| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
The internal token full name literals have been replaced with
CryptoUtil.INTERNAL_TOKEN_FULL_NAME.
https://fedorahosted.org/pki/ticket/2556
|
| |
|
|
|
|
|
| |
The wrapper script for legacy CLIs has been updated to use
java.ext.dirs to specify the client library folder instead
of a class path variable containing individual JAR files.
The same mechanism is already in use in PKI CLI.
|
| |
|
|
|
|
|
| |
The HttpClient.PR_INTERNAL_TOKEN_NAME has been replaced with
CryptoUtil.INTERNAL_TOKEN_NAME since they are identical.
https://fedorahosted.org/pki/ticket/2556
|
| |
|
|
|
|
|
| |
The CMCRevoke.PR_INTERNAL_TOKEN_NAME has been replaced with
CryptoUtil.INTERNAL_TOKEN_NAME since they are identical.
https://fedorahosted.org/pki/ticket/2556
|
| |
|
|
|
|
|
| |
The CMCRequest.PR_INTERNAL_TOKEN_NAME has been replaced with
CryptoUtil.INTERNAL_TOKEN_NAME since they are identical.
https://fedorahosted.org/pki/ticket/2556
|
| |
|
|
|
|
|
| |
The KRATool.INTERNAL_TOKEN has been replaced with
CryptoUtil.INTERNAL_TOKEN_FULL_NAME since they are identical.
https://fedorahosted.org/pki/ticket/2556
|
| |
|
|
|
|
| |
The user and group CLIs have been modified to use Exception
instead of System.exit() such that errors can be handled
consistently.
|
| |
|
|
|
| |
The MainCLI has been modified to use Exceptions instead of
System.exit() such that errors can be handled consistently.
|
| |
|
|
|
|
|
|
| |
To help troubleshooting build issues the pki-tools build targets
have been modified such that they run sequentially. This way error
messages will be easier to find in the build log.
https://fedorahosted.org/pki/ticket/2463
|
| |
|
|
|
|
|
| |
Commit db58e6071f6bb57de006e6499c0a0c6a8c8e67bf has been reverted
due to build issue on RHEL/CentOS.
https://fedorahosted.org/pki/ticket/2531
|
| |
|
|
|
|
|
| |
Commit f9ddb2e875355e882b14529979f6c9ae03cf720e has been reverted
due to build issue on RHEL/CentOS.
https://fedorahosted.org/pki/ticket/2535
|
| |
|
|
|
|
|
|
| |
The pki-cert man page has been updated to clarify that certain
profiles may require authentication and the CLI supports certain
authentication types.
https://fedorahosted.org/pki/ticket/2289
|
| |
|
|
|
|
|
|
| |
The list of source and class files in some CMake files have been
generalized to allow renaming Java packages without changing the
CMake files again.
https://fedorahosted.org/pki/ticket/6
|
| |
|
|
|
| |
If a retrieval is non-sychronous, we create a non-ephemeral recovery
request and return this Request ID to the client.
|
| |
|
|
|
|
| |
Continuation of the previous patch. These are client changes
to allow the client to pass through an approved recovery request
to retrieveKey()
|
| |
|
|
|
|
|
| |
New man pages have been added: pki-pkcs12, pki-pkcs12-cert, and
pki-pkcs12-key.
https://fedorahosted.org/pki/ticket/1920
|
| |
|
|
|
|
| |
The deprecated ProxyParser has been replaced with DefaultParser.
https://fedorahosted.org/pki/ticket/2535
|
| |
|
|
|
|
|
| |
The deprecated DefaultHttpClient in SubsystemClient, CRMFPopClient,
and OCSPProcessor has been replaced with HttpClientBuilder.
https://fedorahosted.org/pki/ticket/2531
|
| |
|
|
|
|
|
| |
The CMake scripts have been modified to store compiled Java classes
in separate folders for each JAR files to avoid duplicates.
https://fedorahosted.org/pki/ticket/2505
|
| |
|
|
|
|
|
|
|
|
| |
The URLs were generated by a UriBuilder that referred to the resource's
annotated path. This top-level path changed though, even if the underlying
paths did not. Replace this with a reference to the getX methods instead.
Also fixed a few eclipse flagged warnings (unused imports etc).
Ticket 2447
|
| |
|
|
|
| |
* PKI TRAC Ticket #690 - [MAN] pki-tools man pages
- CMCEnroll
|
| |
|
|
| |
* PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements
|
| |
|
|
| |
Signed-off-by: Geetika Kapoor <gkapoor@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
* PKI TRAC Ticket #690 - [MAN] pki-tools man pages
- AtoB,
- BtoA,
- KRATool,
- PrettyPrintCert, and
- PrettyPrintCrl
|
| |
|
|
| |
Ticket 2412
|
| |
|
|
|
|
|
|
|
|
| |
The pki CLI has been modified to use java.ext.dirs property to
load the dependencies instead of listing them individually. The
dependencies are stored as links in /usr/share/pki/lib folder.
