summaryrefslogtreecommitdiffstats
path: root/base
Commit message (Collapse)AuthorAgeFilesLines
...
* Add CAInfo resourceAde Lee2017-04-115-0/+273
| | | | | | | | | | This resource (which will be accessed at /ca/rest/info) will initially return the mechanism for archival. This is needed by clients to know how to package secrets when archiving. We may add the transport cert later. Change-Id: Ib13d52344e38dc9b54c0d2a1645f1211dd84069b
* Add KRAInfo resourceAde Lee2017-04-116-0/+298
| | | | | | | | | | This resource (which will be accessed at /kra/rest/info) will initially return the mechanism for archival or retrieval. This is needed by clients to know how to package secrets when archiving. Change-Id: I6990ebb9c9dafc4158e51ba61a30e773d1d953ec
* Added pki-server <subsystem>-audit-file-verify CLI.Endi S. Dewata2017-04-112-0/+96
| | | | | | | A new pki-server <subsystem>-audit-file-verify CLI has been added to verify audit log files on the server. Change-Id: I88e827d45cfb83cf34052146e2ec678f4cd2345f
* Added pki-server <subsystem>-audit-file-find CLI.Endi S. Dewata2017-04-117-0/+133
| | | | | | | A new pki-server <subsystem>-audit-file-find CLI has been added to list audit log files on the server. Change-Id: I88e827d45cfb83cf34052146e2ec678f4cd2345f
* Added FIPS-compliant password generator.Endi S. Dewata2017-04-112-10/+65
| | | | | | | | | | A new function has been added to generate a random password that meets FIPS requirements for a strong password. This function is used to generate NSS database password during installation. https://pagure.io/dogtagpki/issue/2556 Change-Id: I64dd36125ec968f6253f90835e6065325d720032
* Deprecated -t option for pki CLI.Endi S. Dewata2017-04-101-4/+6
| | | | | | | The MainCLI has been modified to generate a deprecation warning for the -t option. Change-Id: I28ac45954a900f6944528ef52913982d72896c92
* Fixed pki user and group commands.Endi S. Dewata2017-04-102-2/+4
| | | | | | | | | The UserCLI and GroupCLI have been fixed to use the subsystem name in the client configuration object if available. https://pagure.io/dogtagpki/issue/2626 Change-Id: Ibf099cefe880a238468fad7fb2aabc9cc2d55c1f
* Added SSLSocketListener for PKIConnection.Endi S. Dewata2017-04-071-0/+40
| | | | | | | | | | To help troubleshooting the PKIConnection has been modified to register an SSL socket listener which will display SSL alerts that it has received or sent. https://pagure.io/dogtagpki/issue/2625 Change-Id: I8f2e4f55a3d6bc8a7360f666c9b18e4c0d6c6d83
* Fixed pki_console_wrapper.Endi S. Dewata2017-04-071-3/+13
| | | | | | | The pki_console_wrapper script has been fixed to load cascading pki.conf properly and to set the logging configuration property. Change-Id: Ie7b83f3c87bea133ee61d018457d7d4daf0fb757
* Add code in KRA python client to support multiple crypto algorithmsAde Lee2017-04-063-36/+144
| | | | | | | | | | | | | | Added code to: * Add an InfoClient to the KRAClient * Check the server, client and crypto provider keyset levels and select the highest possible level accordingly. * Added new fields as returned by the server for retrieval. * Added new fields to KeyRecoveryRequest as added in AES changes. Changes to decode keywrapped symmetirc and asymmetric keys will be added in subsequent patches. Right now, encrypt/decrypt works. Change-Id: Ifa7748d822c6b6f9a7c4afb395fb1388c587174d
* Add python-cryptography crypto providerAde Lee2017-04-063-17/+197
| | | | | | | | | | | The python-cryptography provider is added. It will use AES mechanisms by default. The eventual goal is to use this provider by default, and to obsolete the NSS CryptoProvider. Added some methods to determine which crypto keyset levels are supported by the crypto provider. Change-Id: Ifd47f0de765a9f0d157e8be678d5d06437bda819
* Fixed PKIServerSocketListener.Endi S. Dewata2017-04-052-2/+39
| | | | | | | | | | | | The PKIServerSocketListener.alertReceived() has been fixed to generate audit log when the SSL socket is closed by the client. The log message has been modified to include the reason for the termination. https://pagure.io/dogtagpki/issue/2602 Change-Id: Ief2817f2b2b31cf6f60fae0ee4c55c17024f7988
* Added CLIs to access audit log files.Endi S. Dewata2017-04-0414-1/+501
| | | | | | | New pki audit commands have been added to list and retrieve audit log files. Change-Id: I785fa6f55d9b143f513d9210ebf82d04e06eaed5
* Fix pylint errorsAde Lee2017-04-042-1/+2
|
* Merge "Add util code to source environment files"Ade Lee2017-04-041-0/+28
|\
| * Add util code to source environment filesAde Lee2017-04-031-0/+28
| | | | | | | | | | | | | | This is needed to set the same environment as the pki CLI and pick up any client specific changes. Change-Id: I92b4df75f2e3ee5112499a1d138e7e649a1214fc
* | Merge "Added python info client"Ade Lee2017-04-042-11/+138
