summaryrefslogtreecommitdiffstats
path: root/base
Commit message (Collapse)AuthorAgeFilesLines
...
* | CertProcessor: extract method setAuthTokenIntoRequestFraser Tweedale2017-03-161-34/+34
| | | | | | | | | | | | | | | | | | | | | | | | The "set auth token into request" logic is extensive and warrants extraction. It also has a separate concern mixed in with it: the self-assignment of the request if the authenticated user is a "Registration Manager Agent". Separate these concerns and extract the setAuthTokenIntoRequest method. Part of: https://pagure.io/dogtagpki/issue/1359
* | Define AgentCertAuthentication token keys in IAuthTokenFraser Tweedale2017-03-162-12/+8
| | | | | | | | | | | | | | | | | | Small refactor to define the auth token keys set by AgentCertAuthentication in IAuthToken, so that consumers do not need to import AgentCertAuthentication directly, or redefine the constants. Part of: https://pagure.io/dogtagpki/issue/1359
* | Merge branch 'master' of github.com:dogtagpki/pkiAde Lee2017-03-1557-1472/+4836
|\ \
| * | Added cascading configuration for PKI CLI.Endi S. Dewata2017-03-152-215/+254
| | | | | | | | | | | | | | | | | | | | | | | | | | | The PKI CLI has been modified to support cascading configuration files: default, system-wide, and user-specific configuration. The existing Python-based PKI CLI was moved into pki.cli.main module. A new shell script was added as a replacement which will read the configuration files and invoke the Python module.
| * | Troubleshooting improvement for ClientCertValidateCLI.Endi S. Dewata2017-03-151-3/+6
| | | | | | | | | | | | | | | The ClientCertValidateCLI has been modified to display the NSS error code and error message for invalid certificates.
| * | Added exception chaining for EInvalidCredentials.Endi S. Dewata2017-03-153-8/+12
| | | | | | | | | | | | | | | A new constructor has been added into EInvalidCredentials to support exception chaining.
| * | First cut of scp03 support. Supports the g&d smartcafe out of the box.Jack Magne2017-03-1419-163/+3347
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Developer keyset token operations and key change over supported. Caveats. -The diversification step going from master key to card key uses DES3 as required for the token. -After that point, everything is scp03 to the spec with minor excpetions so far. Supports 128 bit AES for now. Will resolve this. Minor config tweaks: TPS Symmetric Key Changeover Use this applet for scp03: RSA/KeyRecovery/GP211/SCP02/SCP03 applet : 1.5.558cdcff.ijc TKS: Symmetric Key Changeover tks.mk_mappings.#02#03=internal:new_master tks.defKeySet.mk_mappings.#02#03=internal:new_master Use the uncommented one because scp03 returns a different key set data string. ToDo: -Support the rest of the AES sizes other than 128. -Support optional RMAC apdu. -Test and adjust the config capability for other tokens. -Support AES master key. Right now the standard key ends up creating AES card and session keys.
| * | Continue to move more crypto into CryptoUtilAde Lee2017-03-149-123/+112
| | | | | | | | | | | | Change-Id: I6024ca5a32769b460d578dfad46598432381784c
| * | Refactor crypto codeAde Lee2017-03-1413-376/+244
| | | | | | | | | | | | | | | | | | Move some of the crypto functions in EncryptionUnit to CryptoUtil. Change-Id: Iee391392fb88a87f6af3b450b69508fd52729a62
| * | Fix wrapping params on the security data recovery serviceAde Lee2017-03-147-47/+117
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | On the security data recovery service, the client can now specify the encryption and wrapping algorithms to be used when wrapping the key, rather than assuming DES. The server will use the specified wrapping algorithm (and key). If the algorithms are not specified, then the old mechanism is assumed. Change-Id: I793c120e99d819403fdf7ca925e26f0f7d50fcc7
| * | Change transport unit to create wrapping parameters based on incoming dataAde Lee2017-03-144-30/+69
| | | | | | | | | | | | | | | | | | | | | | | | The PKIArchiveOptions object contains an OID for the encryption algorithm. Use this to create the correct WrappingParam for the tranport unit instead of defaulting to DES3. Change-Id: Id591fff8b7fc5e4506afbe619621904e4937c44f
| * | Fix incorrect function in generating symmetric keys.Ade Lee2017-03-141-1/+1
| | | | | | | | | | | | | | | | | | This allows generating and storing symmetirc keys using AES. Change-Id: I62c03aeffd127afac626759b0d826c284e01af12
| * | Change internal wrapping to AESAde Lee2017-03-1417-598/+716
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are several changes in this patch: 1. Simplify EncryptionUnit by moving the methods called by either the StorageUnit or the TransportUnit into those classes. This helps to determine which methods are called by which class (because in general they require different arguments). It may be possible to later simplify and reduce code repetition by pulling core functionality back into the EncryptionUnit. 2. Add methods to WrappingParameters and KeyRecord to store the Wrapping Parameter values as part of the KeyRecord when the key is stored. On retrieval, this data is read and used to extract the data. If the data is not present, then use the old DES3 parameters. 3. Change the internal (storageUnit) wrapping to use AES-CBC for encryption and AES-KeyWrap for storage by default. If a parameter kra.storageUnit.useOldWrapping=true, then the old wrapping will be used instead. Change-Id: I098b0b3bd3b0ad917483e4e07925adfedacc3562
| * | pki_default.cfg.5: fix ca_signing tag nameFraser Tweedale2017-03-141-1/+1
| | |
| * | pkispawn.8: fix setup-ds.pl command nameFraser Tweedale2017-03-141-1/+1
| | |
| * | Include revocation reason in REST cert dataFraser Tweedale2017-03-142-0/+28
| | | | | | | | | | | | Fixes: https://fedorahosted.org/pki/ticket/2601
| * | Refactor key recovery to centralize crypt functionsAde Lee2017-03-071-43/+49
| | | | | | | | | | | | | | | Refactor key recovery to put al crypto specific operations in a few fucntions, which are parameterized for algorithm types.
| * | Refactor exception handling in the EncryptionUnitAde Lee2017-03-0610-392/+380
| | | | | | | | | | | | | | | Exceptions should be bubbled up and not swallowed at the EncryptionUnit level. This will help in diagnosing issues.
| * | Cleanup exception handlingAde Lee2017-03-061-246/+13
| | | | | | | | | | | | | | | | | | The current exception handling really does nothing other than clutter up the file. Really, we should be passing up the exceptions, rather than catching them at this level. Subsequent patches will fix this.
| * | Parameterize crypto functions, part 3Ade Lee2017-03-066-34/+75
| | | | | | | | | | | | The crypto functions to unwrap the session key have been parameterized.
| * | Parametrize crypto methods part 2Ade Lee2017-03-061-30/+53
| | | | | | | | | | | | Most of the methods to unwrap the payload are parameterized.
| * | Parametrize the encryption functionsAde Lee2017-03-062-15/+125
| | | | | | | | | | | | | | | Theis patch parametrizes some of the encryption functions, for key wrapping and storage.
| * | Refactored EncryptionUnitAde Lee2017-03-066-211/+207
| | | | | | | | | | | | | | | | | | | | | EncryptionUnit is a bit of a mess right now. Refactored so that crypto specific code is in a few functions. These can now be parameterized to allow selection of parameters for wrapping method, algorithm etc.
| * | Remove unused methodAde Lee2017-03-062-18/+4
| | |
| * | Refactored PKIInstance.load().Endi S. Dewata2017-03-012-13/+34
| |/ | | | | | | | | | | The code that loads the password.conf in PKIInstance.load() has been converted into a general purpose load_properties() method. A corresponding store_properties() method has been added as well.
* | Refactor key recovery to centralize crypt functionsAde Lee2017-02-281-43/+49
| | | | | | | | | | Refactor key recovery to put al crypto specific operations in a few fucntions, which are parameterized for algorithm types.
* | Refactor exception handling in the EncryptionUnitAde Lee2017-02-2810-392/+380
| | | | | | | | | | Exceptions should be bubbled up and not swallowed at the EncryptionUnit level. This will help in diagnosing issues.
* | Cleanup exception handlingAde Lee2017-02-281-246/+13
| | | | | | | | | | | | The current exception handling really does nothing other than clutter up the file. Really, we should be passing up the exceptions, rather than catching them at this level. Subsequent patches will fix this.
* | Parameterize crypto functions, part 3Ade Lee2017-02-286-34/+75
| | | | | | | | The crypto functions to unwrap the session key have been parameterized.
* | Parametrize crypto methods part 2Ade Lee2017-02-281-30/+53
| | | | | | | | Most of the methods to unwrap the payload are parameterized.
* | Parametrize the encryption functionsAde Lee2017-02-282-15/+125
| | | | | | | | | | Theis patch parametrizes some of the encryption functions, for key wrapping and storage.
* | Refactored EncryptionUnitAde Lee2017-02-286-211/+207
| | | | | | | | | | | | | | EncryptionUnit is a bit of a mess right now. Refactored so that crypto specific code is in a few functions. These can now be parameterized to allow selection of parameters for wrapping method, algorithm etc.
