File: control

package info (click to toggle)
dogtag-pki 10.10.2-3
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, sid
  • size: 74,096 kB
  • sloc: java: 329,656; sh: 290,728; python: 47,626; cpp: 38,497; ansic: 30,300; javascript: 26,885; perl: 9,541; xml: 5,519; jsp: 2,246; makefile: 705; sql: 96; exp: 8
file content (451 lines) | stat: -rw-r--r-- 15,056 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
Source: dogtag-pki
Section: java
Priority: optional
Maintainer: Debian FreeIPA Team <pkg-freeipa-devel@alioth-lists.debian.net>
Uploaders: Timo Aaltonen <tjaalton@debian.org>
Build-Depends:
 apache2-dev,
 cmake,
 debhelper-compat (= 12),
 default-jdk,
 dh-python,
 go-md2man,
 javahelper,
 junit4,
 libactivation-java,
 libcommons-cli-java,
 libcommons-codec-java,
 libcommons-httpclient-java,
 libcommons-io-java,
 libcommons-lang3-java,
 libcommons-net-java,
 libhttpclient-java,
 libhttpcore-java,
 libidm-console-framework-java (>= 1.2.0),
 libjackson2-annotations-java,
 libjackson2-core-java,
 libjackson2-databind-java,
 libjaxb-java,
 libjaxp1.3-java,
 libjna-java,
 libjss-java (>= 4.8.0~),
 libldap-java (>= 4.21.0+dfsg1),
 libldap2-dev,
 libnspr4-dev,
 libnss3-dev,
 libresteasy3.0-java (>= 3.0.19-5),
 libslf4j-java,
 libtomcat9-java,
 libtomcatjss-java (>= 7.6.1~),
 libxalan2-java,
 libxerces2-java,
 libxml-commons-external-java,
 pkg-config,
 policycoreutils,
 python3-cryptography,
 python3-dev,
 python3-distutils,
 python3-ldap,
 python3-nss,
 python3-pytest-runner,
 python3-requests,
 python3-setuptools,
 python3-sphinx,
 python3-urllib3,
 velocity,
 zlib1g-dev,
 389-ds-base-dev (>= 1.4.0.16-1),
Standards-Version: 4.5.0
Homepage: http://pki.fedoraproject.org
Vcs-Git: https://salsa.debian.org/freeipa-team/dogtag-pki.git
Vcs-Browser: https://salsa.debian.org/freeipa-team/dogtag-pki

Package: dogtag-pki
Architecture: all
Depends:
 dogtag-pki-console-theme,
 dogtag-pki-server-theme,
 pki-base,
 pki-ca,
 pki-console,
 pki-javadoc,
 pki-kra,
 pki-ocsp,
 pki-server,
 pki-tks,
 pki-tools,
 pki-tps,
 ${misc:Depends},
Description: Dogtag Public Key Infrastructure (PKI) Suite
 The Dogtag Public Key Infrastructure (PKI) Suite is comprised of the following
 five subsystems and a client (for use by a Token Management System):
 .
   * Certificate Authority (CA)
   * Data Recovery Manager (DRM)
   * Online Certificate Status Protocol (OCSP) Manager
   * Token Key Service (TKS)
   * Token Processing System (TPS)
   * Enterprise Security Client (ESC)
 .
 Additionally, it provides a console GUI application used for server and
 user/group administration of CA, DRM, OCSP, and TKS, javadocs on portions
 of the Dogtag API, as well as various command-line tools used to assist with
 a PKI deployment.
 .
 This metapackage installs every PKI subsystem.

Package: pki-base
Architecture: all
Depends:
 python3-pki-base,
 ${misc:Depends},
 ${python3:Depends},
Description: Certificate System - PKI Framework
 The PKI Framework contains the common and client libraries and utilities.
 .
 This package is a part of the PKI Core used by the Certificate System.

