[Pki-devel] Jack PTO Starting Monday Aug 22

2016-08-18 Thread John Magne 
Returning Day after labor day.


Will be easily reachable if needed by mobile the whole time.

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

[Pki-devel] [PATCH] CMCEnroll man page + (proposed) HEADER/FOOTER changes

2016-08-18 Thread Matthew Harmsen 
Please review the following patches which add a CMCEnroll man page AND 
proposes code changes to the command line tools to allow them to used 
the preferred RFC 7468 HEADERS and TRAILERS (see 
https://www.rfc-editor.org/rfc/rfc7468.txt):


 * PKI TRAC Ticket #690 - [MAN] pki-tools man pages
   
 * PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements
   

The first patch contains all of the code changes, and the second patch 
simply contains the associated spec file change.


From ebfb6a5c8288f87e7fbd2d4650afc2e7383f6865 Mon Sep 17 00:00:00 2001
From: Matthew Harmsen 
Date: Thu, 18 Aug 2016 18:31:42 -0600
Subject: [PATCH] pki-tools CMCEnroll man page plus HEADER/FOOTER changes

* PKI TRAC Ticket #690 - [MAN] pki-tools man pages
  - CMCEnroll
* PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements
---
 base/java-tools/man/man1/CMCEnroll.1   | 570 +
 .../src/com/netscape/cmstools/CMCEnroll.java   |  13 +-
 .../src/com/netscape/cmstools/CMCRequest.java  |   4 +-
 .../src/com/netscape/cmstools/CMCRevoke.java   |  11 +-
 .../src/com/netscape/cmstools/CRMFPopClient.java   |   8 +-
 .../src/com/netscape/cmstools/PKCS10Client.java|  11 +-
 6 files changed, 599 insertions(+), 18 deletions(-)
 create mode 100644 base/java-tools/man/man1/CMCEnroll.1

diff --git a/base/java-tools/man/man1/CMCEnroll.1 b/base/java-tools/man/man1/CMCEnroll.1
new file mode 100644
index 000..405a1af
--- /dev/null
+++ b/base/java-tools/man/man1/CMCEnroll.1
@@ -0,0 +1,570 @@
+.\" First parameter, NAME, should be all caps
+.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
+.\" other parameters are allowed: see man(7), man(1)
+.TH CMCEnroll 1 "July 20, 2016" "version 10.3" "PKI CMC Enrollment Tool" Dogtag Team
+.\" Please adjust this date whenever revising the man page.
+.\"
+.\" Some roff macros, for reference:
+.\" .nhdisable hyphenation
+.\" .hyenable hyphenation
+.\" .ad l  left justify
+.\" .ad b  justify to both left and right margins
+.\" .nfdisable filling
+.\" .fienable filling
+.\" .brinsert line break
+.\" .sp insert n+1 empty lines
+.\" for man page specific macros, see man(7)
+.SH NAME
+CMCEnroll \- Used to sign a certificate request with an agent's certificate.
+
+.SH SYNOPSIS
+.PP
+\fBCMCEnroll -d  -n  -r  -p \fP
+
+.SH DESCRIPTION
+.PP
+The Certificate Management over Cryptographic Message Syntax (CMC) Enrollment utility, \fBCMCEnroll\fP, provides a command-line utility used to sign a certificate request with an agent's certificate. This can be used in conjunction with the CA end-entity CMC Enrollment form to sign and enroll certificates for users.
+.PP
+\fBCMCEnroll\fP takes a standard PKCS #10 certificate request and signs it with an agent certificate. The output is also a certificate request which can be submitted through the appropriate profile.
+
+.SH OPTIONS
+.PP
+The following parameters are mandatory:
+.PP
+\fBNote:\fP
+Surround values that include spaces with quotation marks.
+.TP
+.B -d 
+The directory containing the \fBcert8.db\fP, \fBkey3.db\fP, and \fBsecmod.db\fP files associated with the agent certificate. This is usually the agent's personal directory, such as their browser certificate database in the home directory.
+
+.TP
+.B -n 
+The nickname of the agent certificate that is used to sign the request.
+
+.TP
+.B -r 
+The filename of the certificate request.
+
+.TP
+.B -p 
+The password to the NSS certificate database which contains the agent certificate, given in \fB-d \fP.
+
+.SH EXAMPLES
+.PP
+Signed requests must be submitted to the CA to be processed.
+.PP
+\fBNote:\fP For this example to work automatically, the \fBCMCAuth\fP plug-in must be enabled on the CA server (which it is by default).
+.TP
+(1) Create a PKCS #10 certificate request using a tool like \fBcertutil\fP:
+.IP
+.nf
+# cd ~/.mozilla/firefox/
+
+# certutil -d . -L
+Certificate Nickname Trust Attributes
+ SSL,S/MIME,JAR/XPI
+
+Google Internet Authority G2 ,,   
+COMODO RSA Domain Validation Secure Server CA,,   
+pki.example.com  ,,   
+DigiCert SHA2 Secure Server CA   ,,   
+DigiCert SHA2 Extended Validation Server CA  ,,   
+COMODO RSA Extended Validation Secure Server CA 2,,   
+Symantec Class 3 Secure Server CA - G4   ,,   
+Go Daddy Secure Certificate Authority - G2   ,,   
+Oracle SSL CA - G2   ,,   
+GeoTrust EV SSL CA - G4  ,,   
+Symantec Class 3 Secure Server SHA256 SSL CA ,,   
+GeoTrust SSL CA - G3

[Pki-devel] [PATCH] 819 Added debug messages for ConfigurationUtils.handleCerts().

