Received verbal ack from jmagne.
pushed to master:
commit 380f7fda040cc5d394e34eead45ebb921532cc07
thanks,
Christina
This patch adds the missing revocation check (and possibly validity check) to
https://pagure.io/dogtagpki/issue/2617 Allow CA to process pre-signed CMC non-signing certificate requests
The code that CMCUserSignedAuth originated from, CMCAuth, has a confusing comment where it states:
// verify signer's certificate using the revocator
right above the CryptoManager.isCertValid() call. Which mislead me into believing that the call checks for revocation status.During work for CMC revocation (upcoming patch), I found out that is not entirely the case. The call does not check for revocation status when I used a revoked cert to sign the cmc request. I am adding revocation and validity checks to make sure that the check is more complete.
thanks,
Christina