[ol7_latest] pki-base-java-10.4.1-10.el7.noarch

The PKI Framework contains the common and client libraries and utilities
written in Java.  This package is a part of the PKI Core used by the
Certificate System.

This package is a part of the PKI Core used by the Certificate System.


==================================
||  ABOUT "CERTIFICATE SYSTEM"  ||
==================================

Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.

PKI Core contains ALL top-level java-based Tomcat PKI components:

  * pki-symkey
  * pki-base
  * pki-base-python2 (alias for pki-base)
  * pki-base-python3
  * pki-base-java
  * pki-tools
  * pki-server
  * pki-ca
  * pki-kra
  * pki-ocsp
  * pki-tks
  * pki-tps
  * pki-javadoc

which comprise the following corresponding PKI subsystems:

  * Certificate Authority (CA)
  * Key Recovery Authority (KRA)
  * Online Certificate Status Protocol (OCSP) Manager
  * Token Key Service (TKS)
  * Token Processing Service (TPS)

Python clients need only install the pki-base package.  This
package contains the python REST client packages and the client
upgrade framework.

Java clients should install the pki-base-java package.  This package
contains the legacy and REST Java client packages.  These clients
should also consider installing the pki-tools package, which contain
native and Java-based PKI tools and utilities.

Certificate Server instances require the fundamental classes and
modules in pki-base and pki-base-java, as well as the utilities in
pki-tools.  The main server classes are in pki-server, with subsystem
specific Java classes and resources in pki-ca, pki-kra, pki-ocsp etc.

Finally, if Certificate System is being deployed as an individual or
set of standalone rather than embedded server(s)/service(s), it is
strongly recommended (though not explicitly required) to include at
least one PKI Theme package:

  * dogtag-pki-theme (Dogtag Certificate System deployments)
    * dogtag-pki-server-theme
  * redhat-pki-server-theme (Red Hat Certificate System deployments)
    * redhat-pki-server-theme
  * customized pki theme (Customized Certificate System deployments)
    * <customized>-pki-server-theme

  NOTE:  As a convenience for standalone deployments, top-level meta
         packages may be provided which bind a particular theme to
         these certificate server packages.

Changelog (Show File list) (Show related packages)

• Mon Jun 19 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-10

  - ##########################################################################
  - RHEL 7.4:
  - ##########################################################################
  - Bugzilla Bug #1458043 - Key recovery on token fails with
    invalid public key error on KRA (alee)
  - Bugzilla Bug #1460764 - CC: CMC: check HTTPS client
    authentication cert against CMC signer (cfu)
  - Bugzilla Bug #1461533 - Unable to find keys in the p12 file after
    deleting the any of the subsystem certs from it (ftweedal)

• Mon Jun 12 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-9

  - ##########################################################################
  - RHEL 7.4:
  - ##########################################################################
  - Bugzilla Bug #1393633 - Creating symmetric key (sharedSecret)
    using tkstool is failing when RHEL 7.3 is in FIPS mode. (jmagne)
  - Bugzilla Bug #1419756 - CC: allow CA to process pre-signed CMC
    non-signing certificate requests (cfu)
  - Bugzilla Bug #1419777 - CC: allow CA to process pre-signed CMC
     revocation non-signing cert requests (cfu)
  - Bugzilla Bug #1458047 - change the way aes clients refer to
    aes keysets (alee)
  - Bugzilla Bug #1458055 - dont reuse IVs in the CMC code
    (alee)
  - Bugzilla Bug #1460028 - In keywrap mode, key recovery on
    KRA with HSM causes KRA to crash (ftweedal)

• Mon Jun 05 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-8

  - Require "selinux-policy-targeted >= 3.13.1-159" as a runtime requirement
  - Require "tomcatjss >= 7.2.1-4" as a build and runtime requirement
  - ##########################################################################
  - RHEL 7.4:
  - ##########################################################################
  - Bugzilla Bug #1400149 - pkispawn fails to create CA subsystem on FIPS
    enabled system (edewata)
  - Bugzilla Bug #1447144 - CA brought down during separate KRA instance
    creation (edewata)
  - Bugzilla Bug #1447762 - pkispawn fails occasionally with this failure
    ACCESS_SESSION_ESTABLISH_FAILURE (edewata)
  - Bugzilla Bug #1454450 - SubCA installation failure with 2 step
    installation in fips enabled mode (edewata)
  - Bugzilla Bug #1456597 - Certificate import using pki client-cert-import
    is asking for password when already provided (edewata)
  - Bugzilla Bug #1456940 - Build failure due to Pylint issues (cheimes)
  - Bugzilla Bug #1458043 - Key recovery using externalReg fails
    with java null pointer exception on KRA (alee)
  - Bugzilla Bug #1458379 - Upgrade script for keepAliveTimeout parameter
    (edewata)
  - Bugzilla Bug #1458429 - client-cert-import --ca-cert should
    import CA cert with trust bits "CT,C,C" (edewata)
  - ##########################################################################
  - RHCS 9.2:
  - ##########################################################################
  - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne)

• Tue May 30 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-7

  - ##########################################################################
  - RHEL 7.4:
  - ##########################################################################
  - Bugzilla Bug #1393633 - Creating symmetric key (sharedSecret)
    using tkstool is failing when RHEL 7.3 is in FIPS mode. (jmagne)
  - Bugzilla Bug #1445519 - CA Server installation with HSM fails
    (jmagne)
  - Bugzilla Bug #1452617 - Unable to create IPA Sub CA
    (ftweedal)
  - Bugzilla Bug #1454471 - Enabling all subsystems on startup
    (edewata)
  - Bugzilla Bug #1455617 - Key recovery on token fails because
    key record is not marked encrypted (alee)

• Tue May 23 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-6

  - Bugzilla Bug #1454603 - Unable to install IPA server due to pkispawn error
    (mharmsen)

• Mon May 22 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-5

  - ##########################################################################
  - RHEL 7.4:
  - ##########################################################################
  - Bugzilla Bug #1419761 - CC: allow CA to process pre-signed CMC renewal
    non-signing cert requests (cfu)
  - Bugzilla Bug #1447080 - CC: CMC: allow enrollment key signed (self-signed)
    CMC with identity proof (cfu)
  - Bugzilla Bug #1447144 - CA brought down during separate KRA instance
    creation (mharmsen)
  - Bugzilla Bug #1448903 - exception Invalid module "--ignore-banner" when
    defined in ~/.dogtag/pki.conf and run pki pkcs12-import --help (edewata)
  - Bugzilla Bug #1450143 - CA installation with HSM in FIPS mode fails (jmagne)
  - Bugzilla Bug #1452123 - CA CS.cfg shows default port (mharmsen)
  - Bugzilla Bug #1452250 - Inconsistent CERT_REQUEST_PROCESSED event in
    ConnectorServlet. (edewata)
  - Bugzilla Bug #1452340 - Ensuring common audit log correctness (edewata)
  - Bugzilla Bug #1452344 - Adding serial number into CERT_REQUEST_PROCESSED
    audit event. (edewata)

• Tue May 09 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-4

  - ##########################################################################
  - RHEL 7.4:
  - ##########################################################################
  - Bugzilla Bug #1386303 - cannot extract generated private key from KRA when
    HSM is used. (alee)
  - Bugzilla Bug #1446364 - pkispawn returns before tomcat is ready (cheimes)
  - Bugzilla Bug #1447145 - CMC: cmc.popLinkWitnessRequired=false would cause
    error (cfu)
  - Bugzilla Bug #1448203 - CAInfoService: retrieve KRA-related values from
    the KRA (ftweedal)
  - Bugzilla Bug #1448204 - pkispawn of clone install fails with
    InvalidBERException (ftweedal)
  - Bugzilla Bug #1448521 - kra unable to extract symmetric keys generated on
    thales hsm (alee)
  - Updated "jss" build and runtime requirements (mharmsen)
  - ##########################################################################
  - RHCS 9.2:
  - ##########################################################################
  - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne)

• Mon May 01 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-3

  - ############################################################################
  - RHEL 7.4:
  - ############################################################################
  - Bugzilla Bug #1303683 - dogtag should support GSSAPI based auth in
    conjuction with FreeIPA (ftweedal)
  - Bugzilla Bug #1385208 - RHCS 9.1 RC5 CA in the certificate profiles the
    startTime parameter is not working as expected. (jmagne)
  - Bugzilla Bug #1419756 - CC: allow CA to process pre-signed CMC non-signing
    certificate requests (cfu)
  - Bugzilla Bug #1426754 - PKCS12: upgrade to at least AES and SHA2 (ftweedal)
  - Bugzilla Bug #1445088 - profile modification cannot remove existing config
    parameters (ftweedal)
  - Bugzilla Bug #1445535 - CC: Crypto Operation (AES Encryption/Decryption)
    (RHEL) (alee)
  - Bugzilla Bug #1446874 - Missing ClientIP and ServerIP in audit log when
    pki CLI terminates SSL connection (edewata)
  - Bugzilla Bug #1446875 - Session timeout for PKI console (RHEL) (edewata)
  - ############################################################################
  - RHCS 9.2:
  - ############################################################################
  - Bugzilla Bug #1404480 - CC: Crypto Operation (AES Encryption/Decryption)
    (RHCS) (alee)

• Mon Apr 17 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-2

  - ############################################################################
  - RHEL 7.4:
  - ############################################################################
  - Bugzilla Bug #1282504 - Installing pki-server in container reports
    scriptlet failed, exit status 1 (jpazdziora)
  - Bugzilla Bug #1400149 - pkispawn fails to create CA subsystem on FIPS
    enabled system (edewata)
  - Bugzilla Bug #1410650 - [RFE] Add SCP03 support
    for sc 7 g & d cards (RHEL) (jmagne)
  - Bugzilla Bug #1437591 - cli authentication using expired cert throws an
    exception (edewata)
  - Bugzilla Bug #1437602 - non-CA cli looks for CA in the instance during a
    request (edewata)
  - ############################################################################
  - RHCS 9.2:
  - ############################################################################
  - Bugzilla Bug #1274086 - [RFE] Add SCP03 support
    for sc 7 g & d cards (RHCS) (jmagne)
  - ############################################################################
  - Common Criteria
  - ############################################################################
  - Bugzilla Bug #1404080 - CC: add audit event: various SSL/TLS failures
    (edewata)
  - Bugzilla Bug #1417307 - CC: Audit Review /Searches (edewata)
  - Bugzilla Bug #1419737 - CC: CMC: id-cmc-popLinkWitnessV2 feature
    implementation (cfu)

• Mon Mar 27 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-1

  - Require "nss >= 3.28.3" as a build and runtime requirement
  - Require "jss >= 4.4.0-4" as a build and runtime requirement
  - Require "tomcatjss >= 7.2.1-3" as a build and runtime requirement
  - dogtagpki Pagure Issue #2612 - Unable to clone due to pki pkcs12-cert-find
    failure (edewata)
  - ############################################################################
  - Bugzilla Bug #1394309 - Rebase pki-core to 10.4.x in RHEL-7.4
  - Bugzilla Bug #1394315 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
    pki-console to 10.4.x
  - ############################################################################
  - RHEL 7.4:
  - ############################################################################
  - ############################################################################
  - RHCS 9.2:
  - ############################################################################
  - ############################################################################
  - Common Criteria
  - ############################################################################
  - Bugzilla Bug #1419734 - CC: CMC: id-cmc-identityProofV2 feature
    implementation (cfu)
  - Bugzilla Bug #1419742 - CC: CMC: provide Proof of Possession for encryption
    cert requests (cfu)
  - Bugzilla Bug #1404080 - CC: add audit event: various SSL/TLS failures
    (edewata)
  - Bugzilla Bug #1428020 - CC: CMC feature support: provided issuance
    protection cert mechanism (cfu)