date:20160706

Re: [Pki-devel] [PATCH 0010] Added instance and subsystem validation for pki-server subsystem-* commands.

2016-07-06 Thread Abhijeet Kasurde


Sure, Matthew. I will take a note of that.


On 07/06/2016 09:24 PM, Matthew Harmsen wrote:

On 07/06/2016 09:30 AM, Endi Sukma Dewata wrote:

On 7/2/2016 12:48 AM, Abhijeet Kasurde wrote:

Hi All,

Please review the patch.

Partially fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1351295


Thanks! Pushed to master under this ticket:
https://fedorahosted.org/pki/ticket/2399


Abhijeet,

Since we are now on the 10.3.5 milestone, please begin referencing the 
following bug:


  * Bugzilla Bug #1353245 - Dogtag 10.3.5: Miscellaneous Enhancements


This was cloned from PKI TRAC Ticket #2399 - Dogtag 10.3.5: 
Miscellaneous Enhancements  
which Endi correctly identified; I have added the check-in hash to 
both the bug and the ticket.


Thanks,
-- Matt



--
Thanks,
Abhijeet Kasurde

IRC: akasurde
http://akasurde.github.io

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

[Pki-devel] [PATCH] 788 Fixed problem with pki pkcs12-import --no-trust-flags.

2016-07-06 Thread Endi Sukma Dewata


The pki pkcs12-import CLI has been fixed such that when it calls
pki pkcs12-cert-find internally it does not add --no-trust-flags
option.

https://fedorahosted.org/pki/ticket/2399

Pushed to master under one-liner/trivial rule.

--
Endi S. Dewata
>From 59ba26cf9292a578d34d98344e4b1f4d20339508 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" 
Date: Thu, 7 Jul 2016 02:42:14 +0200
Subject: [PATCH] Fixed problem with pki pkcs12-import --no-trust-flags.

The pki pkcs12-import CLI has been fixed such that when it calls
pki pkcs12-cert-find internally it does not add --no-trust-flags
option.

https://fedorahosted.org/pki/ticket/2399
---
 base/common/python/pki/cli/pkcs12.py | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/base/common/python/pki/cli/pkcs12.py b/base/common/python/pki/cli/pkcs12.py
index 3fcea35a4cc45641ec53d3aba933735c1b2c065a..145f1258e3b38cae38205c0f22b074d2bdc8004f 100644
--- a/base/common/python/pki/cli/pkcs12.py
+++ b/base/common/python/pki/cli/pkcs12.py
@@ -159,9 +159,6 @@ class PKCS12ImportCLI(pki.cli.CLI):
 if password_file:
 cmd.extend(['--pkcs12-password-file', password_file])
 
-if no_trust_flags:
-cmd.extend(['--no-trust-flags'])
-
 if self.verbose:
 cmd.extend(['--verbose'])
 
-- 
2.5.5

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

[Pki-devel] [PATCH] 789 Fixed pki pkcs12-import output.

2016-07-06 Thread Endi Sukma Dewata


The pki pkcs12-import has been modified to suppress the output of
external command execution and display a completion message more
consistently.

https://fedorahosted.org/pki/ticket/2399

Pushed to master under one-liner/trivial rule.

--
Endi S. Dewata
>From 12e24ae0eb3f6fb7e0f71b95e3911f45594c5965 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" 
Date: Thu, 7 Jul 2016 03:52:09 +0200
Subject: [PATCH] Fixed pki pkcs12-import output.

The pki pkcs12-import has been modified to suppress the output of
external command execution and display a completion message more
consistently.

https://fedorahosted.org/pki/ticket/2399
---
 base/common/python/pki/cli/pkcs12.py | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/base/common/python/pki/cli/pkcs12.py b/base/common/python/pki/cli/pkcs12.py
index 145f1258e3b38cae38205c0f22b074d2bdc8004f..ded79c7cd884d2ce91c73aa39a2c9f02516d7067 100644
--- a/base/common/python/pki/cli/pkcs12.py
+++ b/base/common/python/pki/cli/pkcs12.py
@@ -314,4 +314,7 @@ class PKCS12ImportCLI(pki.cli.CLI):
 
 cmd.extend(nicknames)
 
-main_cli.execute_java(cmd)
+with open(os.devnull, 'w') as f:
+main_cli.execute_java(cmd, stdout=f)
+
+self.print_message('Import complete')
-- 
2.5.5

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

[Pki-devel] [PATCH] 787 Added general exception handling for pki-server CLI.

2016-07-06 Thread Endi Sukma Dewata


The pki-server CLI has been modified to catch all exceptions and
display a simple exception message. In verbose mode it will
display the stack trace.

https://fedorahosted.org/pki/ticket/2381

Pushed to master under one-liner/trivial rule.

--
Endi S. Dewata
>From 9a7f5f8febe7ff044bcda109f57d493e606cbea1 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" 
Date: Wed, 6 Jul 2016 23:02:18 +0200
Subject: [PATCH] Added general exception handling for pki-server CLI.

The pki-server CLI has been modified to catch all exceptions and
display a simple exception message. In verbose mode it will
display the stack trace.

https://fedorahosted.org/pki/ticket/2381
---
 base/server/sbin/pki-server | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/base/server/sbin/pki-server b/base/server/sbin/pki-server
index cea62b7e4ddb45a1aa8a14d0f5b2dcf873427b67..6df70dc848680aef2f54b93e0d8bc0a776a4a292 100644
--- a/base/server/sbin/pki-server
+++ b/base/server/sbin/pki-server
@@ -116,3 +116,9 @@ if __name__ == '__main__':
 traceback.print_exc()
 print('ERROR: %s' % e)
 sys.exit(e.returncode)
+
+except Exception as e:  # pylint: disable=broad-except
+if cli.verbose:
+traceback.print_exc()
+print('ERROR: %s' % e)
+sys.exit(1)
-- 
2.5.5

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

[Pki-devel] [PATCH] 786 Added validation for pki client-cert-request sensitive parameter.

2016-07-06 Thread Endi Sukma Dewata


The pki client-cert-request CLI has been modified to validate the
boolean sensitive parameter.

https://fedorahosted.org/pki/ticket/2383

Pushed to master under one-liner/trivial rule.

--
Endi S. Dewata
>From db75d23cbb90b834b2b515ce6344346522067b7b Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" 
Date: Wed, 6 Jul 2016 22:30:52 +0200
Subject: [PATCH] Added validation for pki client-cert-request sensitive
 parameter.

The pki client-cert-request CLI has been modified to validate the
boolean sensitive parameter.

https://fedorahosted.org/pki/ticket/2383
---
 .../src/com/netscape/cmstools/client/ClientCertRequestCLI.java | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java b/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java
index 0240b76d6a5907f51091f767d4e7aabe30dc..aff3220f02d59b1e864f1d78f2c3744c8454d6f0 100644
--- a/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java
@@ -186,6 +186,9 @@ public class ClientCertRequestCLI extends CLI {
 if (s == null) {
 sensitive = -1;
 } else {
+if (!s.equalsIgnoreCase("true") && !s.equalsIgnoreCase("false")) {
+throw new IllegalArgumentException("Invalid sensitive parameter: " + s);
+}
 sensitive = Boolean.parseBoolean(s) ? 1 : 0;
 }
 
-- 
2.5.5

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

[Pki-devel] [PATCH] 785 Added validation for pki client-cert-request extractable parameter.

2016-07-06 Thread Endi Sukma Dewata


The pki client-cert-request CLI has been modified to validate the
boolean extractable parameter.

https://fedorahosted.org/pki/ticket/2383

Pushed to master under one-liner/trivial rule.

--
Endi S. Dewata
>From 2e675e742428adef2f1a338f5bc57b12f464692d Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" 
Date: Wed, 6 Jul 2016 22:05:09 +0200
Subject: [PATCH] Added validation for pki client-cert-request extractable
 parameter.

The pki client-cert-request CLI has been modified to validate the
boolean extractable parameter.

https://fedorahosted.org/pki/ticket/2383
---
 .../src/com/netscape/cmstools/client/ClientCertRequestCLI.java | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java b/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java
index 3ec4745e6a38058d7bb697df5f367c8831bfa216..0240b76d6a5907f51091f767d4e7aabe30dc 100644
--- a/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java
@@ -194,6 +194,9 @@ public class ClientCertRequestCLI extends CLI {
 if (s == null) {
 extractable = -1;
 } else {
+if (!s.equalsIgnoreCase("true") && !s.equalsIgnoreCase("false")) {
+throw new IllegalArgumentException("Invalid extractable parameter: " + s);
+}
 extractable = Boolean.parseBoolean(s) ? 1 : 0;
 }
 
-- 
2.5.5

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

[Pki-devel] [PATCH] 784 Fixed CLI error message on connection problems

2016-07-06 Thread Endi Sukma Dewata


The CLI has been modified to display the actual error message
instead of generic ProcessingException.

https://fedorahosted.org/pki/ticket/2377

Pushed under one-liner/trivial rule.