Package: pki-base-java
Architecture: all
Replaces: pki-base (<< 10.3.5-1)
Breaks: pki-base (<< 10.3.5-1)
Depends:
 libcommons-cli-java,
 libcommons-codec-java,
 libcommons-httpclient-java,
 libcommons-io-java,
 libcommons-lang3-java,
 libcommons-logging-java,
 libcommons-net-java,
 libhttpclient-java,
 libhttpcore-java,
 libjaxp1.3-java,
 libjettison-java,
 libjss-java (>= 4.8.0~),
 libldap-java (>= 4.21.0+dfsg1),
 libresteasy3.0-java (>= 3.0.19-5),
 libslf4j-java,
 libstax-java,
 libxalan2-java,
 libxerces2-java,
 libxml-commons-external-java,
 libxml-commons-resolver1.1-java,
 openjdk-11-jre-headless,
 pki-base (= ${binary:Version}),
 ${java:Depends},
 ${misc:Depends},
Suggests:
 pki-tools,
Description: Certificate System - PKI Framework -- java client support
 The PKI Framework contains the common and client libraries and utilities.
 .
 This package is a part of the PKI Core used by the Certificate System.

Package: python3-pki-base
Architecture: all
Depends:
 openssl,
 python3-cryptography,
 python3-ldap,
 python3-nss,
 python3-requests,
 python3-urllib3,
 ${misc:Depends},
 ${python3:Depends},
Description:  Certificate System - PKI Framework -- python3 client support
 The PKI Framework contains the common and client libraries and utilities.
 .
 This package is a part of the PKI Core used by the Certificate System.

Package: pki-tools
Architecture: any
Depends:
 ldap-utils,
 libjackson2-annotations-java,
 libnss3-tools,
 openssl,
 p11-kit-modules,
 pki-base-java (= ${source:Version}),
 python3-pki-base (>= ${source:Version}),
 ${java:Depends},
 ${misc:Depends},
 ${python3:Depends},
 ${shlibs:Depends},
Conflicts: strongswan-starter, strongswan-pki,
Replaces: pki-base-java (<< 10.10.2-3)
Breaks: pki-base-java (<< 10.10.2-3)
Description: Certificate System - PKI Tools
 This package contains PKI executables that can be used to help make
 Certificate System into a more complete and robust PKI solution.
 .
 This package is a part of the PKI Core used by the Certificate System.

Package: pki-server
Architecture: any
Depends:
 adduser,
 dogtag-pki-server-theme (>= ${source:Version}),
 keyutils,
 ldap-utils,
 libactivation-java,
 libatk-wrapper-java,
 libcommons-collections3-java,
 libcommons-dbcp-java,
 libcommons-pool-java,
 libgeronimo-annotation-1.3-spec-java,
 libjackson-json-java,
 libjackson2-annotations-java,
 libjackson2-jaxrs-providers-java,
 libjaxb-java,
 libjboss-logging-java,
 libjna-java,
 libjs-jquery,
 libjs-underscore,
 libsymkey-java (= ${source:Version}),
 libtomcatjss-java (>= 7.6.1~),
 libxml-commons-external-java,
 libxml-commons-resolver1.1-java,
 openssl,
 pki-base (= ${source:Version}),
 pki-base-java (= ${source:Version}),
 pki-tools (= ${binary:Version}),
 python3-cryptography,
 python3-ipahealthcheck-core,
 python3-ldap,
 python3-lxml,
 python3-selinux,
 tomcat9-user,
 velocity,
 ${java:Depends},
 ${misc:Depends},
 ${python3:Depends},
Conflicts: libtomcat7-java
Description: Certificate System - PKI Server Framework
 The PKI Server Framework is required by the following four PKI subsystems:
 .
     the Certificate Authority (CA),
     the Data Recovery Manager (DRM),
     the Online Certificate Status Protocol (OCSP) Manager, and
     the Token Key Service (TKS).
 .
 This package is a part of the PKI Core used by the Certificate System.
 The package contains scripts to create and remove PKI subsystems.

Package: pki-ca
Architecture: all
Depends: pki-server (>= ${source:Version}), ${java:Depends}, ${misc:Depends}
Suggests: 389-ds-base
Description: Certificate System - Certificate Authority
 The Certificate Authority (CA) is a required PKI subsystem which issues,
 renews, revokes, and publishes certificates as well as compiling and
 publishing Certificate Revocation Lists (CRLs).
 .
 The Certificate Authority can be configured as a self-signing Certificate
 Authority, where it is the root CA, or it can act as a subordinate CA,
 where it obtains its own signing certificate from a public CA.
 .
 This package is a part of the PKI Core used by the Certificate System.

Package: dogtag-pki-console-theme
Architecture: all
Section: web
Depends: ${java:Depends}, ${misc:Depends}
Multi-Arch: foreign
Description: Certificate System - PKI Console User Interface
 This PKI Console User Interface contains the Dogtag textual
 and graphical user interface for the PKI Console.
 .
 This package is used by the Dogtag Certificate System.

Package: dogtag-pki-server-theme
Architecture: all
Section: web
Depends: ${java:Depends}, ${misc:Depends}
Multi-Arch: foreign
Description: Certificate System - PKI Server User Interface
 This PKI Common Framework User Interface contains the Dogtag
 textual and graphical user interface for the PKI Common Framework.
 .
 This package is used by the Dogtag Certificate System.

Package: pki-console
Architecture: all
Depends:
 dogtag-pki-console-theme,
 libidm-console-framework-java (>= 1.2.0),
 libjss-java,
 libldap-java,
 pki-base (>= 10.0),
 ${java:Depends},
 ${misc:Depends},
Description: Certificate System - PKI Console
 Certificate System (CS) is an enterprise software system designed
 to manage enterprise Public Key Infrastructure (PKI) deployments.
 .
 The PKI Console is a java application used to administer CS.

Package: pki-kra
Architecture: all
Depends: pki-server (>= ${source:Version}), ${java:Depends}, ${misc:Depends}
Suggests: pki-ca
Description: Certificate System - Data Recovery Manager
 Certificate System (CS) is an enterprise software system designed
 to manage enterprise Public Key Infrastructure (PKI) deployments.
 .
 The Data Recovery Manager (DRM) is an optional PKI subsystem that can act
 as a Key Recovery Authority (KRA).  When configured in conjunction with the
 Certificate Authority (CA), the DRM stores private encryption keys as part of
 the certificate enrollment process.  The key archival mechanism is triggered
 when a user enrolls in the PKI and creates the certificate request.  Using the
 Certificate Request Message Format (CRMF) request format, a request is
 generated for the user's private encryption key.  This key is then stored in
 the DRM which is configured to store keys in an encrypted format that can only
 be decrypted by several agents requesting the key at one time, providing for
 protection of the public encryption keys for the users in the PKI deployment.
 .
 Note that the DRM archives encryption keys; it does NOT archive signing keys,
 since such archival would undermine non-repudiation properties of signing keys.

Package: pki-ocsp
Architecture: all
Depends: pki-server (>= ${source:Version}), ${java:Depends}, ${misc:Depends}
Suggests: pki-ca
Description: Certificate System - Online Certificate Status Protocol Manager
 Certificate System (CS) is an enterprise software system designed
 to manage enterprise Public Key Infrastructure (PKI) deployments.
 .
 The Online Certificate Status Protocol (OCSP) Manager is an optional PKI
 subsystem that can act as a stand-alone OCSP service.  The OCSP Manager
 performs the task of an online certificate validation authority by enabling
 OCSP-compliant clients to do real-time verification of certificates.  Note
 that an online certificate-validation authority is often referred to as an
 OCSP Responder.
 .
 Although the Certificate Authority (CA) is already configured with an
 internal OCSP service.  An external OCSP Responder is offered as a separate
 subsystem in case the user wants the OCSP service provided outside of a
 firewall while the CA resides inside of a firewall, or to take the load of
 requests off of the CA.
 .
 The OCSP Manager can receive Certificate Revocation Lists (CRLs) from
 multiple CA servers, and clients can query the OCSP Manager for the
 revocation status of certificates issued by all of these CA servers.
 .
 When an instance of OCSP Manager is set up with an instance of CA, and
 publishing is set up to this OCSP Manager, CRLs are published to it
 whenever they are issued or updated.