This allows the RPM spec to customize the links for different
platforms.
https://fedorahosted.org/pki/ticket/2403
|
| |
|
|
|
| |
* PKI TRAC Ticket #2399 - Dogtag 10.3.5: Miscellaneous Enhancements
Checked-in under one-liner/trivial rule.
|
| |
|
|
| |
This patch contains the man page for AuditVerify.
|
| |
|
|
|
|
|
|
| |
The pki client-cert-validate has been modified to add the missing
EmailRecipient and to list the supported cert usages.
https://fedorahosted.org/pki/ticket/2376
https://fedorahosted.org/pki/ticket/2399
|
| |
|
|
|
|
|
| |
The pki client-cert-request CLI has been modified to validate the
boolean sensitive parameter.
https://fedorahosted.org/pki/ticket/2383
|
| |
|
|
|
|
|
| |
The pki client-cert-request CLI has been modified to validate the
boolean extractable parameter.
https://fedorahosted.org/pki/ticket/2383
|
| |
|
|
|
|
|
| |
The CLI has been modified to display the actual error message
instead of generic ProcessingException.
https://fedorahosted.org/pki/ticket/2377
|
| |
|
|
|
|
|
|
|
| |
Ticket #1114
Minor adjustment to the man page for the key management commands to say
which usages are appropriate for sym keys and those appropriate for asym keys.
t
|
| |
|
|
|
|
|
| |
A recent change in the pki CLI caused excessive error message in
normal usage. The change has been reverted.
https://fedorahosted.org/pki/ticket/2390
|
| |
|
|
|
|
|
|
| |
Look for the right JAX-RS API JAR (it has moved in Fedora 25).
Also remove a lot of redundant 'find_file' operations for this JAR.
Fixes: https://fedorahosted.org/pki/ticket/2373
|
| |
|
|
| |
Partially Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1351295
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The pki pkcs12-import CLI has been modified not to import
certificates that already exist in the NSS database unless
specifically requested with the --overwrite parameter. This
will avoid changing the trust flags of the CA signing
certificate during KRA cloning.
The some other classes have been modified to provide better
debugging information.
https://fedorahosted.org/pki/ticket/2374
|
| |
|
|
|
|
|
|
|
|
| |
The code has been modified to use the JAVA_HOME path specified in
the pki.conf.
The spec file has been modified to depend specifically on OpenJDK
1.8.0 and to provide the default JAVA_HOME path for the pki.conf.
https://fedorahosted.org/pki/ticket/2363
|
| | |
|
| |
|
|
|
| |
A new CLI has been added to update the certificate trust flags in
PKCS #12 file which will be useful to import OpenSSL certificates.
|
| | |
|
| |
|
|
|
|
|
| |
The date on which the certificate is revoked and the agent that
revoked it is displayed now in cert-find and cert-show output.
Ticket 1055
|
| |
|
|
|
|
|
|
|
| |
The REST API expects the integer revocation code to be passed
in a certificate search. We have modified the client to allow
the user to provide either a revocation code or a revocation
reason as a search parameter.
Ticket 1053
|
| |
|
|
|
|
|
|
| |
Add issuer DN and serial number to the AuthorityData object, as
read-only attributes. Values are displayed in the CLI, when present
in the response data.
Fixes: https://fedorahosted.org/pki/ticket/1618
|
| |
|
|
|
|
|
|
|
| |
Add the 'pki ca-authority-key-export' CLI command for exporting a
PKIArchiveOptions object containing a nominated target key, wrapped
by a nominated wrapping key. This command is to be used by Custodia
to export key data for transmission to a requesting clone.
Part of: https://fedorahosted.org/pki/ticket/1625
|
| |
|
|
|
|
|
|
| |
The TokenStatus enumeration has been converted into a class to
allow overriding the TokenStatus.valueOf() to provide backward
compatibility.
https://fedorahosted.org/pki/ticket/2286
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We add two different calls:
1. pki client-cert-validate - which checks a certificate in the client
certdb and calls the System cert verification call performed by JSS
in the system self test. This does some basic extensions and trust
tests, and also validates cert validity and cert trust chain.
2. pki-server subsystem-cert-validate <subsystem>
This calls pki client-cert-validate using the nssdb for the subsystem
on all of the system certificates by default (or just one if the
nickname is defined).
This is a great thing to call when healthchecking an instance,
and also will be used by pkispawn to verify the signing cert in the
externally signed CA case.
Trac Ticket 2043
|
| |
|
|
|
|
| |
- PKI TRAC Ticket #2249 - fix bashisms
- changes 'source' to '.'
- changes 'bash' to 'sh'
|
| |
|
|
|
|
|
|
|
|
|
| |
1. Added query parameters for the realm. If a realm is
specified, then only the key requests and keys associated
with the realm are returned. If no realm is specified,
then only those requests and keys without a realm are returned.
2. Added parameters to keyClient and the CLI
Part of Trac Ticket #2041
|
| |
|
|
|
|
|
|
| |
This will allow users to specify the realm when generating
or archiving a request. No interface change is needed (yet)
because the extra parameter is passed through the request.
Part of Ticket #2041
|