|\|
| * Added python info clientAde Lee2017-04-032-11/+138
| | | | | | | | | | | | | | | | | | | | | | | | Add python client code to read from the InfoResource class and get the server version. As the PKIConnection in the python client currently requires a subsystem, it is difficult to add an infoclient to an existing KRAClient (or any other client). To get around this, I modified the PKIConnection to allow using the rootURI. Change-Id: Ided75f45f741e2ba3fc86acec715d24b829c8a97
* | Added PKIRESTProvider.Endi S. Dewata2017-04-047-24/+128
| | | | | | | | | | | | | | A new PKIRESTProvider has been added to send and receive StreamingOutput object through REST API. Change-Id: Iefc513aacb9fc26bc7c8c5cbfb4550a4a98da52e
* | Added audit service and CLI to all subsystems.Endi S. Dewata2017-04-0421-2/+105
|/ | | | | | | Previously the audit service and CLI were only available on TPS. Now they have been added to all subsystems. Change-Id: I3b472254641eb887289c5122df390c46ccd97d47
* Change default key size for KRA storage unit to 128Ade Lee2017-04-031-1/+1
| | | | | | | Most of the research out there seems to indicate that AES-128 is more than sufficient for security. Use this as default. Change-Id: Ie333282eacc5ce628c90296561e4cd6a76dcbd8e
* Fix generation of CRMF request for ECC keysAde Lee2017-04-032-16/+11
| | | | | | | | | | | Old CRMFPopClients add the OID for ECC public keys in the encryption algorithm OID for no obvious reason (considering the OID was never read on the server side to begin with). Now that we do read and use that field, we need to set it properly, and also special case on the server side to handle old clients. Change-Id: I0d753e572206e9062746c879ce683978e5e657bd
* Refactored AuditCLI.Endi S. Dewata2017-03-312-5/+7
| | | | | | | The AuditCLI has been modified to create the AuditClient with lazy initialization. Change-Id: I61b08e92a2f2de983fc77513dde89e1d5e1254b9
* Removed redundant Context attributes.Endi S. Dewata2017-03-3122-365/+0
| | | | | | | All subclasses of PKIService have been modified to remove the Context attribute since they have been declared in the base class. Change-Id: Icdbe97efa2b910a579264099f817930c2cc2ed1a
* Fix for pylint when using Python 3.6Christian Heimes2017-03-312-2/+10
| | | | | Added 'pylint: disable=no-member' whenever module 're' attempts to reference its 'MULTILINE' member.
* Misc pylint, flake8 and tox fixesChristian Heimes2017-03-3110-10/+14
|
* Fixed pylint error in pki.authority.Endi S. Dewata2017-03-311-1/+1
| | | | | | https://pagure.io/dogtagpki/issue/2627 Change-Id: I3111e78fc0afb63799e7bd707274ec7a9e8624ac
* Fixed pylint errors in pki.server.cli.subsystem.Endi S. Dewata2017-03-311-3/+2
| | | | | | https://pagure.io/dogtagpki/issue/2627 Change-Id: Icd47be636c78224328438a8091c7c3bdd07c06bd
* Fixed default subsystems for top-level CLI commands.Endi S. Dewata2017-03-315-10/+39
| | | | | | | | | | The top-level CLI commands have been modified to get the subsystem name from the parent subsystem CLI if available, otherwise they will use a hard-coded default value. https://pagure.io/dogtagpki/issue/2626 Change-Id: Ieef45abfdfb4a6fc63fd06a6ccda4e70366de4a0
* Removed duplicate PROP_EXPIRATION_TIME constant.Endi S. Dewata2017-03-302-7/+6
| | | | Change-Id: Ife9108019994b385fc452da0f29dee64d0ccc5d3
* Removed duplicate PROP_MAX_FILE_SIZE constant.Endi S. Dewata2017-03-301-5/+4
| | | | Change-Id: Ic2aa92985e8aee9b5405ad542c640ca67a0047c6
* Removed duplicate PROP_ROLLOVER_INTERVAL constant.Endi S. Dewata2017-03-302-10/+10
| | | | Change-Id: I66b369ec33f97dab96f6d832e2eb9ab0c6cdbe98
* Fix retrieval for symmetric keysAde Lee2017-03-2810-29/+258
| | | | | | | | | | | | | Up to now, we have only ever used the same algorithm (DES3_CBC) for key wrapping and encryption. With the change to use AES Keywrap and AES CBC, we need to know which mechanism was used to encrypt/wrap the secrets when returned to the client. This means passing back more information to the client with the key data, and also modifying the client to use this information to decode the data correctly. Change-Id: I7232085c1eedf38c63abad81db08acc912fa1da1
* Bug #2615 CMC: cleanup code for Encrypted Decrypted POP This patch adds more ↵Christina Fu2017-03-283-43/+240
| | | | error checking and debugging
* Bug 1419742: CMC RFE: provide Proof of Possession for encryption cert ↵Christina Fu2017-03-288-327/+1300
| | | | requests CMC encryptedPOP and decrypedPOP (Phase 1) also disable lraPOPwitness This patch implements the Proof of Possession for encryption only keys. This is a preliminary implementation with limitations. It does not support more than one request. ECC keys are untested. This version only uses default algorithms at some internal places. Not all limitations are listed here.
* Bug 1419734 CMC: id-cmc-identityProofV2 feature implementation This patch ↵Christina Fu2017-03-284-38/+388
| | | | adds both client and server support for two cmc controls: id-cmc-identityProofV2 - for supporting RFC5272, and id-cmc-identification - for assisting in shared secret search; Note: for client, only CMCRequest is updated in this patch
* Refactored TPS ConnectorCLI.Endi S. Dewata2017-03-286-9/+22
| | | | | The TPS ConnectorCLI and its submodules have been modified to use lazy initialization to get the PKIClient object.
* Refactored TPS TokenCLI.Endi S. Dewata2017-03-286-9/+23
| | | | | The TPS TokenCLI and its submodules have been modified to use lazy initialization to get the PKIClient object.
* Refactored TPS ProfileCLI.Endi S. Dewata2017-03-286-9/+22
| | | | | The TPS ProfileCLI and its submodules have been modified to use lazy initialization to get the PKIClient object.
* Refactored TPS ConfigCLI.Endi S. Dewata2017-03-283-5/+12
| | | | | The TPS ConfigCLI and its submodules have been modified to use lazy initialization to get the PKIClient object.
* Refactored TPSCertCLI.Endi S. Dewata2017-03-283-5/+12
| | | | | The TPSCertCLI and its submodules have been modified to use lazy initialization to get the PKIClient object.
* Refactored AuthenticatorCLI.Endi S. Dewata2017-03-286-9/+22
| | | | | The AuthenticatorCLI and its submodules have been modified to use lazy initialization to get the PKIClient object.
* Refactored AuditCLI.Endi S. Dewata2017-03-283-6/+13
| | | | | The AuditCLI and its submodules have been modified to use lazy initialization to get the PKIClient object.
* Refactored ActivityCLI.Endi S. Dewata2017-03-283-5/+12
| | | | | The ActivityCLI and its submodules have been modified to use lazy initialization to get the PKIClient object.
* Added audit logs for SSL/TLS events.Endi S. Dewata2017-03-2811-11/+190
| | | | | | | | | | | | | | | The CMSStartServlet has been modified to register an SSL socket listener called PKIServerSocketListener to TomcatJSS. The PKIServerSocketListener will receive the alerts generated by SSL server sockets and generate ACCESS_SESSION_* audit logs. The CS.cfg for all subsystems have been modified to include ACCESS_SESSION_* audit events. https://pagure.io/dogtagpki/issue/2602 Change-Id: If7fb6c1b096ec8c68d1fd08f9132baf099816f11
* Refactored TPSConnectorCLI for TKS.Endi S. Dewata2017-03-276-8/+21
| | | | | The TPSConnectorCLI for TKS and its submodules have been modified to use lazy initialization to get the PKIClient object.
* Refactored SelfTestCLI.Endi S. Dewata2017-03-274-7/+16
| | | | | The SelfTestCLI and its submodules have been modified to use lazy initialization to get the PKIClient object.
* Refactored CA ProfileMappingCLI.Endi S. Dewata2017-03-276-9/+22
| | | | | The CA ProfileMappingCLI and its submodules have been modified to use lazy initialization to get the PKIClient object.
* Refactored CA ProfileCLI.Endi S. Dewata2017-03-279-18/+41
| | | | | The CA ProfileCLI and its submodules have been modified to use lazy initialization to get the PKIClient object.
* Refactored KRAConnectorCLI for CA.Endi S. Dewata2017-03-274-9/+19
| | | | | The KRAConnectorCLI for CA and its submodules have been modified to use lazy initialization to get the PKIClient object.
generated by cgit (git 2.34.1) at 2025-09-27 15:28:01 +0000