summaryrefslogtreecommitdiffstats
path: root/base/util
Commit message (Collapse)AuthorAgeFilesLines
* Reverted to old interface and httpclient to get installation token.Ade Lee2012-10-121-0/+9
| | | | | This is a workaround until we can get the new interface working on IPA clones.
* Using RPM version number in CMake.Endi Sukma Dewata2012-10-012-2/+4
| | | | | | | | | | | | The RPM spec files have been modified to pass the full RPM version number to CMake. The version number contains the product version number, release number, milestone, and platform. The CMake scritps will parse and use this version number to generate Java manifest files. The product version number will be used as the specification version and full version number will be used as the implementation version. Ticket #339
* Added VERSION file.Endi Sukma Dewata2012-09-283-0/+22
| | | | | | | | | | | The CMake scripts have been modified to store the version number in /usr/share/pki/VERSION and in JAR manifest files. These files can be read by PKI applications to obtain the version number without having to query the RPM database. Fixed warnings in Java.cmake file. Ticket #339
* Renamed escapeDN() into escapeRDNValue().Endi Sukma Dewata2012-09-271-17/+17
| | | | | | | The escapeDN() has been renamed into escapeRDNValue() for better clarity. Ticket #193
* Added DN and filter escaping in UGSubsystem.Endi Sukma Dewata2012-09-191-0/+7
| | | | | | | The UGSubsystem has been modified to escape values used in DN or filter according to LDAP standard. Ticket #193
* Merged Javadoc packages.Endi Sukma Dewata2012-09-051-27/+0
| | | | | | | The Javadocs for pki-util, pki-java-tools and pki-common have been merged and packaged into pki-javadoc RPM. Ticket #295
* Ticket 219 - Conversion of integer variable to BigIntegerAbhishek Koneru2012-08-171-5/+5
|
* Updated test build scripts.Endi Sukma Dewata2012-08-151-33/+16
| | | | | | | | The build scripts for test, util test, and common test components have been updated to automatically find the source codes and not create unnecessary test jar files. Ticket #62
* Patch 25 - Misc FixesAbhishek Koneru2012-07-252-16/+4
|
* Updated util and common build scripts.Endi Sukma Dewata2012-07-231-318/+99
| | | | | | | | The build scripts for util and common packages have been modified to use the new Java CMake library to automatically find the source codes and build the binaries. Ticket #62
* Misc Fixes Remaining part of the code.Abhishek Koneru2012-07-1815-85/+50
|
* NO_HASHCODE_OVERRIDDENAbhishek Koneru2012-07-1212-25/+95
|
* Added cert revocation REST service.Endi Sukma Dewata2012-07-114-70/+123
| | | | | | | The cert revocation REST service is based on DoRevoke and DoUnrevoke servlets. It provides an interface to manage certificate revocation. Ticket #161
* SE_BAD_FIELD, MIGHT_IGNORE , STATIC_INNER_CLASSAbhishek Koneru2012-07-1012-32/+46
|
* Coverity CATCH_REXCEPTION and UNREAD_FIELD_CASESAbhishek Koneru2012-07-069-635/+596
|
* LeftOver Cases in Resource Leaks and NULL_RETURNSAbhishek Koneru2012-07-021-1/+10
|
* Fixes for Guarded_By_Violation issues shown in CoverityAbhishek Koneru2012-07-022-4/+8
|
* Fix for handling null object value passed to DBAttrMapper as part of ↵Abhishek Koneru2012-06-291-0/+2
| | | | Coverity fix for Forward NULL cases in DogTag 10.
* Fixes for Forward Null Cases in Coverity for DogTag10Abhishek Koneru2012-06-292-20/+23
| | | | Addressed review coments.
