summaryrefslogtreecommitdiffstats
path: root/base
Commit message (Collapse)AuthorAgeFilesLines
...
* Added option to import client cert from CA.Endi S. Dewata2014-09-193-63/+122
| | | | | | | | | | | | A new option has been added to the client-cert-import command to import a certificate from CA by specifying the serial number. The client-cert-import has also been modified to get the nickname of the certificate to import from the CLI argument. For backward compatibility, if no argument is specified the CLI will try to get the nickname from the authentication option (-n). Ticket #1152
* Added option to import user cert from CA.Endi S. Dewata2014-09-191-13/+47
| | | | | | | | The user-cert-add CLI has been modified to provide an option to specify the serial number of the certificate to be imported from the CA. Ticket #1151
* Displaying request status in ca-cert-request-review.Endi S. Dewata2014-09-191-0/+4
| | | | | | | The ca-cert-request-review CLI has been modified to show the request status after completing the operation. Ticket #1149
* Added client-cert-request CLI.Endi S. Dewata2014-09-198-19/+230
| | | | | | | A new CLI has been added to simplify the process to request a user certificate for client certificate authentication. Ticket #1148
* ticket #1158 CMCRequest does not support internal tokenChristina Fu2014-09-161-1/+1
|
* Fix Debian specific paths to jackson jarsTimo Aaltonen2014-09-091-8/+8
|
* fix typo succesfully -> successfullyBenjamin Drung2014-09-093-3/+3
|
* Fix manpage errorsBenjamin Drung2014-09-099-25/+25
| | | | | This patch fixes manpage-has-errors-from-man and hyphen-used-as-minus-sign found by lintian tool on Debian.
* Ticket #882 - remove all certs belong to a token in tokendb before addChristina Fu2014-09-051-0/+9
|
* Fix public key print format in KeyCLI.Abhishek Koneru2014-09-041-5/+1
|
* Ticket #1146 Tomcat TPS: missing "keyType" for renewed certs in the cert recordsChristina Fu2014-09-041-5/+2
|
* Ticket #882 - delete certs associated to a token when token is removedChristina Fu2014-09-042-0/+30
|
* Check for null values in GetConfigEntriesAde Lee2014-09-041-4/+7
| | | | Ticket 1142
* Revert "Enabled certificate revocation checking by default."Endi S. Dewata2014-09-044-15/+1
| | | | | | | This reverts commit 223d15539b7bcc0df025025036af2935726e52e3. The patch does not work for subsystems installed on separate instance since it will require additional OCSP setup.
* Rename pki-tps-tomcat to pki-tpsMatthew Harmsen2014-09-03177-0/+0
| | | | * PKI TRAC Ticket #1017 - Rename pki-tps-tomcat to pki-tps
* TpsClient support for extensions.Jack Magne2014-09-031-5/+57
| | | | | | | | | | | TpsClient will now suport the ability to specify extensions in the script file. Ex: op=ra_format uid=jmagne pwd=netscape new_pin=netscape num_threads=1 extensions=tokenType=userKey Ticket # 1016.
* ticket #941 Rest interface triggered revoke/unrevoke and cert status update; ↵Christina Fu2014-09-036-39/+291
| | | | recovery
* Enabled certificate revocation checking by default.Endi S. Dewata2014-09-034-1/+15
| | | | | | | | The CS.cfg templates for all subsystems have been modified to enable certificate revocation checking during authentication. This will affect new installations only. Ticket #1117, #1134
* Integrate 'tpsclient' back into primary TPS packageMatthew Harmsen2014-09-022-5/+2
| | | | - PKI TRAC Ticket #1017 - Rename pki-tps-tomcat to pki-tps
* Remove Apache info from pkispawn and pkidestroyMatthew Harmsen2014-09-0216-276/+22
| | | | - PKI TRAC Ticket #1077 - Consider removing [Apache] section from 'default.cfg'
* ticket #882 unique certID for certificate recordsChristina Fu2014-09-023-16/+43
|
* Fix kra-connector-removeAde Lee2014-09-028-37/+94
| | | | | | | | | | | | | | | | | | | | The code to remove the connector from the pki CLI was found to be broken because of invalid message type (partly due to void returns). On uninstall, we need to remove the kra-connector from all relevant CA's in the security domain. The best way to do this is to keep kra-connector info in LDAP, so that only one call is needed. Until that change has been made, we are adding a hack to remove the connector from all CA's in the secutrity domain (if it exists). Due to issues with proxy configurations, we will continue to use sslget and a url-encoded-form version of the servlet. In addition, it was found that when removing a KRA from a shared subsystem, the updateDomainXML servlet was erroneously returning failure when it was unsuccessful in removing a non-existent user from a group. Ticket 1113
* Recovery and Renewal feature:Jack Magne2014-09-0210-252/+1166
| | | | | | | | | | | | | | | | | | 1. Basic token key recovery functionality is there. 2. Tested with mostly the "damaged" scenerio. The low level code that writes the recovered certs to the token works and has been tested with a real token. Some of the other more obscure cases need some more testing, for instance, the temporary on hold scenario. 3. Renewal has been tested with a real token to work. 4. Much of the complex code to write cert objects and key objects, as well as importing recovered keys, has been centralized to a method. This leaves the calling code simpler and easier to trouble shoot. 5. Added a method to check token operation transition states. 6. Fixed an issue with formatting a blank token I introduced. 7. Fixed a few issues with updating certificate records for a token that were discovered. 8. Added tps code to retrieve a certificate for the recovery case. 9. Minor Review fixes.
