Re: [Pki-devel] [PATCH] 91 Refactored CertRevokeRequest and CertUnrevokeRequest classes in Dogtag 10

Hi Christina, Please find the revocation logs below. Revocation using UI - Without patch 91 - [16/May/2014:11:18:09][http-bio-8443-exec-2]: SignedAuditEventFactory: create() message=[AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=$Unidentified$][CertSerialNum=0x7][RequestType=on-hold][RevokeReasonNum=6][Approval=complete] certificate status change request processed With patch 91 [16/May/2014:11:36:52][http-bio-8443-exec-11]: SignedAuditEventFactory: create() message=[AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=8][CertSerialNum=0x7][RequestType=on-hold][RevokeReasonNum=6][Approval=complete] certificate status change request processed Revocation using CLI - command - pki -d nssdb/ -c Secret123 -n "PKI Administrator for redhat.com" cert-revoke 8 Without patch 91 [16/May/2014:11:24:36][http-bio-8443-exec-24]: SignedAuditEventFactory: create() message=[AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID= $NonRoleUser$][Outcome=Success][ReqID=$Unidentified $][CertSerialNum=0x8][RequestType=revoke][RevokeReasonNum=0][Approval=complete] certificate status change request processed With patch 91 - [16/May/2014:11:41:33][http-bio-8443-exec-17]: SignedAuditEventFactory: create() message=[AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID= $NonRoleUser $][Outcome=Success][ReqID=10][CertSerialNum=0x8][RequestType=revoke][RevokeReasonNum=0][Approval=complete] certificate status change request processed Listing the certificate requests for enrolling the above certificates using cli. Request ID: 7 Type: enrollment Request Status: complete Operation Result: success Certificate ID: 0x7 Request ID: 8 Type: revocation Request Status: complete Operation Result: success Request ID: 9 Type: enrollment Request Status: complete Operation Result: success Certificate ID: 0x8 Request ID: 10 Type: revocation Request Status: complete Operation Result: success --Abhishek On Thu, 2014-05-15 at 15:33 -0700, Christina Fu wrote: > Hi Abhishek, > The code appears to be correct, provided that the previously > refactored code (which I did not review) works correctly, and it does > not break the non-REST code. Could you please > > 1. provide a signed audit log event for one revocation request from > the cli, where it shows an actual request id and verify that it is > indeed the correct request id? > 2.perform one single revocation from the non-REST agent interface and > then verify the same revocation log event type for log request id? > > thanks, > Christina > > On 05/05/2014 03:48 AM, Abhishek Koneru wrote: > >> Sorry for the spam! >> Please ignore the previous email. >> >> --Abhishek >> On Mon, 2014-05-05 at 06:44 -0400, Abhishek Koneru wrote: >>> Please review the patch which refactors the CertRevokeRequest class and >>> removes the CertUnrevokeRequest class in Dogtag 10. Description of the >>> patch: >>> >>> There seems to be no use of the requestID parameter in both revoke >>> and unrevoke request. Removed requestID attribute in CertRevokeRequest >>> remove the class CertUnrevokeRequest. >>> >>> Also made changes in RevocationProcesor to use the requestID of the >>> request created in it. >>> >>> The setRequestID() is being called in the DoRevoke and DoUnRevoke >>> servlets. >>> Removed the call and a function auditRequesterId in both the classes. >>> >>> The auditRequestorId method tries to get a "requestID" stored as a INPUT >>> field >>> in the reasonToRequest page. The ReasonToRevoke class which generates >>> this page does not set the value. >>> >>> * This patch is required for patch 92. The unrevoke_request method in >>> CertClient on the python side will not work without this patch. >>> >>> --Abhishek >>> _______________________________________________ >>> Pki-devel mailing list >>> Pki-devel(a)redhat.com >>> https://www.redhat.com/mailman/listinfo/pki-devel >> >> _______________________________________________ >> Pki-devel mailing list >> Pki-devel(a)redhat.com >> https://www.redhat.com/mailman/listinfo/pki-devel > _______________________________________________ > Pki-devel mailing list > Pki-devel(a)redhat.com > https://www.redhat.com/mailman/listinfo/pki-devel