Re: [Pki-devel] [PATCH] 91 Refactored CertRevokeRequest and CertUnrevokeRequest classes in Dogtag 10

Hi Abhishek, nice. ACK. thanks, Christina On 05/16/2014 08:49 AM, Abhishek Koneru wrote: > Hi Christina, > > Please find the revocation logs below. > > Revocation using UI - > > Without patch 91 - > [16/May/2014:11:18:09][http-bio-8443-exec-2]: SignedAuditEventFactory: > create() > message=[AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=$Unidentified$][CertSerialNum=0x7][RequestType=on-hold][RevokeReasonNum=6][Approval=complete] certificate status change request processed > > With patch 91 > [16/May/2014:11:36:52][http-bio-8443-exec-11]: SignedAuditEventFactory: > create() > message=[AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=8][CertSerialNum=0x7][RequestType=on-hold][RevokeReasonNum=6][Approval=complete] certificate status change request processed > > Revocation using CLI - > > command - pki -d nssdb/ -c Secret123 -n "PKI Administrator for > redhat.com" cert-revoke 8 > > Without patch 91 > [16/May/2014:11:24:36][http-bio-8443-exec-24]: SignedAuditEventFactory: > create() > message=[AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID= > $NonRoleUser$][Outcome=Success][ReqID=$Unidentified > $][CertSerialNum=0x8][RequestType=revoke][RevokeReasonNum=0][Approval=complete] certificate status change request processed > > With patch 91 - > [16/May/2014:11:41:33][http-bio-8443-exec-17]: SignedAuditEventFactory: > create() > message=[AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID= > $NonRoleUser > $][Outcome=Success][ReqID=10][CertSerialNum=0x8][RequestType=revoke][RevokeReasonNum=0][Approval=complete] certificate status change request processed > > Listing the certificate requests for enrolling the above certificates > using cli. > Request ID: 7 > Type: enrollment > Request Status: complete > Operation Result: success > Certificate ID: 0x7 > > Request ID: 8 > Type: revocation > Request Status: complete > Operation Result: success > > Request ID: 9 > Type: enrollment > Request Status: complete > Operation Result: success > Certificate ID: 0x8 > > Request ID: 10 > Type: revocation > Request Status: complete > Operation Result: success > > --Abhishek > > > > On Thu, 2014-05-15 at 15:33 -0700, Christina Fu wrote: >> Hi Abhishek, >> The code appears to be correct, provided that the previously >> refactored code (which I did not review) works correctly, and it does >> not break the non-REST code. Could you please >> >> 1. provide a signed audit log event for one revocation request from >> the cli, where it shows an actual request id and verify that it is >> indeed the correct request id? >> 2.perform one single revocation from the non-REST agent interface and >> then verify the same revocation log event type for log request id? >> >> thanks, >> Christina >> >> On 05/05/2014 03:48 AM, Abhishek Koneru wrote: >> >>> Sorry for the spam! >>> Please ignore the previous email. >>> >>> --Abhishek >>> On Mon, 2014-05-05 at 06:44 -0400, Abhishek Koneru wrote: >>>> Please review the patch which refactors the CertRevokeRequest class and >>>> removes the CertUnrevokeRequest class in Dogtag 10. Description of the >>>> patch: >>>> >>>> There seems to be no use of the requestID parameter in both revoke >>>> and unrevoke request. Removed requestID attribute in CertRevokeRequest >>>> remove the class CertUnrevokeRequest. >>>> >>>> Also made changes in RevocationProcesor to use the requestID of the >>>> request created in it. >>>> >>>> The setRequestID() is being called in the DoRevoke and DoUnRevoke >>>> servlets. >>>> Removed the call and a function auditRequesterId in both the classes. >>>> >>>> The auditRequestorId method tries to get a "requestID" stored as a INPUT >>>> field >>>> in the reasonToRequest page. The ReasonToRevoke class which generates >>>> this page does not set the value. >>>> >>>> * This patch is required for patch 92. The unrevoke_request method in >>>> CertClient on the python side will not work without this patch. >>>> >>>> --Abhishek >>>> _______________________________________________ >>>> Pki-devel mailing list >>>> Pki-devel(a)redhat.com >>>> https://www.redhat.com/mailman/listinfo/pki-devel >>> >>> _______________________________________________ >>> Pki-devel mailing list >>> Pki-devel(a)redhat.com >>> https://www.redhat.com/mailman/listinfo/pki-devel >> _______________________________________________ >> Pki-devel mailing list >> Pki-devel(a)redhat.com >> https://www.redhat.com/mailman/listinfo/pki-devel >