* Fixes for Coverity issues of type Resource Leaks - RemainingAbhishek Koneru2012-06-2512-95/+216
|
* Fixed equals() and hashCode() in X500Name and RDN.Endi Sukma Dewata2012-06-212-30/+34
| | | | | | | The X500Name and RDN have been modified to fix the incorrect method signature for equals() and the missing hashCode(). Ticket #206
* Fixes for Coverity issues of type Stringbuffer, NO_EQUALS_METHOD , ↵Abhishek Koneru2012-06-158-0/+230
| | | | REVERSE_INULL,Wrong_Map_Iterators
* Fixes for NULL_RETURNS Coverity Issues - Part 2Abhishek Koneru2012-06-147-14/+25
|
* Fixes for Null_Returns Cases - 1 For CommitAbhishek Koneru2012-06-053-4/+12
|
* Patch with fixes for review comments 0529Abhishek Koneru2012-06-012-2/+2
|
* Fixes for Coverity Issues CALL_SUPER,UNCONFIRMEDCAST,DEAD_STORE,TOSTRING_ARRAYAbhishek Koneru2012-06-018-3/+9
|
* Patch for fixes for Review CommentsAbhishek Koneru2012-05-2412-49/+29
|
* Fixes for Coverity Defects of Category : ↵Abhishek Koneru2012-05-247-27/+35
| | | | FB.SBSC_USE_STRINGBUFFER_CONCATENATION --Remaining
* Fixes for Coverity Defects of Category : FB.SBSC_USE_STRINGBUFFER_CONCATENATIONAbhishek Koneru2012-05-248-64/+68
|
* Fixes for Coverity Defects of Category : FB.DM_NUMBER_CTOR, ↵Abhishek Koneru2012-05-244-13/+12
| | | | FB.DM_STRING_CTOR, FB.DM_STRING_VOID_CTOR
* Fixes for Coverity Defects of Category : FB.DM_BOOLEAN_CTORAbhishek Koneru2012-05-248-24/+24
|
* Fixes for Coverity Defects of Category : FB.BC_VACUOUS_INSTANCEOFAbhishek Koneru2012-05-241-4/+4
|
* Provide CA EE Restful interface and test client.Jack Magne2012-05-071-2/+42
| | | | | | | | | | | | | | | | | | Tickets #144 and #145 Providing the following: 1. Simple EE restful interface for certificates, printing, listing and searching. 2. Simple EE restful interface for certificate enrollment requests. 3. Simple EE restful interface for profiles and profile properties. 4. Simple Test client to exercise the functionality. 5. Created restful client base class inherited by CARestClient and DRMRestClient. 6. Provide simple restful implementations of new interfaces added. ToDO: Need some more refactoring to base classes for some of the new classes which are similar to classes in the DRM restful area. ToDO: Actual certificate enrollment code that will be refactored from existing ProfileSubmitServlet. Provide CA EE Restful interface and test client review fixes.
* Removed unused private fields.Endi Sukma Dewata2012-04-1245-95/+5
| | | | | | | Most of unused private fields have been removed because they generate warnings in Eclipse. Some are kept because it might be useful later. Ticket #139
* Removed unnecessary type casts.Endi Sukma Dewata2012-04-0961-179/+165
| | | | | | Unnecessary type casts have been removed using Eclipse Quick Fix. Ticket #134
* Removed whitespaces from Java code.Endi Sukma Dewata2012-04-09187-1492/+1492
| | | | | | | | Whitespaces in Java code have been removed with the following command: find . -not -path .git -name *.java -exec sed -i 's/[[:blank:]]\+$//' {} \; Ticket #134
* Removed deprecated Signer.Endi Sukma Dewata2012-04-091-10/+6
| | | | | | | The X500Signer has been modified to become an independent class. It's no longer a subclass of the deprecated Signer class. Ticket #3
* Fix for Bug 745278 - [RFE] ECC encryption keys cannot be archived.Christina Fu2012-04-051-9/+83
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For the ECC plan and the different phases, please refer to http://pki.fedoraproject.org/wiki/ECC_in_Dogtag Design for each phase is on the same wiki page. Note: the designs beyond phase 2 were more like a brain dump. Although I said "Do Not Review," you are free to take a peak at what's intended down the road. I will go back and take a closer look and refine/adjust the designs when I begin implementation for each new phase. What you need to know: * Problem 1 - nethsm issue: On the server side, if you turn on FIPS mode, in addition to nethsm, you need to attach certicom as well to have ECC SSL working on the server side. This problem has already been reported to Thales last year and they said they'd look into putting the item on their next release. Recently through a different contact, we learned there might be a way to "turn it on" (still waiting for their further instruction) * Problem 2- Certicom issue: This is a show-stopper for deployment. Initially, on the client side, I used Kai's special version of Xulrunner/Firefox, attached to Certicom token, so that the CRMF requests can be generated with key archival option. However, I encountered (or, re-encountered) an issue with certicom token. Certicom generates ECC keys with the wrong format (not PKCS7 conforming), which makes ECC key archival impossible on the server side if you use non-certicom token with DRM (but we expect an HSM in most product deployment). I have contacted Certicom for this issue, and they confirmed that they indeed have such issue. We are hoping they will fix it. But then you might ask, "I thought I saw some ECC enrollment profiles/javascripts being checked in? How were the tests done?" The tests for those profiles were done against this ECC key archival/recovery DRM prototype I implemented last year (needs to be turned on manually in 8.1), where I "cheated" (yeah, that's why it's called a prototype) by decrypting the private key in the CRMF on DRM, and then manipulating the byte array to strip off the offending bytes before archival. In the real, non-prototype implementation, which is what's in this patch, for security reasons, private keys are unwrapped directly onto the token during key archival, so there is no way to manipulate the keys in memory and bypass the Certicom issue. A word about Kai's special version of Xulrunner/Firefox. It is not yet publicly available (due out in Firefox 10.0.4 on RHEL 5.8). * Problem 3- Firefox with nethsm issue: Another option was to connect Kai's special version firefox with an HSM to test my DRM/JSS code. However, for whatever reason, I could not get SSL going between such Firefox and ECC CA ( I did not try very hard though, as I have one other option -- writing my own ECC CRMF generation tool. I might come back to try the nethsm Firefox idea later) My solution (how I work on this official implementation): * I hacked up a ECC CRMF tool by taking the CRMFPopClient (existing in current releases), gutting out the RSA part of the code, and replacing it with ECC code. I call it CRMFPopClientEC. Two types of ECC key pairs could be generated: ECDSA or ECDH (That's another benefit of writing my own tool -- I don't know if you can select which type to generate in the Javascript... maybe you can, I just don't know). I'm in no way condoning archival of signing keys!! This is just a test tool. This tool takes a curve name as option (along with others), generates an ECC key pair, crafts up an CRMF request with key archival option, and sends request directly to the specified CA. You will see a "Deferred" message in the HTML response (see attachment for example) Once CA agent approves the request, the archival request goes to DRM and the user private key is archived. For recovery, DRM agent selects key recovery, etc, and you get your pkcs12. I did some sanity test with the pkcs12 recovered: * Import the recovered pkcs12 into a certicom library: pk12util -d . -h "Certicom FIPS Cert/Key Services" -i userEC.p12 I also tested by retrieving a p12, importing it into a browser, and adding the user as an agent and the user could act as agent via ssl client auth to the CA. Finally, much of the RSA-centric code had been cleared out of the way at the time when I worked on the DRM ECC prototype, so you don't see much of that in this round. How do you test? Well, unless you want to use my CRMFPopClientEC tool hooked up with a nethsm (like I did), or write your own tool, you can't really test it until Certicom fixes their issue. (BTW CRMFPopClientEC can also be changed to work with ceriticom, although you would run into the same issue I mentioned above)
* Replaced deprecated ApacheHttpClientExecutor.Endi Sukma Dewata2012-03-301-12/+4
| | | | | | | The deprecated ApacheHttpClientExecutor class has been replaced with ApacheHttpClient4Executor. Ticket #3
* Replaced deprecated AlgorithmId.getAlgorithmId().Endi Sukma Dewata2012-03-283-39/+25
| | | | | | | The deprecated getAlgorithmId() method in AlgorithmId has been replaced with get(). Ticket #3
* Replaced deprecated XMLSerializer.Endi Sukma Dewata2012-03-271-8/+6
| | | | | | | | The deprecated XMLSerializer has been replaced with LSSerializer. The new API does not provide a way to control the indentation or line width. Ticket #3
* Added option to build without Javadoc.Endi Sukma Dewata2012-03-261-21/+22
| | | | | | | | | | The build scripts have been modified to provide an option to build without Javadoc to speed up development builds. The option can be used as follows: compose_pki_core_packages --without-javadoc hybrid_rpms Ticket #111
* Removed unnecessary pki folder.Endi Sukma Dewata2012-03-26300-0/+57072
Previously the source code was located inside a pki folder. This folder was created during svn migration and is no longer needed. This folder has now been removed and the contents have been moved up one level. Ticket #131