata2015-02-161-238/+176
| | | | | | | The OCSPClient CLI has been refactored into an OCSPProcessor utility class such that the functionality can be reused. https://fedorahosted.org/pki/ticket/1202
* Refactored CRMFPopClient.Endi S. Dewata2015-01-283-508/+730
| | | | | | | | | | | | | | | | | | The CRMFPopClient has been refactored such that it is easier to understand and reuse. The code has been fixed such that it can read a normal PEM transport certificate. It also has been fixed to parse the request submission result properly. The client-cert-request CLI command was modified to support CRMF requests. The MainCLI and ClientConfig were modified to accept a security token name. The pki_java_command_wrapper.in was modified to include the Apache Commons IO library. https://fedorahosted.org/pki/ticket/1074
* Removed profile input/output IDs from CLI output.Endi S. Dewata2014-11-251-4/+0
| | | | | | | | | | | | The current profile inputs/outputs do not have meaningful IDs (e.g. i1, i2, o1) and are not used by the client so they should not be displayed in the CLI output. In the future the IDs should be renamed into something meaningful (e.g. keygen, sn, cert) and the inputs/outputs should be retrieved by ID. New methods have been added to retrieve by ID. https://fedorahosted.org/pki/ticket/1147
* bugzilla 871171 (client-side code) Provide Tomcat support for TLS v1.1 and ↵Christina Fu2014-11-211-40/+19
| | | | TLS v1.2
* Added CLI to import/export certificates with private keys.Endi S. Dewata2014-10-095-28/+532
| | | | | | | New CLI commands have been added to import/export certificates and private keys into/from the client security database. The CLI can also be used to generate the file needed by Python client library for client certificate authentication.
* Added option to import client cert from CA.Endi S. Dewata2014-09-191-56/+90
| | | | | | | | | | | | A new option has been added to the client-cert-import command to import a certificate from CA by specifying the serial number. The client-cert-import has also been modified to get the nickname of the certificate to import from the CLI argument. For backward compatibility, if no argument is specified the CLI will try to get the nickname from the authentication option (-n). Ticket #1152
* Added option to import user cert from CA.Endi S. Dewata2014-09-191-13/+47
| | | | | | | | The user-cert-add CLI has been modified to provide an option to specify the serial number of the certificate to be imported from the CA. Ticket #1151
* Displaying request status in ca-cert-request-review.Endi S. Dewata2014-09-191-0/+4
| | | | | | | The ca-cert-request-review CLI has been modified to show the request status after completing the operation. Ticket #1149
* Added client-cert-request CLI.Endi S. Dewata2014-09-196-19/+219
| | | | | | | A new CLI has been added to simplify the process to request a user certificate for client certificate authentication. Ticket #1148
* ticket #1158 CMCRequest does not support internal tokenChristina Fu2014-09-161-1/+1
|
* Fix public key print format in KeyCLI.Abhishek Koneru2014-09-041-5/+1
|
* Makes output of secrets consistent for all clients.Abhishek Koneru2014-08-291-1/+2
| | | | | | All the secrets/keys retrieved using the client API's using Java/python clients will be of the type - byte array. This applies to output of the retrieveKey method and the public key attribute of the KeyInfo object.
* Fixes for tickets 1087, 1089, 1090, 1091.Abhishek Koneru2014-08-295-13/+19
| | | | | Addresses upstream issues in the pki key-* CLI commands. Updates the man page in all the required cases.
* Fixed NPE in client-cert-import.Endi S. Dewata2014-08-282-3/+8
| | | | | | | The client-cert-import command has been modified to propertly initialize the CLI environment to avoid a null pointer exception. Ticket #1126
* Fixed problems with CLI authentication parameters.Endi S. Dewata2014-08-281-77/+74
| | | | | | | | | | | | | | | | | | | | Previously specifying a security database password in the CLI would require a certificate nickname to be specified as well. While this is correct for client certificate authentication, it caused a problem for operations that do not authenticate against the server such as client-init. The CLI has been modified to require a security database password only if the nickname is specified for client certificate authentication. Similar changes have been made to require user password only if the username is specified for basic authentication. The CLI also has been modified to store all specified parameters in the config object regardless of parameter validation. The manual page has been modified accordingly. Ticket #1125
generated by cgit (git 2.34.1) at 2025-09-27 15:25:01 +0000