* | Remove unused methodAde Lee2017-02-282-18/+4
|/
* Added access banner for PKI CLI.Endi S. Dewata2017-02-242-0/+83
| | | | | | | | | The PKI CLI has been modified to retrieve access banner from the server and ask for user confirmation at the beginning of the program. An --ignore-banner option was added to allow bypassing the banner for automation. https://fedorahosted.org/pki/ticket/2582
* Added access banner for PKI console.Endi S. Dewata2017-02-241-1/+34
| | | | | | | | The PKI console has been modified to retrieve access banner from the server and ask for user confirmation at the beginning of the program. https://fedorahosted.org/pki/ticket/2582
* Added access banner to TPS UI.Endi S. Dewata2017-02-245-3/+30
| | | | | | | All pages in TPS UI have been modified to retrieve access banner and display it once at the beginning of the SSL connection. https://fedorahosted.org/pki/ticket/2582
* Added access banner to TKS UI.Endi S. Dewata2017-02-2418-22/+130
| | | | | | | All pages in TKS UI have been modified to retrieve access banner and display it once at the beginning of the SSL connection. https://fedorahosted.org/pki/ticket/2582
* Added access banner to OCSP UI.Endi S. Dewata2017-02-2439-20/+254
| | | | | | | All pages in OCSP UI have been modified to retrieve access banner and display it once at the beginning of the SSL connection. https://fedorahosted.org/pki/ticket/2582
* Added access banner to KRA UI.Endi S. Dewata2017-02-2452-29/+346
| | | | | | | All pages in KRA UI have been modified to retrieve access banner and display it once at the beginning of the SSL connection. https://fedorahosted.org/pki/ticket/2582
* Added access banner for CA UI.Endi S. Dewata2017-02-24162-33/+1040
| | | | | | | All pages in CA UI have been modified to retrieve access banner and display it once at the beginning of the SSL connection. https://fedorahosted.org/pki/ticket/2582
* Added access banner for PKI UI.Endi S. Dewata2017-02-243-2/+105
| | | | | | | | | | | | | The PKI UI main page has been modified to retrieve access banner and display it in a dialog box. After displaying the banner it will notify the server such that the banner is not returned again in the same server session. To prevent displaying multiple dialog boxes in pages with frames the critical code is locked such that only one frame can actually display the banner. https://fedorahosted.org/pki/ticket/2582
* Added InfoService and LoginService.Endi S. Dewata2017-02-2411-3/+437
| | | | | | | | | | | New REST services classes have been added to PKIApplication. The InfoService provides general information about the server including version number and access banner. The LoginService provides a way to notify the server that the banner has been displayed on the client, which in that case the InfoService will no longer return the banner again in the same session. https://fedorahosted.org/pki/ticket/2582
* Added PKIApplication.Endi S. Dewata2017-02-233-0/+102
| | | | | | | A new PKIApplication class has been added into /pki web application to define common PKI REST services such as access banner. https://fedorahosted.org/pki/ticket/2582
* Fixed build problem on RHEL.Endi S. Dewata2017-02-235-45/+45
| | | | | | The CMake create_symlink commands do not work on RHEL if the source does not exist yet, so they have been replaced with regular ln commands.
* Refactor CertRetrievalRequest constructionFraser Tweedale2017-02-222-15/+3
| | | | | | | Remove an unused constructor from CertRetrievalRequest, and add a constructor that receives the CertId, simplifying usage. Part of: https://fedorahosted.org/pki/ticket/2601
* Remove unused importFraser Tweedale2017-02-221-1/+0
| | | | Part of: https://fedorahosted.org/pki/ticket/2601
* Secured PKI UI main page.Endi S. Dewata2017-02-211-0/+22
| | | | | | | A web.xml has been added to /pki web application to require SSL connection to access the PKI UI main page at /pki/ui. https://fedorahosted.org/pki/ticket/2582
* Reorganized PKI UI pages.Endi S. Dewata2017-02-213-163/+273
| | | | | | | | | | | | Previously the index.jsp of the ROOT web application was storing PKI UI main page which contains links to PKI subsystems installed on the instance. Now the file has been changed to redirect to /pki which provides a new PKI UI welcome page. The PKI UI main page itself has been moved to /pki/ui. https://fedorahosted.org/pki/ticket/2582
* Updated classpath in Console wrapper script.Endi S. Dewata2017-02-211-13/+15
| | | | | The classpath in Console wrapper script has been updated to include the complete PKI client library.
* Fixed error handling for Console authentication.Endi S. Dewata2017-02-212-42/+121
| | | | | The CMSAdmin class has been modified to show the error dialog if Console authentication fails.
generated by cgit (git 2.34.1) at 2025-09-28 00:17:14 +0000