Package: pki-tks
Architecture: all
Depends:
 libsymkey-java (>= ${source:Version}),
 pki-server (>= ${source:Version}),
 ${java:Depends},
 ${misc:Depends},
Suggests: pki-ca
Description: Certificate System - Token Key Service
 Certificate System (CS) is an enterprise software system designed
 to manage enterprise Public Key Infrastructure (PKI) deployments.
 .
 The Token Key Service (TKS) is an optional PKI subsystem that manages the
 master key(s) and the transport key(s) required to generate and distribute
 keys for hardware tokens.  TKS provides the security between tokens and an
 instance of Token Processing System (TPS), where the security relies upon the
 relationship between the master key and the token keys.  A TPS communicates
 with a TKS over SSL using client authentication.
 .
 TKS helps establish a secure channel (signed and encrypted) between the token
 and the TPS, provides proof of presence of the security token during
 enrollment, and supports key changeover when the master key changes on the
 TKS.  Tokens with older keys will get new token keys.
 .
 Because of the sensitivity of the data that TKS manages, TKS should be set up
 behind the firewall with restricted access.

Package: pki-tps
Architecture: all
Depends:
 pki-server (>= ${source:Version}),
 ${java:Depends},
 ${misc:Depends},
 ${shlibs:Depends},
Suggests: pki-ca, pki-kra, pki-tks
Description: Certificate System - Token Processing System
 Certificate System (CS) is an enterprise software system designed
 to manage enterprise Public Key Infrastructure (PKI) deployments.
 .
 The Token Processing System (TPS) is an optional PKI subsystem that acts
 as a Registration Authority (RA) for authenticating and processing
 enrollment requests, PIN reset requests, and formatting requests from
 the Enterprise Security Client (ESC).
 .
 TPS is designed to communicate with tokens that conform to
 Global Platform's Open Platform Specification.
 .
 TPS communicates over SSL with various PKI backend subsystems (including
 the Certificate Authority (CA), the Data Recovery Manager (DRM), and the
 Token Key Service (TKS)) to fulfill the user's requests.
 .
 TPS also interacts with the token database, an LDAP server that stores
 information about individual tokens.

Package: pki-tps-client
Architecture: any
Depends:
 libsymkey-java (>= ${source:Version}),
 ${misc:Depends},
 ${shlibs:Depends},
Description: Certificate System - Token Processing System client
 Certificate System (CS) is an enterprise software system designed
 to manage enterprise Public Key Infrastructure (PKI) deployments.
 .
 The Token Processing System (TPS) is an optional PKI subsystem that acts
 as a Registration Authority (RA) for authenticating and processing
 enrollment requests, PIN reset requests, and formatting requests from
 the Enterprise Security Client (ESC).
 .
 TPS is designed to communicate with tokens that conform to
 Global Platform's Open Platform Specification.
 .
 TPS communicates over SSL with various PKI backend subsystems (including
 the Certificate Authority (CA), the Data Recovery Manager (DRM), and the
 Token Key Service (TKS)) to fulfill the user's requests.
 .
 TPS also interacts with the token database, an LDAP server that stores
 information about individual tokens.
 .
 This client is a test tool that interacts with TPS. It is useful to test
 TPS server configs without risking an actual smart card.

Package: pki-javadoc
Architecture: all
Section: doc
Depends: ${java:Depends}, ${misc:Depends}
Multi-Arch: foreign
Description: Certificate System - PKI Framework Javadocs
 This documentation pertains exclusively to version 10 of
 the PKI Framework and Tools.
 .
 This package is a part of the PKI Core used by the Certificate System.

Package: libsymkey-java
Architecture: all
Depends:
 libjss-java,
 libsymkey-jni (>= ${source:Version}),
 ${java:Depends},
 ${misc:Depends},
Description: Symmetric Key Java library
 The Symmetric Key Java library supplies various symmetric key operations
 to Java programs.
 .
 This package is a part of the PKI Core used by the Certificate System.

Package: libsymkey-jni
Architecture: any
Depends: ${misc:Depends}, ${shlibs:Depends}
Description: Symmetric Key JNI Library
 The Symmetric Key Java Native Interface (JNI) package supplies various native
 symmetric key operations to Java programs.
 .
 This package is a part of the PKI Core used by the Certificate System.