Hi Christina,
Please find the revocation logs below.
Revocation using UI -
Without patch 91 -
[16/May/2014:11:18:09][http-bio-8443-exec-2]: SignedAuditEventFactory:
create()
message=[AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=$Unidentified$][CertSerialNum=0x7][RequestType=on-hold][RevokeReasonNum=6][Approval=complete]
certificate status change request processed
With patch 91
[16/May/2014:11:36:52][http-bio-8443-exec-11]: SignedAuditEventFactory:
create()
message=[AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=8][CertSerialNum=0x7][RequestType=on-hold][RevokeReasonNum=6][Approval=complete]
certificate status change request processed
Revocation using CLI -
command - pki -d nssdb/ -c Secret123 -n "PKI Administrator for
redhat.com" cert-revoke 8
Without patch 91
[16/May/2014:11:24:36][http-bio-8443-exec-24]: SignedAuditEventFactory:
create()
message=[AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID=
$NonRoleUser$][Outcome=Success][ReqID=$Unidentified
$][CertSerialNum=0x8][RequestType=revoke][RevokeReasonNum=0][Approval=complete]
certificate status change request processed
With patch 91 -
[16/May/2014:11:41:33][http-bio-8443-exec-17]: SignedAuditEventFactory:
create()
message=[AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID=
$NonRoleUser
$][Outcome=Success][ReqID=10][CertSerialNum=0x8][RequestType=revoke][RevokeReasonNum=0][Approval=complete]
certificate status change request processed
Listing the certificate requests for enrolling the above certificates
using cli.
Request ID: 7
Type: enrollment
Request Status: complete
Operation Result: success
Certificate ID: 0x7
Request ID: 8
Type: revocation
Request Status: complete
Operation Result: success
Request ID: 9
Type: enrollment
Request Status: complete
Operation Result: success
Certificate ID: 0x8
Request ID: 10
Type: revocation
Request Status: complete
Operation Result: success
--Abhishek
On Thu, 2014-05-15 at 15:33 -0700, Christina Fu wrote:
Hi Abhishek,
The code appears to be correct, provided that the previously
refactored code (which I did not review) works correctly, and it does
not break the non-REST code. Could you please
1. provide a signed audit log event for one revocation request from
the cli, where it shows an actual request id and verify that it is
indeed the correct request id?
2.perform one single revocation from the non-REST agent interface and
then verify the same revocation log event type for log request id?
thanks,
Christina
On 05/05/2014 03:48 AM, Abhishek Koneru wrote:
> Sorry for the spam!
> Please ignore the previous email.
>
> --Abhishek
> On Mon, 2014-05-05 at 06:44 -0400, Abhishek Koneru wrote:
> > Please review the patch which refactors the CertRevokeRequest class and
> > removes the CertUnrevokeRequest class in Dogtag 10. Description of the
> > patch:
> >
> > There seems to be no use of the requestID parameter in both revoke
> > and unrevoke request. Removed requestID attribute in CertRevokeRequest
> > remove the class CertUnrevokeRequest.
> >
> > Also made changes in RevocationProcesor to use the requestID of the
> > request created in it.
> >
> > The setRequestID() is being called in the DoRevoke and DoUnRevoke
> > servlets.
> > Removed the call and a function auditRequesterId in both the classes.
> >
> > The auditRequestorId method tries to get a "requestID" stored as a
INPUT
> > field
> > in the reasonToRequest page. The ReasonToRevoke class which generates
> > this page does not set the value.
> >
> > * This patch is required for patch 92. The unrevoke_request method in
> > CertClient on the python side will not work without this patch.
> >
> > --Abhishek
> > _______________________________________________
> > Pki-devel mailing list
> > Pki-devel(a)redhat.com
> >
https://www.redhat.com/mailman/listinfo/pki-devel
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel(a)redhat.com
>
https://www.redhat.com/mailman/listinfo/pki-devel
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel