summaryrefslogtreecommitdiffstats
path: root/base
Commit message (Collapse)AuthorAgeFilesLines
...
* Fix-for-Bug-1170867-TPS-Installation-FailedJack Magne2014-12-1623-1767/+205
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix now includes last review comments where we decided to consolidate 3 of the ldif files: schema.ldif,database.ldif, and manager.ldif. Each one of these 3 files contains the data needed for any subsystem for that file. The subsystem specific files for these 3 go away in the source tree. The first iteration of this fix was copying these 3 files into an undesirable directory. This is no longer the case. Extra code in the python installer allows one to establish a "file exclusion" callback to keep a set of desired files from being copied when the installer does a directory copy. All subsystems have been tested, including TPS with a brand new DS (which was the original reason for this fix), and they appear to work fine. Addressed further review comments: 1. Removed trailing whitespace instances from schema.ldif which had some. 2. Used pycharm to remove the few PEP violations I had previously added to the Python code. 3. Changed the format of the schema.ldif file to make all the entries use the same style. Previously the TPS entries was using an all in one syntax. No more since now each entry is separate. 4. Changed the name of an argument in one of the new Python methods to get rid of a camelCase instance. 5. Tested everything to work as before, including basic TPS operations such as Format. Fixed a method comment string and fixed some typos.
* Ticket 1180 RFE: show link to request record from cert displayChristina Fu2014-12-162-0/+14
|
* Ticket 1173 Directory-based renewal evaluator fails authorizationChristina Fu2014-12-161-10/+10
|
* Decode challengePassword attribute as DirectoryStringFraser Tweedale2014-12-163-1/+27
| | | | | | | | | | | The PKCS #9 challengePassword attribute has DirectoryString syntax. Dogtag currently attempts only to decode it as a PrintableString, causing failures when the attribute is encoded as a UTF8String. Add method DerValue.getDirectoryString() to decode any of the valid DirectoryString encodings and update ChallengePassword to use it. https://fedorahosted.org/pki/ticket/1221
* Added rangeUnit property to certificate profiles.Endi S. Dewata2014-12-1513-55/+213
| | | | | | | | | A new optional property has been added to certificate profiles to specify the range unit. The default range unit is 'day'. The code has been modified to use the Calendar API to calculate the end of validity range based on the range unit. https://fedorahosted.org/pki/ticket/1226
* Cleaned up clone installation code.Endi S. Dewata2014-12-121-107/+97
| | | | | The code in ConfigurationUtils has been cleaned up and reformatted to improve readability.
* Fixed problem importing renewed system certificate.Endi S. Dewata2014-12-122-51/+144
| | | | | | | | | | | | Previously during clone installation if the PKCS12 file contains both expired and renewed certificates the code might incorrectly import the expired certificate instead of the renewed one, thus failing the installation. The code has been fixed to validate the certificates in the PKCS12 file such that only the valid ones will be imported into the clone. https://fedorahosted.org/pki/ticket/1093
* Fix BasicConstraints min/max path length checkFraser Tweedale2014-12-051-1/+1
| | | | | | | | | | | | The BasicConstraintsExtConstraint min/max path length validity check ensures that the max length is greater than the min length, however, when a negative value is used to represent "no max", the check fails. Only compare the min and max length if the max length is non-negative. Ticket #1035
* Remove legacy multilib JNI_JAR_DIR logicMatthew Harmsen2014-12-046-6/+7
| | | | | | | | | | | | | | | | * Bugzilla Bug #1165351 - Errata TPS test fails due to dependent packages not found (cherry picked from commit d7a0807b7493fc3d86900ee4aaf8199efd824907) Conflicts: base/java-tools/templates/pki_java_command_wrapper.in base/java-tools/templates/pretty_print_cert_command_wrapper.in base/java-tools/templates/pretty_print_crl_command_wrapper.in base/server/python/pki/server/deployment/pkiparser.py base/server/scripts/operations (cherry picked from commit c8d73ade2c651fd5ca01226c89d5d19828bfc9b7)