2016-08-18 Thread Endi Sukma Dewata 

To help troubleshooting some debug messages have been added into
ConfigurationUtils.handleCerts().

https://fedorahosted.org/pki/ticket/2436

Pushed to master (10.4) under one-liner/trivial rule.

--
Endi S. Dewata
>From 9aa6640e7e94a591343478ee806a6e6d4c9f81e8 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" 
Date: Thu, 18 Aug 2016 05:40:25 +0200
Subject: [PATCH] Added debug messages for ConfigurationUtils.handleCerts().

To help troubleshooting some debug messages have been added into
ConfigurationUtils.handleCerts().

https://fedorahosted.org/pki/ticket/2436
---
 .../cms/servlet/csadmin/ConfigurationUtils.java | 21 -
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
index 34948822b593dd8bf03ff4db81a3d232c65da291..992ccc105047954b6f9be7847a43247711d8d1ee 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
@@ -3153,6 +3153,9 @@ public class ConfigurationUtils {
 String tokenname = config.getString("preop.module.token", "");
 
 if (cert.getType().equals("local") && b64.equals("...certificate be generated internally...")) {
+
+CMS.debug("handleCerts(): processing local cert");
+
 String pubKeyType = config.getString(PCERT_PREFIX + certTag + ".keytype");
 X509Key x509key = null;
 if (pubKeyType.equals("rsa")) {
@@ -3177,24 +3180,33 @@ public class ConfigurationUtils {
 CMS.debug("handleCerts(): nickname=" + nickname);
 
 try {
+CMS.debug("handleCerts(): deleting existing cert");
 if (certTag.equals("sslserver") && findBootstrapServerCert())
 deleteBootstrapServerCert();
 if (findCertificate(tokenname, nickname))
 deleteCert(tokenname, nickname);
+
+CMS.debug("handleCerts(): importing new cert");
 if (certTag.equals("signing") && subsystem.equals("ca"))
 CryptoUtil.importUserCertificate(impl, nickname);
 else
 CryptoUtil.importUserCertificate(impl, nickname, false);
 CMS.debug("handleCerts(): cert imported for certTag '" + certTag + "'");
+
 } catch (Exception ee) {
 CMS.debug(ee);
 CMS.debug("handleCerts(): import certificate for certTag=" + certTag + " Exception: "
 + ee.toString());
 }
 }
+
 } else if (cert.getType().equals("remote")) {
+
+CMS.debug("handleCerts(): processing remote cert");
+
 if (b64 != null && b64.length() > 0 && !b64.startsWith("...")) {
-CMS.debug("handleCerts(): process remote...import cert");
+
+CMS.debug("handleCerts(): deleting existing cert");
 String b64chain = cert.getCertChain();
 
 try {
@@ -3207,6 +3219,7 @@ public class ConfigurationUtils {
 CMS.debug("ConfigurationUtils: update (remote): deleteCert Exception=" + e.toString());
 }
 
+CMS.debug("handleCerts(): importing new cert");
 b64 = CryptoUtil.stripCertBrackets(b64.trim());
 String certs = CryptoUtil.normalizeCertStr(b64);
 byte[] certb = CryptoUtil.base64Decode(certs);
@@ -3256,11 +3269,16 @@ public class ConfigurationUtils {
 CMS.debug("handleCerts(): b64 not set");
 return 1;
 }
+
 } else {
+CMS.debug("handleCerts(): processing " + cert.getType() + " cert");
+
 b64 = CryptoUtil.stripCertBrackets(b64.trim());
 String certs = CryptoUtil.normalizeCertStr(b64);
 byte[] certb = CryptoUtil.base64Decode(certs);
 X509CertImpl impl = new X509CertImpl(certb);
+
+CMS.debug("handleCerts(): deleting existing cert");
 try {
 if (certTag.equals("sslserver") && findBootstrapServerCert())
 deleteBootstrapServerCert();
@@ -3271,6 +3289,7 @@ public class ConfigurationUtils {
 CMS.debug("handleCerts(): deleteCert Exception=" + ee.toString());
 }
 
+CMS.debug("handleCerts(): importing new cert");
 try {
 if (certTag.equals("signing") && subsystem.equals("ca"))
 CryptoUtil.importUserCertificate(impl, nickname);
-- 
2.5.5

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel