Source: dogtag-pki Section: java Priority: optional Maintainer: Debian FreeIPA Team Uploaders: Timo Aaltonen Build-Depends: apache2-dev, cmake, debhelper-compat (= 12), default-jdk, dh-python, go-md2man, javahelper, junit4, libactivation-java, libcommons-cli-java, libcommons-codec-java, libcommons-httpclient-java, libcommons-io-java, libcommons-lang3-java, libcommons-net-java, libhttpclient-java, libhttpcore-java, libidm-console-framework-java (>= 1.2.0), libjackson2-annotations-java, libjackson2-core-java, libjackson2-databind-java, libjaxb-java, libjaxp1.3-java, libjna-java, libjss-java (>= 4.8.0~), libldap-java (>= 4.21.0+dfsg1), libldap2-dev, libnspr4-dev, libnss3-dev, libresteasy3.0-java (>= 3.0.19-5), libslf4j-java, libtomcat9-java, libtomcatjss-java (>= 7.6.1~), libxalan2-java, libxerces2-java, libxml-commons-external-java, pkg-config, policycoreutils, python3-cryptography, python3-dev, python3-distutils, python3-ldap, python3-nss, python3-pytest-runner, python3-requests, python3-setuptools, python3-sphinx, python3-urllib3, velocity, zlib1g-dev, 389-ds-base-dev (>= 1.4.0.16-1), Standards-Version: 4.5.0 Homepage: http://pki.fedoraproject.org Vcs-Git: https://salsa.debian.org/freeipa-team/dogtag-pki.git Vcs-Browser: https://salsa.debian.org/freeipa-team/dogtag-pki Package: dogtag-pki Architecture: all Depends: dogtag-pki-console-theme, dogtag-pki-server-theme, pki-base, pki-ca, pki-console, pki-javadoc, pki-kra, pki-ocsp, pki-server, pki-tks, pki-tools, pki-tps, ${misc:Depends}, Description: Dogtag Public Key Infrastructure (PKI) Suite The Dogtag Public Key Infrastructure (PKI) Suite is comprised of the following five subsystems and a client (for use by a Token Management System): . * Certificate Authority (CA) * Data Recovery Manager (DRM) * Online Certificate Status Protocol (OCSP) Manager * Token Key Service (TKS) * Token Processing System (TPS) * Enterprise Security Client (ESC) . Additionally, it provides a console GUI application used for server and user/group administration of CA, DRM, OCSP, and TKS, javadocs on portions of the Dogtag API, as well as various command-line tools used to assist with a PKI deployment. . This metapackage installs every PKI subsystem. Package: pki-base Architecture: all Depends: python3-pki-base, ${misc:Depends}, ${python3:Depends}, Description: Certificate System - PKI Framework The PKI Framework contains the common and client libraries and utilities. . This package is a part of the PKI Core used by the Certificate System. Package: pki-base-java Architecture: all Replaces: pki-base (<< 10.3.5-1) Breaks: pki-base (<< 10.3.5-1) Depends: libcommons-cli-java, libcommons-codec-java, libcommons-httpclient-java, libcommons-io-java, libcommons-lang3-java, libcommons-logging-java, libcommons-net-java, libhttpclient-java, libhttpcore-java, libjaxp1.3-java, libjettison-java, libjss-java (>= 4.8.0~), libldap-java (>= 4.21.0+dfsg1), libresteasy3.0-java (>= 3.0.19-5), libslf4j-java, libstax-java, libxalan2-java, libxerces2-java, libxml-commons-external-java, libxml-commons-resolver1.1-java, openjdk-11-jre-headless, pki-base (= ${binary:Version}), ${java:Depends}, ${misc:Depends}, Suggests: pki-tools, Description: Certificate System - PKI Framework -- java client support The PKI Framework contains the common and client libraries and utilities. . This package is a part of the PKI Core used by the Certificate System. Package: python3-pki-base Architecture: all Depends: openssl, python3-cryptography, python3-ldap, python3-nss, python3-requests, python3-urllib3, ${misc:Depends}, ${python3:Depends}, Description: Certificate System - PKI Framework -- python3 client support The PKI Framework contains the common and client libraries and utilities. . This package is a part of the PKI Core used by the Certificate System. Package: pki-tools Architecture: any Depends: ldap-utils, libjackson2-annotations-java, libnss3-tools, openssl, p11-kit-modules, pki-base-java (= ${source:Version}), python3-pki-base (>= ${source:Version}), ${java:Depends}, ${misc:Depends}, ${python3:Depends}, ${shlibs:Depends}, Conflicts: strongswan-starter, strongswan-pki, Replaces: pki-base-java (<< 10.10.2-3) Breaks: pki-base-java (<< 10.10.2-3) Description: Certificate System - PKI Tools This package contains PKI executables that can be used to help make Certificate System into a more complete and robust PKI solution. . This package is a part of the PKI Core used by the Certificate System. Package: pki-server Architecture: any Depends: adduser, dogtag-pki-server-theme (>= ${source:Version}), keyutils, ldap-utils, libactivation-java, libatk-wrapper-java, libcommons-collections3-java, libcommons-dbcp-java, libcommons-pool-java, libgeronimo-annotation-1.3-spec-java, libjackson-json-java, libjackson2-annotations-java, libjackson2-jaxrs-providers-java, libjaxb-java, libjboss-logging-java, libjna-java, libjs-jquery, libjs-underscore, libsymkey-java (= ${source:Version}), libtomcatjss-java (>= 7.6.1~), libxml-commons-external-java, libxml-commons-resolver1.1-java, openssl, pki-base (= ${source:Version}), pki-base-java (= ${source:Version}), pki-tools (= ${binary:Version}), python3-cryptography, python3-ipahealthcheck-core, python3-ldap, python3-lxml, python3-selinux, tomcat9-user, velocity, ${java:Depends}, ${misc:Depends}, ${python3:Depends}, Conflicts: libtomcat7-java Description: Certificate System - PKI Server Framework The PKI Server Framework is required by the following four PKI subsystems: . the Certificate Authority (CA), the Data Recovery Manager (DRM), the Online Certificate Status Protocol (OCSP) Manager, and the Token Key Service (TKS). . This package is a part of the PKI Core used by the Certificate System. The package contains scripts to create and remove PKI subsystems. Package: pki-ca Architecture: all Depends: pki-server (>= ${source:Version}), ${java:Depends}, ${misc:Depends} Suggests: 389-ds-base Description: Certificate System - Certificate Authority The Certificate Authority (CA) is a required PKI subsystem which issues, renews, revokes, and publishes certificates as well as compiling and publishing Certificate Revocation Lists (CRLs). . The Certificate Authority can be configured as a self-signing Certificate Authority, where it is the root CA, or it can act as a subordinate CA, where it obtains its own signing certificate from a public CA. . This package is a part of the PKI Core used by the Certificate System. Package: dogtag-pki-console-theme Architecture: all Section: web Depends: ${java:Depends}, ${misc:Depends} Multi-Arch: foreign Description: Certificate System - PKI Console User Interface This PKI Console User Interface contains the Dogtag textual and graphical user interface for the PKI Console. . This package is used by the Dogtag Certificate System. Package: dogtag-pki-server-theme Architecture: all Section: web Depends: ${java:Depends}, ${misc:Depends} Multi-Arch: foreign Description: Certificate System - PKI Server User Interface This PKI Common Framework User Interface contains the Dogtag textual and graphical user interface for the PKI Common Framework. . This package is used by the Dogtag Certificate System. Package: pki-console Architecture: all Depends: dogtag-pki-console-theme, libidm-console-framework-java (>= 1.2.0), libjss-java, libldap-java, pki-base (>= 10.0), ${java:Depends}, ${misc:Depends}, Description: Certificate System - PKI Console Certificate System (CS) is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. . The PKI Console is a java application used to administer CS. Package: pki-kra Architecture: all Depends: pki-server (>= ${source:Version}), ${java:Depends}, ${misc:Depends} Suggests: pki-ca Description: Certificate System - Data Recovery Manager Certificate System (CS) is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. . The Data Recovery Manager (DRM) is an optional PKI subsystem that can act as a Key Recovery Authority (KRA). When configured in conjunction with the Certificate Authority (CA), the DRM stores private encryption keys as part of the certificate enrollment process. The key archival mechanism is triggered when a user enrolls in the PKI and creates the certificate request. Using the Certificate Request Message Format (CRMF) request format, a request is generated for the user's private encryption key. This key is then stored in the DRM which is configured to store keys in an encrypted format that can only be decrypted by several agents requesting the key at one time, providing for protection of the public encryption keys for the users in the PKI deployment. . Note that the DRM archives encryption keys; it does NOT archive signing keys, since such archival would undermine non-repudiation properties of signing keys. Package: pki-ocsp Architecture: all Depends: pki-server (>= ${source:Version}), ${java:Depends}, ${misc:Depends} Suggests: pki-ca Description: Certificate System - Online Certificate Status Protocol Manager Certificate System (CS) is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. . The Online Certificate Status Protocol (OCSP) Manager is an optional PKI subsystem that can act as a stand-alone OCSP service. The OCSP Manager performs the task of an online certificate validation authority by enabling OCSP-compliant clients to do real-time verification of certificates. Note that an online certificate-validation authority is often referred to as an OCSP Responder. . Although the Certificate Authority (CA) is already configured with an internal OCSP service. An external OCSP