* Improvements for KeyClient.archive_encrypted_data().Endi S. Dewata2014-11-251-26/+41
| | | | | | | | | The archive_encrypted_data() in KeyClient has been modified to have a default value for the algorithm OID and to take a nonce IV object instead of the base-64 encoded value. https://fedorahosted.org/pki/ticket/1155 https://fedorahosted.org/pki/ticket/1156
* Removed profile input/output IDs from CLI output.Endi S. Dewata2014-11-252-4/+26
| | | | | | | | | | | | The current profile inputs/outputs do not have meaningful IDs (e.g. i1, i2, o1) and are not used by the client so they should not be displayed in the CLI output. In the future the IDs should be renamed into something meaningful (e.g. keygen, sn, cert) and the inputs/outputs should be retrieved by ID. New methods have been added to retrieve by ID. https://fedorahosted.org/pki/ticket/1147
* Ticket 1198 Bugzilla 1158410 add TLS range support to server.xml by default ↵Christina Fu2014-11-245-3/+153
| | | | and upgrade
* Ticket 1206 (java console) TLS range support: code change needed for cs when ↵Christina Fu2014-11-241-36/+17
| | | | acting as client
* bugzilla 871171 (client-side code) Provide Tomcat support for TLS v1.1 and ↵Christina Fu2014-11-214-103/+44
| | | | TLS v1.2
* Fix ECC curve name typosFraser Tweedale2014-10-301-2/+2
| | | | | "nistp512" appears in a few places, but the curve name is "nistp521". Fix these references.
* Fixed incorrect Python API docs format.Endi S. Dewata2014-10-282-51/+55
| | | | | | | The Python API docs in some classes/methods have been fixed to remove the errors and warnings generated by python-sphinx. https://fedorahosted.org/pki/ticket/1157
* Updates to some python client classes for prettier API docs.Ade Lee2014-10-279-41/+398
| | | | | Added missing .rst annotations and missing docstrings. Added log file for sphinx runs.
* Added Python Client API Docs to buildAde Lee2014-10-275-0/+462
| | | | | | | This patch builds HTML and man page builds for the python client API delivered in pki-base. Ticket 1157
* Fixed pylint failure on F21.Endi S. Dewata2014-10-271-2/+2
| | | | | The build failed on F21 due to stricter pylint requirements which generate new warnings. For now they are marked to be ignored.
* Updated version to 10.2.1-0.1.Endi S. Dewata2014-10-272-0/+8
| | | | https://fedorahosted.org/pki/ticket/1191
* Bug1151147 issuerDN encoding correctionChristina Fu2014-10-238-9/+114
|
* Add a man page for profile CLI commands.Abhishek Koneru2014-10-152-0/+154
|
* Updated KRA Python client library.Endi S. Dewata2014-10-094-46/+159
| | | | | | | | | | | | | | | The Python client library for KRA has been modified to simplify the usage. The NSSCryptoProvider's setup_database() and __init__() now take a password file parameter. The import_cert() now can take either cert binary/encoded data or CertData object. It also provides a default value for the trust attribute. The KRAClient now stores the crypto provider object. The KRA test has been updated to provide options to override the default test configuration (e.g. hostname, port). It also has been modified to use a temporary NSS database. The setup document has been updated to describe the process to run the test as root and as a regular user.
* Added CLI to import/export certificates with private keys.Endi S. Dewata2014-10-097-32/+582
| | | | | | | New CLI commands have been added to import/export certificates and private keys into/from the client security database. The CLI can also be used to generate the file needed by Python client library for client certificate authentication.
* Fixing upstream trac ticket 1150.Abhishek Koneru2014-10-092-4/+8
| | | | | | | In both sslget.c and revoker.c there is an incorrect equality check which compares the output of a comparision operator with a constant(SECFailure) which has a value of -1. The fix will print the correct SECFailure or SECSuccess value for the do_writes method.
* Incorrect status change in key-request-review.Abhishek Koneru2014-10-011-2/+2
| | | | | | Fix for ticket #1037. Corrected the issue caused due to incorrect operations performed for reject and cancel actions in key-request-review.
* Fix sub-CA installation with own security domainAde Lee2014-10-018-105/+216
| | | | | | | | | Installation code failed to anticipate installation of a subordinate CA that would host its own security domain. This patch includes changes to python installation code, java configuration servlet and changes to man pages. Ticket 1132
* Remove 'pki-migrate' coderoot2014-09-30170-27596/+0
| | | | - PKI TRAC Ticket #1138 - Remove 'migrate' source code from master branch
* Remove 'pki-selinux' codeMatthew Harmsen2014-09-308-954/+0
| | | | - PKI TRAC Ticket #1139 - Remove 'selinux' code from 'master' branch
* ticket #1110 pkispawn (configuration) does not provide CA extensions in ↵Christina Fu2014-09-257-2/+207
| | | | subordinate certificate signing requests (CSR)
* Added missing audit event ASYMKEY_GENERATION_REQUEST to KRA CS.cfgAde Lee2014-09-241-2/+2
|
* Provide standalone Pin Reset Processor.Jack Magne2014-09-234-202/+295
| | | | | | | Now an enrolled token can have its pin changed with esc without doing another enrollment. Actually call authentication for this pin reset operation now. Review fix.
* Added idempotent 01-MoveWebApplicationContextFile migration scriptAde Lee2014-09-194-0/+112
| | | | Added to 10.1.1 to be consistent with 10.1 branch.
* Added option to import client cert from CA.Endi S. Dewata2014-09-193-63/+122
| | | | | | | | | | | | A new option has been added to the client-cert-import command to import a certificate from CA by specifying the serial number. The client-cert-import has also been modified to get the nickname of the certificate to import from the CLI argument. For backward compatibility, if no argument is specified the CLI will try to get the nickname from the authentication option (-n). Ticket #1152
* Added option to import user cert from CA.Endi S. Dewata2014-09-191-13/+47
| | | | | | | | The user-cert-add CLI has been modified to provide an option to specify the serial number of the certificate to be imported from the CA. Ticket #1151
* Displaying request status in ca-cert-request-review.Endi S. Dewata2014-09-191-0/+4
| | | | | | | The ca-cert-request-review CLI has been modified to show the request status after completing the operation. Ticket #1149
* Added client-cert-request CLI.Endi S. Dewata2014-09-198-19/+230
| | | | | | | A new CLI has been added to simplify the process to request a user certificate for client certificate authentication. Ticket #1148
* ticket #1158 CMCRequest does not support internal tokenChristina Fu2014-09-161-1/+1
|
* Fix Debian specific paths to jackson jarsTimo Aaltonen2014-09-091-8/+8
|
* fix typo succesfully -> successfullyBenjamin Drung2014-09-093-3/+3
|
* Fix manpage errorsBenjamin Drung2014-09-099-25/+25
| | | | | This patch fixes manpage-has-errors-from-man and hyphen-used-as-minus-sign found by lintian tool on Debian.
* Ticket #882 - remove all certs belong to a token in tokendb before addChristina Fu2014-09-051-0/+9
|
* Fix public key print format in KeyCLI.Abhishek Koneru2014-09-041-5/+1
|
* Ticket #1146 Tomcat TPS: missing "keyType" for renewed certs in the cert recordsChristina Fu2014-09-041-5/+2
|
* Ticket #882 - delete certs associated to a token when token is removedChristina Fu2014-09-042-0/+30
|
* Check for null values in GetConfigEntriesAde Lee2014-09-041-4/+7
| | | | Ticket 1142
* Revert "Enabled certificate revocation checking by default."Endi S. Dewata2014-09-044-15/+1
| | | | | | | This reverts commit 223d15539b7bcc0df025025036af2935726e52e3. The patch does not work for subsystems installed on separate instance since it will require additional OCSP setup.
* Rename pki-tps-tomcat to pki-tpsMatthew Harmsen2014-09-03177-0/+0
| | | | * PKI TRAC Ticket #1017 - Rename pki-tps-tomcat to pki-tps
* TpsClient support for extensions.Jack Magne2014-09-031-5/+57
| | | | | | | | | | | TpsClient will now suport the ability to specify extensions in the script file. Ex: op=ra_format uid=jmagne pwd=netscape new_pin=netscape num_threads=1 extensions=tokenType=userKey Ticket # 1016.
* ticket #941 Rest interface triggered revoke/unrevoke and cert status update; ↵Christina Fu2014-09-036-39/+291
| | | | recovery
generated by cgit (git 2.34.1) at 2025-10-02 09:21:32 +0000