--
Endi S. Dewata
>From 215585ccea716d341c5d9902c3d26230d10faf2a Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" 
Date: Wed, 6 Jul 2016 21:12:35 +0200
Subject: [PATCH] Fixed CLI error message on connection problems

The CLI has been modified to display the actual error message
instead of generic ProcessingException.

https://fedorahosted.org/pki/ticket/2377
---
 base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java | 13 -
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
index 797f3cb03300daa721b66f21d6939c039c9c4e06..8f3293deacf6c305fb67a8221e418459833002b1 100644
--- a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
@@ -31,6 +31,8 @@ import java.net.UnknownHostException;
 import java.util.Collection;
 import java.util.HashSet;
 
+import javax.ws.rs.ProcessingException;
+
 import org.apache.commons.cli.CommandLine;
 import org.apache.commons.cli.Option;
 import org.apache.commons.lang.StringUtils;
@@ -571,11 +573,20 @@ public class MainCLI extends CLI {
 MainCLI cli = new MainCLI();
 cli.execute(args);
 
+} catch (ProcessingException e) {
+Throwable t = e.getCause();
+if (verbose) {
+t.printStackTrace(System.err);
+} else {
+System.err.println(t.getClass().getSimpleName() + ": " + t.getMessage());
+}
+System.exit(-1);
+
 } catch (Throwable t) {
 if (verbose) {
 t.printStackTrace(System.err);
 } else {
-System.err.println(t.getClass().getSimpleName()+": "+t.getMessage());
+System.err.println(t.getClass().getSimpleName() + ": " + t.getMessage());
 }
 System.exit(-1);
 }
-- 
2.5.5

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

[Pki-devel] [PATCH] 783 Fixed exception chain in SigningUnit.init().

2016-07-06 Thread Endi Sukma Dewata


The SigningUnit.init() has been modified to chain the exceptions
to help troubleshooting.

https://fedorahosted.org/pki/ticket/2399

Pushed under one-liner/trivial rule.

--
Endi S. Dewata
>From 03926918b688d6634a46e322565bd1ab8ccdd811 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" 
Date: Wed, 6 Jul 2016 17:40:13 +0200
Subject: [PATCH] Fixed exception chain in SigningUnit.init().

The SigningUnit.init() has been modified to chain the exceptions
to help troubleshooting.

https://fedorahosted.org/pki/ticket/2399
---
 base/ca/src/com/netscape/ca/SigningUnit.java   | 45 +-
 .../certsrv/ca/CAMissingCertException.java |  3 ++
 .../netscape/certsrv/ca/CAMissingKeyException.java |  3 ++
 3 files changed, 32 insertions(+), 19 deletions(-)

diff --git a/base/ca/src/com/netscape/ca/SigningUnit.java b/base/ca/src/com/netscape/ca/SigningUnit.java
index 60bd84e3b365b8ea4db53314427bf525668597cb..f708e557f0dab38ba22e6e39431ffe3964b706f4 100644
--- a/base/ca/src/com/netscape/ca/SigningUnit.java
+++ b/base/ca/src/com/netscape/ca/SigningUnit.java
@@ -22,10 +22,6 @@ import java.security.NoSuchAlgorithmException;
 import java.security.PublicKey;
 import java.security.SignatureException;
 
-import netscape.security.x509.AlgorithmId;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509Key;
-
 import org.mozilla.jss.CryptoManager;
 import org.mozilla.jss.NoSuchTokenException;
 import org.mozilla.jss.crypto.CryptoToken;
@@ -42,15 +38,19 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.ca.ECAException;
 import com.netscape.certsrv.ca.CAMissingCertException;
 import com.netscape.certsrv.ca.CAMissingKeyException;
+import com.netscape.certsrv.ca.ECAException;
 import com.netscape.certsrv.common.Constants;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.security.ISigningUnit;
 import com.netscape.cmscore.security.JssSubsystem;
 import com.netscape.cmsutil.util.Cert;
 
+import netscape.security.x509.AlgorithmId;
+import netscape.security.x509.X509CertImpl;
+import netscape.security.x509.X509Key;
+
 /**
  * CA signing unit based on JSS.
  *
@@ -171,7 +171,7 @@ public final class SigningUnit implements ISigningUnit {
 mCert = mManager.findCertByNickname(mNickname);
 CMS.debug("Found cert by nickname: '" + mNickname + "' with serial number: " + mCert.getSerialNumber());
 } catch (ObjectNotFoundException e) {
-throw new CAMissingCertException(CMS.getUserMessage("CMS_CA_CERT_OBJECT_NOT_FOUND"));
+throw new CAMissingCertException(CMS.getUserMessage("CMS_CA_CERT_OBJECT_NOT_FOUND"), e);
 }
 
 mCertImpl = new X509CertImpl(mCert.getEncoded());
@@ -181,7 +181,7 @@ public final class SigningUnit implements ISigningUnit {
 mPrivk = mManager.findPrivKeyByCert(mCert);
 CMS.debug("Got private key from cert");
 } catch (ObjectNotFoundException e) {
-throw new CAMissingKeyException(CMS.getUserMessage("CMS_CA_CERT_OBJECT_NOT_FOUND"));
+throw new CAMissingKeyException(CMS.getUserMessage("CMS_CA_CERT_OBJECT_NOT_FOUND"), e);
 }
 
 mPubk = mCert.getPublicKey();
@@ -194,32 +194,39 @@ public final class SigningUnit implements ISigningUnit {
 CMS.debug(
 "got signing algorithm " + mDefSigningAlgorithm);
 mInited = true;
+
 } catch (java.security.cert.CertificateException e) {
-CMS.debug("SigningUnit init: debug " + e.toString());
+CMS.debug("SigningUnit: " + e);
 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_CA_CERT", e.getMessage()));
-throw new ECAException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString()));
+throw new ECAException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString()), e);
+
 } catch (CryptoManager.NotInitializedException e) {
-CMS.debug("SigningUnit init: debug " + e.toString());
+CMS.debug("SigningUnit: " + e);
 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_TOKEN_INIT", e.toString()));
-throw new ECAException(CMS.getUserMessage("CMS_CA_CRYPTO_NOT_INITIALIZED"));
+throw new ECAException(CMS.getUserMessage("CMS_CA_CRYPTO_NOT_INITIALIZED"), e);
+
 } catch (IncorrectPasswordException e) {
-CMS.debug("SigningUnit init: debug " + e.toString());
+CMS.debug("SigningUnit: " + e);
 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_WRONG_PWD", e.toString()));
-throw new ECAException(CMS.getUserMessage("CMS_CA_INVALID_PASSWORD"));
+throw new ECAException(CMS.getUserMessage("CMS_CA_INVALID_PASSWORD"), e);
+

Re: [Pki-devel] [PATCH 0010] Added instance and subsystem validation for pki-server subsystem-* commands.

2016-07-06 Thread Matthew Harmsen


On 07/06/2016 09:30 AM, Endi Sukma Dewata wrote:

On 7/2/2016 12:48 AM, Abhijeet Kasurde wrote:

Hi All,

Please review the patch.

Partially fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1351295


Thanks! Pushed to master under this ticket:
https://fedorahosted.org/pki/ticket/2399


Abhijeet,

Since we are now on the 10.3.5 milestone, please begin referencing the 
following bug:


 * Bugzilla Bug #1353245 - Dogtag 10.3.5: Miscellaneous Enhancements
   

This was cloned from PKI TRAC Ticket #2399 - Dogtag 10.3.5: 
Miscellaneous Enhancements  
which Endi correctly identified; I have added the check-in hash to both 
the bug and the ticket.


Thanks,
-- Matt

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

Re: [Pki-devel] [PATCH 0010] Added instance and subsystem validation for pki-server subsystem-* commands.

2016-07-06 Thread Endi Sukma Dewata


On 7/2/2016 12:48 AM, Abhijeet Kasurde wrote:

Hi All,

Please review the patch.

Partially fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1351295


Thanks! Pushed to master under this ticket:
https://fedorahosted.org/pki/ticket/2399

--
Endi S. Dewata

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

Re: [Pki-devel] [PATCH 0010] Added instance and subsystem validation for pki-server subsystem-* commands.

[Pki-devel] [PATCH] 788 Fixed problem with pki pkcs12-import --no-trust-flags.

[Pki-devel] [PATCH] 789 Fixed pki pkcs12-import output.

[Pki-devel] [PATCH] 787 Added general exception handling for pki-server CLI.

[Pki-devel] [PATCH] 786 Added validation for pki client-cert-request sensitive parameter.

[Pki-devel] [PATCH] 785 Added validation for pki client-cert-request extractable parameter.

[Pki-devel] [PATCH] 784 Fixed CLI error message on connection problems

[Pki-devel] [PATCH] 783 Fixed exception chain in SigningUnit.init().

Re: [Pki-devel] [PATCH 0010] Added instance and subsystem validation for pki-server subsystem-* commands.

Re: [Pki-devel] [PATCH 0010] Added instance and subsystem validation for pki-server subsystem-* commands.

10 matches

Site Navigation

Mail list logo

Footer information