Responder is offered as a separate subsystem in case the user wants the OCSP service provided outside of a firewall while the CA resides inside of a firewall, or to take the load of requests off of the CA. . The OCSP Manager can receive Certificate Revocation Lists (CRLs) from multiple CA servers, and clients can query the OCSP Manager for the revocation status of certificates issued by all of these CA servers. . When an instance of OCSP Manager is set up with an instance of CA, and publishing is set up to this OCSP Manager, CRLs are published to it whenever they are issued or updated. Package: pki-tks Architecture: all Depends: libsymkey-java (>= ${source:Version}), pki-server (>= ${source:Version}), ${java:Depends}, ${misc:Depends}, Suggests: pki-ca Description: Certificate System - Token Key Service Certificate System (CS) is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. . The Token Key Service (TKS) is an optional PKI subsystem that manages the master key(s) and the transport key(s) required to generate and distribute keys for hardware tokens. TKS provides the security between tokens and an instance of Token Processing System (TPS), where the security relies upon the relationship between the master key and the token keys. A TPS communicates with a TKS over SSL using client authentication. . TKS helps establish a secure channel (signed and encrypted) between the token and the TPS, provides proof of presence of the security token during enrollment, and supports key changeover when the master key changes on the TKS. Tokens with older keys will get new token keys. . Because of the sensitivity of the data that TKS manages, TKS should be set up behind the firewall with restricted access. Package: pki-tps Architecture: all Depends: pki-server (>= ${source:Version}), ${java:Depends}, ${misc:Depends}, ${shlibs:Depends}, Suggests: pki-ca, pki-kra, pki-tks Description: Certificate System - Token Processing System Certificate System (CS) is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. . The Token Processing System (TPS) is an optional PKI subsystem that acts as a Registration Authority (RA) for authenticating and processing enrollment requests, PIN reset requests, and formatting requests from the Enterprise Security Client (ESC). . TPS is designed to communicate with tokens that conform to Global Platform's Open Platform Specification. . TPS communicates over SSL with various PKI backend subsystems (including the Certificate Authority (CA), the Data Recovery Manager (DRM), and the Token Key Service (TKS)) to fulfill the user's requests. . TPS also interacts with the token database, an LDAP server that stores information about individual tokens. Package: pki-tps-client Architecture: any Depends: libsymkey-java (>= ${source:Version}), ${misc:Depends}, ${shlibs:Depends}, Description: Certificate System - Token Processing System client Certificate System (CS) is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. . The Token Processing System (TPS) is an optional PKI subsystem that acts as a Registration Authority (RA) for authenticating and processing enrollment requests, PIN reset requests, and formatting requests from the Enterprise Security Client (ESC). . TPS is designed to communicate with tokens that conform to Global Platform's Open Platform Specification. . TPS communicates over SSL with various PKI backend subsystems (including the Certificate Authority (CA), the Data Recovery Manager (DRM), and the Token Key Service (TKS)) to fulfill the user's requests. . TPS also interacts with the token database, an LDAP server that stores information about individual tokens. . This client is a test tool that interacts with TPS. It is useful to test TPS server configs without risking an actual smart card. Package: pki-javadoc Architecture: all Section: doc Depends: ${java:Depends}, ${misc:Depends} Multi-Arch: foreign Description: Certificate System - PKI Framework Javadocs This documentation pertains exclusively to version 10 of the PKI Framework and Tools. . This package is a part of the PKI Core used by the Certificate System. Package: libsymkey-java Architecture: all Depends: libjss-java, libsymkey-jni (>= ${source:Version}), ${java:Depends}, ${misc:Depends}, Description: Symmetric Key Java library The Symmetric Key Java library supplies various symmetric key operations to Java programs. . This package is a part of the PKI Core used by the Certificate System. Package: libsymkey-jni Architecture: any Depends: ${misc:Depends}, ${shlibs:Depends} Description: Symmetric Key JNI Library The Symmetric Key Java Native Interface (JNI) package supplies various native symmetric key operations to Java programs. . This package is a part of the PKI Core used by the Certificate System.