June 2012 - Pki-devel - Dogtag Pki List Archives

[PATCH] 66 Added cert revocation CLI.

by Endi Sukma Dewata

The cert revocation CLI provides a tool to revoke and unrevoke certificates. Ticket #161 -- Endi S. Dewata

12 years, 5 months

3
17
0 / 0

[PATCH] 65 Added cert revocation REST service.

by Endi Sukma Dewata

The cert revocation REST service is based on DoRevoke and DoUnrevoke servlets. It provides an interface to manage certificate revocation. Ticket #161 -- Endi S. Dewata

12 years, 5 months

2
6
0 / 0

PATCH 34-1 - Restful interface to create certificate requests

by Ade Lee

Please review. Tests done: 1. Cert issuance and approval from UI (manual, maul dual cert, agent authenticated server cert) 2. Cert issuance in installation of other subsystems 3. Cert issuance (user and server) from RA. 4. Cert issuance and approval from restful interface using CATest -- two step (create cert request/ agent approval) user and server certs -- single step (agent approved user and server certs) Ade

12 years, 5 months

2
5
0 / 0

[PATCH] 18, 19 - Fixes for Guarded_By_Violation[18] and Unfinished NULL_RETURNS and RESOURCE_LEAKS[19] cases in Coverity for DogTag10

by Abhishek Koneru

Please review the patches 18 and 19 with fixes for Guarded_By_Violation[18] and Remaining Null_Returns and ResourceLeaks cases in Coverity for DogTag10. Regards, Abhishek Koneru

12 years, 5 months

2
5
0 / 0

[PATCH] 17 Added Null Value Handling for all implementations of IDBAttrMapper: mapObjectToLDAPAttributeSet as part of Forward Null Coverity Fixes for DogTag10

by Abhishek Koneru

Please find attached the patch which handles null object passed to map to an LDAP Attribute for review. Regards, Abhishek Koneru

12 years, 5 months

2
4
0 / 0

[PATCH] 16 Fixes for Coverity Issues of type Forward Null for DogTag 10 fro review.

by Abhishek Koneru

Please find attached the patch with fixes for Forward_Null type issues in Coverity for DogTag 10 fro review. Regards, Abhishek Koneru

12 years, 5 months

2
3
0 / 0

[PATCH] 67 Added REST error handler.

by Endi Sukma Dewata

If a REST method returns a Response object it has to be handled manually. A new getEntity() method has been added to obtain the entity from the Response object and also map HTTP errors into exceptions. Ticket #161 -- Endi S. Dewata

12 years, 5 months

2
3
0 / 0

[PATCH] 69 Fixed problem removing user certificate.

by Endi Sukma Dewata

Generally the user LDAP entry does not contain a seeAlso attribute unless it's a special database user. The UGSubsystem.removeUserCert() would fail because it tried to remove the seeAlso attribute. Now the code has been fixed to remove the seeAlso using a separate modify operation and ignore the error if it fails due to missing attribute. Ticket #182 -- Endi S. Dewata

12 years, 5 months

2
2
0 / 0

Re: [Pki-devel] [Pki-users] researches have stolen an RSA private key from an Gemalto Cyberflex RSA Token

by Andrew Wnuk

On 06/26/2012 07:06 AM, Fabian Bertholm wrote: > Hi, > > I am not sure what the implications will be but I think the redhat PKI > system is at least using the same hardware. > You should read this paper. > http://hal.inria.fr/docs/00/70/47/90/PDF/RR-7944.pdf > > What does this mean for us as users? The following response was provided by Robert Relyea: For most token users, nothing. The researchers have not extracted the RSA private key, they extracted a symmetric key that is encrypted to the private key on the token. In environments where the token does not support decrypt, and operate on FIPS level-3 or above, this is big news, but for deployments which use a basic "RSA-op" function, not even separate Sign/Decrypt functions, you can simply decrypt the blob and get the symmetric key. The paper is definitely worthy of attention, but for most deployments it will have little or now impact. > > Best regard, > Fabian Bertholm > > _______________________________________________ > Pki-users mailing list > Pki-users(a)redhat.com > https://www.redhat.com/mailman/listinfo/pki-users

12 years, 6 months

1
0
0 / 0

[PATCH] Add LDAP cert publisher using LDAP auth DN

by Joshua Roys

Hello, Attached is a patch that I've just tested locally to publish certs to a LDAP directory easily if you have also setup authentication for user certs using LDAP. I noticed an attribute stored in the internal db which was the full DN of the authenticated user and that's what this uses. (I also specify a predicate on the publish rule of profileId==caDirUserDualCert to restrict the candidate certs to the proper set.) Thanks, Josh

12 years, 6 months

2
1
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Pki-devel June 2012