* ticket 941 Renewal/Reenroll/Recovery/Renew policy 3rd cut; Renewal code; ↵Christina Fu2014-08-298-60/+588
| | | | RetrieveCert code
* Makes output of secrets consistent for all clients.Abhishek Koneru2014-08-296-25/+36
| | | | | | All the secrets/keys retrieved using the client API's using Java/python clients will be of the type - byte array. This applies to output of the retrieveKey method and the public key attribute of the KeyInfo object.
* Fixes for tickets 1087, 1089, 1090, 1091.Abhishek Koneru2014-08-297-20/+26
| | | | | Addresses upstream issues in the pki key-* CLI commands. Updates the man page in all the required cases.
* Fixed NPE in client-cert-import.Endi S. Dewata2014-08-282-3/+8
| | | | | | | The client-cert-import command has been modified to propertly initialize the CLI environment to avoid a null pointer exception. Ticket #1126
* Fixed problems with CLI authentication parameters.Endi S. Dewata2014-08-282-83/+80
| | | | | | | | | | | | | | | | | | | | Previously specifying a security database password in the CLI would require a certificate nickname to be specified as well. While this is correct for client certificate authentication, it caused a problem for operations that do not authenticate against the server such as client-init. The CLI has been modified to require a security database password only if the nickname is specified for client certificate authentication. Similar changes have been made to require user password only if the username is specified for basic authentication. The CLI also has been modified to store all specified parameters in the config object regardless of parameter validation. The manual page has been modified accordingly. Ticket #1125
* Remove RA and pkicreate and pkisilentMatthew Harmsen2014-08-28252-55922/+0
| | | | | - PKI TRAC Ticket #1127 - Remove 'pki-ra', 'pki-setup', and 'pki-silent' packages . . .
* Disable PKI GUI ConfigurationMatthew Harmsen2014-08-2812-257/+4
| | | | - PKI TRAC Ticket #1120 - Remove Firefox PKI GUI Configuration Panel Interface
* Added missing upgrade folders.Endi S. Dewata2014-08-272-0/+8
| | | | | | The current upgrade framework requires that all supported versions to upgrade from to have corresponding upgrade folders even though they might be empty. New empty folders have been added for 10.1.1.
* Fixed problems in group operations.Endi S. Dewata2014-08-275-52/+92
| | | | | | | | | | | | | Previously modifying the description of an empty group failed because the server tried to delete a uniqueMember attribute that did not exist because the group was already empty. The servlets and group subsystem has been fixed to retrieve the existing group data first, perform the changes on it, then save it back to the database. Also adding a new group will no longer require a description because it's not required by the LDAP object class. Ticket #818
* Generate asymmetric keys in the DRM.Abhishek Koneru2014-08-2725-174/+1081
| | | | | | | | | | | | Adds methods to key client to generate asymmetric keys using algorithms RSA and DSA for a valid key sizes of 512, 1024, 2048,4096. The generated keys are archived in the database. Using the CLI, the public key(base64 encoded) can be retrieved by using the key-show command. The private key(base64 encoded) can be retrieved using the key-retrieve command. Ticket #1023
* Fixed problem emptying a field in TPS UI.Endi S. Dewata2014-08-266-17/+66
| | | | | | | | | | | | Previously emptying a field in TPS UI could not be saved because the change was not saved and sent to the server. The UI framework now has been fixed to save and send the empty field to the server such that the database can be updated properly. Additional parameters have been added to the tps-token-mod command to modify all editable fields. Ticket #1085
* Misc TPS packaging tasks:Jack Magne2014-08-22538-1/+95
| | | | | | | | | | | | | 1. Make sure the new TPS packages all the applet files, like the old TPS has done. 2. Create a small new package called "pki-tps-client", which will hold ONLY the command line utility "tpsclient" and all of its supporting libraries. 3. Move the directory pki/base/tps to pki/base/tps-client We will do this until we can rewrite "tpclien" on the new Java TPS system. Add package pki-tps-client.
* UI scrubMatthew Harmsen2014-08-225-12/+2
| | | | * PKI TRAC Ticket #567 - ui needs to be scrubbed for missing images
* ticket#882 tokendb policy handling, revocation and re-enrollChristina Fu2014-08-2011-218/+1071
|
* Fix enroll_cert in cert.py to account for rejected requestsAde Lee2014-08-181-21/+73
| | | | | As per review, modified to return CertEnrollmentResult objects. Ticket 1109
* Fixed missing TPS token attributes.Endi S. Dewata2014-08-158-32/+111
| | | | | | | | The missing token policy attribute has been added to token database. The REST services, CLI, and UI have been fixed accordingly. Other missing attributes in tokenRecord object class are unused. Ticket #1085
* Alternative CLI password methodsMatthew Harmsen2014-08-142-33/+313
| | | | - PKI TRAC Ticket #555 - Other ways to specify CLI password
* Adds a new CLI command pki ca-kraconnector-show.Abhishek Koneru2014-08-147-0/+138
| | | | | | | The new command allows users to view the information about kra connectors registered with the CA. Ticket #479
* Implement enrollment with server side keygen.Jack Magne2014-08-086-175/+545
| | | | | | | | | | | | This patch implements server side keygen when so configured in the CS.cfg. 1. In this case, the encryption cert's private key is generated on the KRA and archived by the KRA. 2. The private key is then injected onto the token. 3. This will allows us to later implement certificate recovery. 4. Fixed some minor issues discovered with the code that interfaces with the TKS and DRM. 5. Final certificate tested to work with Relyea's "SmartCard" utility to perform legal crypto operations. Minor change.
* Fix issues found by pycharmAde Lee2014-08-061-12/+15
| | | | Some formatting, uninitialized variables.
* Fix pkidestroy for proxy portsAde Lee2014-08-061-0/+8
| | | | | | | | Current pkidestroy fails to remove a system that has been configured to use proxy ports because the wrong ports are passed into the updateDomainXML servlet. This small patch fixes this problem. Ticket #1095
* ticket#882 tokendb management, policy, and activities, 1st cutChristina Fu2014-08-0413-82/+705
|
* Fix independent pkispawn installation and configurationMatthew Harmsen2014-08-044-21/+22
| | | | | * PKI TRAC Ticket #905 - 2 Step Configuration of CA instance using pkispawn fails
* Updated man page for pki key commandsAbhishek Koneru2014-07-283-9/+302
| | | | | | | | | | Updated man page for all the new CLI commands added for the Key and KeyRequest resources. Also added missing code to retrieve a secret wrapped in a user specified passphrase. Ticket #945
* Remove ACL mapping to user from error messagesMatthew Harmsen2014-07-283-3/+5
| | | | - PKI TRAC Ticket #965 - Improve error message - remove ACL mapping to the user
* Implement Symmetric Key Changeover FeatureJack Magne2014-07-254-24/+214
| | | | | | | | | 1. Created code to actually change the key over to a new key set. 2. Made calls to the code from the format and enrollment operations, the Pin Reset processor will do so when completed. 3. Tested with real card. Was able to change to key set #2 and then back to stock Ticket #878.
* authentication fix: fixed issue relating to authentication thatChristina Fu2014-07-244-24/+59
| | | | | | | switching between ESC and tpsclient needs to change CS.cfg param value and restart TPS. This fix makes the issue go away. The actual issue is the differences between "loginRequest" and "extendedLoginRequeest".
generated by cgit (git 2.34.1) at 2025-10-02 07:51:23 +0000