Re: [Pki-devel] [pki-devel][PATCH]

2016-11-22 Thread John Magne 
Verbally discussed issue with cfu, was given cond ack upon fixing the issue:

Issue has been fixed, checked into master.

commit cdb8d2f7a3655b4ba97b70a9460721e0d2d8afe7
Author: Jack Magne 
Date:   Tue Nov 15 17:37:07 2016 -0800

Change lifecycle at end of enrollment if it is not already set.

TPS throws "err=6" when attempting to format and enroll G Cards.
https://bugzilla.redhat.com/show_bug.cgi?id=1320283

This fix addresses this bug , but also:
Fixes this issue:

Applet upgrade during rekey operation results in formatted token.

 Also, it takes care of a related issue where the new apdu needed for the
lifecycle state causes the testing tool "tpslcient" to seg fault.
The fix here is a minimal fix to have tpsclient return an error when it gets
this apdu it can't handle, instead of crashing.


Closed ticket # 2544



- Original Message -
> From: "Christina Fu" 
> To: pki-devel@redhat.com
> Sent: Wednesday, November 16, 2016 6:25:49 PM
> Subject: Re: [Pki-devel] [pki-devel][PATCH]
> 
> 
> 
> I compared this patch with the original C patch. There was a check in C that
> does not exist in your Java patch:
>   1019
> if(data.size() != 3){
> 
>   1020
> lifecycle = 0xf0;
> 
>   1021
> RA::Error(LL_PER_PDU, "RA_Processor::GetLifecycle", "apdu response is the
> wrong size, the size is: %x", data.size());
> 
>   1022
> goto loser;
> 
>   1023
> }
> 
> Why does it not apply in Java?
> 
> Thanks,
> Christina
> 
> On 11/15/2016 06:20 PM, John Magne wrote:
> 
> 
> 
> Ticket: TPS throws "err=6" when attempting to format and e :
> https://fedorahosted.org/pki/ticket/2544 Fix tested on standard card, it
> does what it is supposed to do. It checks first to make sure the lifecycle
> state needs to be changed before attempting to do so. This will prevent any
> cards that return an error when
> one tries to over write the value with the same value it had before.
> 
> 
> ___
> Pki-devel mailing list Pki-devel@redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
> 
> 
> ___
> Pki-devel mailing list
> Pki-devel@redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

[Pki-devel] [PATCH] 876 Updated pki-cert man page.

2016-11-22 Thread Endi Sukma Dewata 

The pki-cert man page has been updated to clarify that certain
profiles may require authentication and the CLI supports certain
authentication types.

https://fedorahosted.org/pki/ticket/2289

Pushed to master under trivial/one-liner rule.

--
Endi S. Dewata
>From 52694cd6acf81446623b6d24947d8d3afdc8536c Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" 
Date: Tue, 22 Nov 2016 19:29:58 +0100
Subject: [PATCH] Updated pki-cert man page.

The pki-cert man page has been updated to clarify that certain
profiles may require authentication and the CLI supports certain
authentication types.

https://fedorahosted.org/pki/ticket/2289
---
 base/java-tools/man/man1/pki-cert.1 | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/base/java-tools/man/man1/pki-cert.1 b/base/java-tools/man/man1/pki-cert.1
index 7ece1ad7bfc277a4093acdee9592d8671b00b6bd..146c82bc7fe1711646f4ea352b91986090bbb602 100644
--- a/base/java-tools/man/man1/pki-cert.1
+++ b/base/java-tools/man/man1/pki-cert.1
@@ -215,7 +215,10 @@ profile, and submit the request using the following command:
 
 .B pki ca-cert-request-submit 
 
-Depending on the profile, an agent may need to review the request by running
+Depending on the profile, the command may require authentication (see the profile configuration file).
+The CLI currently supports client certificate authentication and directory-based authentication.
+
+Also depending on the profile, an agent may need to review and approve the request by running
 the following command:
 
 .B pki  ca-cert-request-review  --file 
-- 
2.5.5

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

Re: [Pki-devel] [PATCH] 339-340 fixes for new Key REST logic

2016-11-22 Thread Ade Lee 
Acked by Endi.

Pushed to Master.

On Mon, 2016-11-21 at 18:33 -0500, Ade Lee wrote:
> Patch 340:
> commit 0e1c6e0634f5d3b3d4b8a3d7293b23f1953cf542
> Author: Ade Lee 
> Date:   Mon Nov 21 17:42:11 2016 -0500
> 
> Fix bug in getting secrets from approved request
> 
> When request was approved and retrieved through the rest
> interface, the corresponding volatile requests object was not
> created due to the new flow.  This makes sure the volatile
> request
> is created.
> 
> Patch 339:
> commit 2e37a2fe6173a9968fd76fb7ff93e7cc188aa700
> Author: Ade Lee 
> Date:   Mon Nov 21 12:01:09 2016 -0500
> 
> Add python-client code for key resource changes
> ___
> Pki-devel mailing list
> Pki-devel@redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel