Replace legacy Python base64 invocations
by Christian Heimes
Patch for https://fedorahosted.org/pki/ticket/1102
b64encode() and base64.encodestring() work slightly different.
encodestring() includes an extra newline at the end of the string. It
seems the server treats both representations equally.
I ran the KRA tests according to base/kra/functional/drmtest.readme.txt.
The tests are passing, too.
Christian
9 years, 3 months
[PATCH] 0267-Add-code-to-reindex-data-during-cloning-without-replication
by Ade Lee
Add code to reindex data during cloning without replication
When setting up a clone, indexes are added before the
replication agreements are set up and the consumer is initialized.
Thus, as data is replicated and added to the clone db, the
data is indexed.
When cloning is done with the replication agreements already set
up and the data replicated, the existing data is not indexed and
cannot be accessed in searches. The data needs to be reindexed.
Related to ticket 1414
Please review,
Ade
9 years, 4 months
Re: [Pki-devel] [Pki-users] [pki-devel][PATCH] 0046-Firefox-warning.patch
by John Magne
Acked by alee,
pushed to master.
Closing ticket #1523
----- Original Message -----
From: "John Magne" <jmagne(a)redhat.com>
To: "pki-users" <pki-users(a)redhat.com>
Sent: Friday, July 31, 2015 2:01:17 PM
Subject: [Pki-users] [pki-devel][PATCH] 0046-Firefox-warning.patch
Firefox warning
Ticket #1523
Move the dire warning about the crypto object to sections where it applies.
Also slightly changed the message due to context.
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
9 years, 4 months
[PATCH] Add certutil options for ECC
by Matthew Harmsen
Please review the attached patch which addresses the following issue:
* PKI TRAC Ticket #1524 - pkispawn: certutil options incorrect for
creating ecc admin certificate
<https://fedorahosted.org/pki/ticket/1524>
Tested patch by creating both an RSA CA as well as an ECC CA.
Did a simple successful enrollment for both; checked the Admin cert to
verify that it was an RSA admin cert for RSA CA:
Certificate:
Data:
Version: v3
Serial Number: 0x6
Signature Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11
Issuer: CN=CA Signing Certificate,O=example.com
Security Domain
Validity:
Not Before: Tuesday, July 28, 2015 6:22:41 PM MDT
America/Denver
Not After: Monday, July 17, 2017 6:22:41 PM MDT
America/Denver
Subject: CN=PKI
Administrator,E=caadmin(a)example.com,O=example.com Security Domain
Subject Public Key Info:
*Algorithm: RSA - 1.2.840.113549.1.1.1*
Public Key:
Exponent: 65537
Public Key Modulus: (2048 bits) :
E7:3C:D6:6D:A2:0A:B0:D7:AF:8D:3F:D7:63:69:69:F7:
F2:90:A6:AC:2C:9C:63:D0:A7:81:C2:2C:C6:C8:2F:7E:
28:A0:69:99:30:3F:8C:F0:F2:D5:1C:19:E0:D8:81:BD:
C3:4C:09:89:62:FB:86:63:76:8E:6B:EC:B1:DA:15:CA:
B7:27:F1:F4:60:40:E8:F3:9F:39:0F:22:F5:9C:2E:E1:
EB:F6:47:CA:01:60:93:6E:D1:30:DD:4A:27:F0:7C:36:
93:DB:88:31:38:86:9E:CB:2C:87:02:49:3A:76:22:64:
13:B3:F2:62:D8:6A:EA:06:B5:FF:DE:65:C3:FF:2D:33:
91:C1:FF:10:DA:DE:80:58:D4:C3:F1:61:4D:3D:8A:05:
63:5E:7D:54:DC:FF:18:7E:A9:0C:8D:76:EE:5A:27:42:
1B:B0:59:4A:56:0E:3B:66:AD:95:42:F5:3B:5C:EA:71:
19:98:02:25:D9:A6:68:7D:02:5F:09:CB:0E:C2:22:9D:
9A:04:19:06:F5:7F:98:C6:2E:8F:BB:1A:71:1B:15:0B:
E5:E6:3B:75:65:A8:36:20:42:60:52:48:11:77:3D:C7:
94:5A:DE:8E:4E:A8:89:BA:B5:00:6A:00:9F:BE:FF:F9:
10:52:1F:D6:DC:16:2D:7D:E4:79:6C:4D:87:CC:A0:E9
Extensions:
Identifier: Authority Key Identifier - 2.5.29.35
Critical: no
Key Identifier:
C4:08:DF:28:92:11:38:F4:AD:0D:7C:04:4F:3E:17:1F:
7D:39:0F:26
Identifier: Authority Info Access: - 1.3.6.1.5.5.7.1.1
Critical: no
Access Description:
Method #0: ocsp
Location #0: URIName:
http://pki.example.com:8080/ca/ocsp
Identifier: Key Usage: - 2.5.29.15
Critical: yes
Key Usage:
Digital Signature
Non Repudiation
Key Encipherment
Data Encipherment
Identifier: Extended Key Usage: - 2.5.29.37
Critical: no
Extended Key Usage:
1.3.6.1.5.5.7.3.2
1.3.6.1.5.5.7.3.4
Signature:
Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11
Signature:
E0:6A:60:38:3F:D2:B3:C0:D0:D8:0F:01:80:B3:64:FC:
CE:0F:53:2B:42:21:26:03:CB:55:12:86:48:7D:FF:99:
C3:7E:BB:32:A2:46:2F:38:D4:E0:C7:FD:38:93:2C:07:
47:DA:72:AA:36:63:50:CF:8F:95:F3:B7:6C:95:8E:A5:
89:FB:70:69:8B:37:65:ED:F1:7F:65:5E:E7:89:5C:BF:
B9:2C:AB:10:77:D1:50:35:AC:88:CB:8B:E1:49:5C:CB:
E2:6F:0D:25:FD:8B:B5:FD:C5:80:B4:B2:A6:19:19:51:
CA:3B:9A:45:C2:EC:16:23:F1:94:5B:7B:2C:FC:64:56:
4E:ED:C8:D0:9A:54:3A:A7:EE:A1:80:18:56:EC:38:79:
5E:72:6E:7E:E9:40:7B:7F:9C:7C:E5:61:5A:93:B9:70:
8C:DA:8E:3A:A3:06:C4:04:15:6A:FF:0D:1D:25:D1:FF:
78:E4:18:AC:88:3F:0A:8F:11:C2:65:3F:BC:0F:B5:06:
CF:41:37:57:34:76:4B:85:9A:C2:DE:94:AA:E4:94:28:
CC:12:87:E4:FE:53:8F:DD:9E:2F:7F:6D:15:78:68:B5:
06:B9:A3:4A:67:CF:E5:CC:27:46:B0:FB:12:99:78:6C:
28:A9:63:7F:82:8E:01:2A:53:F5:35:6A:53:AF:B6:D0
FingerPrint
MD2:
EE:AD:F2:AD:6B:9B:0C:B1:79:EA:04:75:65:30:79:7D
MD5:
FE:8B:68:52:E6:D4:56:ED:BD:12:2F:76:04:09:31:D5
SHA-1:
DE:6D:08:9C:3D:FC:D1:21:9D:69:70:7E:0D:0D:9A:6E:
B2:DD:13:3F
SHA-256:
62:D8:A2:F6:D7:E5:80:76:AB:BE:09:2E:70:9E:E3:88:
26:3A:8D:60:E0:F2:75:E8:36:1B:15:27:08:56:3A:21
SHA-512:
86:E7:26:A3:DB:92:51:F2:85:FA:E9:A1:2C:D4:43:0D:
98:78:91:4C:53:AF:3D:0F:C3:9D:F3:98:9E:95:DE:CA:
6C:16:C8:0F:6F:A5:F6:97:11:6F:08:63:EC:35:38:AB:
CD:4B:9A:82:17:27:0D:5B:D2:8C:6D:05:D5:E1:BE:06
and an ECC admin cert for the ECC CA:
Certificate:
Data:
Version: v3
Serial Number: 0x6
Signature Algorithm: SHA256withEC - 1.2.840.10045.4.3.2
Issuer: CN=CA Signing Certificate,O=example.com
Security Domain
Validity:
Not Before: Tuesday, July 28, 2015 6:35:44 PM MDT
America/Denver
Not After: Monday, July 17, 2017 6:35:44 PM MDT
America/Denver
Subject: CN=PKI
Administrator,E=caadmin(a)example.com,O=example.com Security Domain
Subject Public Key Info:
* Algorithm: EC - 1.2.840.10045.2.1*
Public Key:
04:F6:A6:B3:82:E4:5A:04:75:BC:F0:8F:30:44:20:34:
CC:4C:2D:D2:3C:51:16:C6:C6:7B:F4:89:91:C8:BD:B6:
29:4B:B7:99:27:B9:D8:0C:F2:C9:4F:5A:C3:89:81:EC:
7A:EC:3E:83:07:5D:46:F3:23:AF:96:D7:E4:4F:89:C8:
FA
Extensions:
Identifier: Authority Key Identifier - 2.5.29.35
Critical: no
Key Identifier:
D7:D9:BD:50:7F:63:ED:D3:0B:DA:79:13:CC:6C:B0:B0:
21:71:CF:6C
Identifier: Authority Info Access: - 1.3.6.1.5.5.7.1.1
Critical: no
Access Description:
Method #0: ocsp
Location #0: URIName:
http://pki.example.com:8080/ca/ocsp
Identifier: Key Usage: - 2.5.29.15
Critical: yes
Key Usage:
Digital Signature
Non Repudiation
Key Encipherment
Data Encipherment
Identifier: Extended Key Usage: - 2.5.29.37
Critical: no
Extended Key Usage:
1.3.6.1.5.5.7.3.2
1.3.6.1.5.5.7.3.4
Signature:
Algorithm: SHA256withEC - 1.2.840.10045.4.3.2
Signature:
30:44:02:20:63:0B:65:D6:46:54:04:44:5F:6B:EE:96:
CA:39:5F:ED:1A:69:D3:95:02:73:E2:C4:28:E7:C6:8C:
B2:C5:55:3D:02:20:21:13:02:F8:10:B8:08:B9:1D:98:
FB:18:FC:B4:F5:34:80:D9:C4:89:E8:F9:6E:63:29:9E:
E9:67:D7:3E:AB:C2
FingerPrint
MD2:
34:F9:08:E4:4E:62:D8:45:2E:12:58:E1:77:2C:DA:0F
MD5:
6B:E8:3C:5C:67:E0:67:FE:6D:E3:D4:E1:F6:6C:35:5E
SHA-1:
2D:A5:92:BA:8A:F7:A2:41:54:46:C9:2C:C7:FB:C2:E0:
EC:06:E3:DC
SHA-256:
28:4F:EC:64:4B:67:44:1A:10:35:3F:DE:A8:AD:EF:B7:
C2:22:0C:FE:E7:94:EA:B4:6E:4A:32:45:AE:FC:CE:E1
SHA-512:
8F:3E:F9:8B:A5:AC:3E:9E:2A:94:ED:5B:EC:EB:3F:19:
2F:CE:62:E5:8D:72:6A:D8:B8:C0:81:9B:9E:60:CE:9F:
B7:8D:35:E5:F5:A2:8B:34:BD:EB:FD:B3:12:41:20:FB:
07:81:3D:42:52:9A:50:3F:8A:19:B3:5B:A1:EF:1D:15
9 years, 4 months
[pki-devel][PATCH] 0045-op.format.externalRegAddToToken.revokeCert-parameter.patch
by John Magne
op.format.externalRegAddToToken.revokeCert parameter missing in TPS CS.cfg.
It is true that his setting is not present.
The generic code that revokes certs for a format checks this value.
No harm in putting this value in the CS.cfg and setting it to false by
default for the externalRegAddToToken profile. No harm in giving the user
the way to use this feature , even if we decide it is not a good idea to revoke
certs associated with the external reg feature.
9 years, 4 months
