[PATCH] Ticket-2617-part2-add-revocation-check-to-signing-ce.patch
by Christina Fu
This patch adds the missing revocation check (and possibly validity
check) to
https://pagure.io/dogtagpki/issue/2617 Allow CA to process pre-signed
CMC non-signing certificate requests
The code that CMCUserSignedAuth originated from, CMCAuth, has a
confusing comment where it states:
// verify signer's certificate using the revocator
right above the CryptoManager.isCertValid() call. Which mislead me into
believing that the call checks for revocation status.
During work for CMC revocation (upcoming patch), I found out that is not
entirely the case. The call does not check for revocation status when I
used a revoked cert to sign the cmc request. I am adding revocation and
validity checks to make sure that the check is more complete.
thanks,
Christina
7 years, 4 months
[PATCH] Fixed pylint errors (re-sent)
by Matthew Harmsen
The attached patch was altered to change "args" ==> "argv" rather than
"argv" ==> "args" since it was discovered that a number of the routines
utilized "args" as a local variable that would have to be changed since
if the "argv" input parameter were changed to "args". Consequently,
this patch converts "args" ==> "argv".
Please review the attached patch which addresses the following issues:
* dogtagpki Pagure Issue #2713 - Build failure due to Pylint issues
<https://pagure.io/dogtagpki/issue/2713>
These changes were successfully compiled on a Fedora 27 machine with the
following packages:
* python2-2.7.13-10.fc27.x86_64
* python3-3.6.1-7.fc27.x86_64
* pylint-1.7.1-1.fc27.noarch
Additionally, a CA instance was installed and configured, and the
following smoke test was run:
* sudo certutil -d /root/.dogtag/pki-tomcat/ca/alias -L
* sudo pki -d /root/.dogtag/pki-tomcat/ca/alias -C
/root/.dogtag/pki-tomcat/ca/password.conf -n "PKI Administrator for
example.com" -p 8080 ca-user-add testuser --fullName "Test User"
* sudo certutil -d /root/.dogtag/pki-tomcat/ca/alias -L
* sudo pki -d /root/.dogtag/pki-tomcat/ca/alias -C
/root/.dogtag/pki-tomcat/ca/password.conf -n "PKI Administrator for
example.com" -p 8080 client-cert-request uid=testuser
* sudo pki -d /root/.dogtag/pki-tomcat/ca/alias -C
/root/.dogtag/pki-tomcat/ca/password.conf -n "PKI Administrator for
example.com" -p 8080 ca-cert-request-review 7 --action approve
* sudo pki -d /root/.dogtag/pki-tomcat/ca/alias -C
/root/.dogtag/pki-tomcat/ca/password.conf -n "PKI Administrator for
example.com" -p 8080 ca-user-cert-add testuser --serial 0x7
* sudo pki -d /root/.dogtag/pki-tomcat/ca/alias -C
/root/.dogtag/pki-tomcat/ca/password.conf -n "PKI Administrator for
example.com" -p 8080 client-cert-import testuser --serial 0x7
* sudo certutil -d /root/.dogtag/pki-tomcat/ca/alias -L
7 years, 4 months