This patch adds the missing revocation check (and possibly validity check) to
https://pagure.io/dogtagpki/issue/2617 Allow CA to process pre-signed CMC non-signing certificate requests
The code that CMCUserSignedAuth originated from, CMCAuth, has a confusing comment where it states:
// verify signer's certificate using the
revocator
right above the CryptoManager.isCertValid() call. Which mislead
me into believing that the call checks for revocation status.
During work for CMC revocation (upcoming patch), I found out that is not entirely the case. The call does not check for revocation status when I used a revoked cert to sign the cmc request. I am adding revocation and validity checks to make sure that the check is more complete.
thanks,
Christina