[PATCH] TRAC Ticket #488 - Dogtag 10: Fix cli 'cert-find' clientAuth issue (REVISED) - Pki-devel

Thursday, 24 January 2013

Please review the attached patch which has been revised to address the 
following PKI issue:

  * TRAC Ticket #488 - Dogtag 10: Fix cli 'cert-find' clientAuth issue

This revised patch was tested with the following results:

  * script -c "pkispawn -s CA -f /tmp/pki/cs.cfg -vvv"
      o successfully installed and configured with no ERRORs/WARNINGs,
        enrolled for a certificate, and approved a certificate
  * pki -h foobar -P https -p 8443 cert-find
    WARNING: BAD_CERT_DOMAIN encountered on
    'CN=foobar.example.com,O=example.com Security Domain' indicates a
    common-name mismatch
    WARNING: UNTRUSTED ISSUER encountered on
    'CN=foobar.example.com,O=example.com Security Domain' indicates a
    non-trusted CA cert
    ------------------------
    7 certificate(s) matched
    ------------------------
       Serial Number: 0x1
       Subject DN: CN=CA Signing Certificate,O=example.com Security Domain
       Status: VALID

       Serial Number: 0x2
       Subject DN: CN=CA OCSP Signing Certificate,O=example.com Security
    Domain
       Status: VALID

       Serial Number: 0x3
       Subject DN: CN=foobar.example.com,O=example.com Security Domain
       Status: VALID

       Serial Number: 0x4
       Subject DN: CN=CA Subsystem Certificate,O=example.com Security Domain
       Status: VALID

       Serial Number: 0x5
       Subject DN: CN=CA Audit Signing Certificate,O=example.com
    Security Domain
       Status: VALID

       Serial Number: 0x6
       Subject DN: CN=PKI
    Administrator,E=caadmin(a)example.com,O=example.com Security Domain
       Status: VALID

       Serial Number: 0x7
       Subject DN: UID=test
       Status: VALID
    ----------------------------
    Number of entries returned 7
    ----------------------------
  * pki -h foobar.example.com -P https -p 8443 cert-find
    WARNING: UNTRUSTED ISSUER encountered on
    'CN=foobar.example.com,O=example.com Security Domain' indicates a
    non-trusted CA cert
    ------------------------
    7 certificate(s) matched
    ------------------------
       Serial Number: 0x1
       Subject DN: CN=CA Signing Certificate,O=example.com Security Domain
       Status: VALID

       Serial Number: 0x2
       Subject DN: CN=CA OCSP Signing Certificate,O=example.com Security
    Domain
       Status: VALID

       Serial Number: 0x3
       Subject DN: CN=foobar.example.com,O=example.com Security Domain
       Status: VALID

       Serial Number: 0x4
       Subject DN: CN=CA Subsystem Certificate,O=example.com Security Domain
       Status: VALID

       Serial Number: 0x5
       Subject DN: CN=CA Audit Signing Certificate,O=example.com
    Security Domain
       Status: VALID

       Serial Number: 0x6
       Subject DN: CN=PKI
    Administrator,E=caadmin(a)example.com,O=example.com Security Domain
       Status: VALID

       Serial Number: 0x7
       Subject DN: UID=test
       Status: VALID
    ----------------------------
    Number of entries returned 7
    ----------------------------
  * pki -h foobar -P https -p 8443 -n "PKI Administrator for
    example.com" -w XXXXXXXX -d . cert-find
    WARNING: BAD_CERT_DOMAIN encountered on
    'CN=foobar.example.com,O=example.com Security Domain' indicates a
    common-name mismatch
    WARNING: BAD_CERT_DOMAIN encountered on
    'CN=foobar.example.com,O=example.com Security Domain' indicates a
    common-name mismatch
    ------------------------
    7 certificate(s) matched
    ------------------------
       Serial Number: 0x1
       Subject DN: CN=CA Signing Certificate,O=example.com Security Domain
       Status: VALID

       Serial Number: 0x2
       Subject DN: CN=CA OCSP Signing Certificate,O=example.com Security
    Domain
       Status: VALID

       Serial Number: 0x3
       Subject DN: CN=foobar.example.com,O=example.com Security Domain
       Status: VALID

       Serial Number: 0x4
       Subject DN: CN=CA Subsystem Certificate,O=example.com Security Domain
       Status: VALID

       Serial Number: 0x5
       Subject DN: CN=CA Audit Signing Certificate,O=example.com
    Security Domain
       Status: VALID

       Serial Number: 0x6
       Subject DN: CN=PKI
    Administrator,E=caadmin(a)example.com,O=example.com Security Domain
       Status: VALID

       Serial Number: 0x7
       Subject DN: UID=test
       Status: VALID
    ----------------------------
    Number of entries returned 7
    ----------------------------
  * pki -h foobar.example.com -P https -p 8443 -n "PKI Administrator for
    example.com" -w XXXXXXXX -d . cert-find
    ------------------------
    7 certificate(s) matched
    ------------------------
       Serial Number: 0x1
       Subject DN: CN=CA Signing Certificate,O=example.com Security Domain
       Status: VALID

       Serial Number: 0x2
       Subject DN: CN=CA OCSP Signing Certificate,O=example.com Security
    Domain
       Status: VALID

       Serial Number: 0x3
       Subject DN: CN=foobar.example.com,O=example.com Security Domain
       Status: VALID

       Serial Number: 0x4
       Subject DN: CN=CA Subsystem Certificate,O=example.com Security Domain
       Status: VALID

       Serial Number: 0x5
       Subject DN: CN=CA Audit Signing Certificate,O=example.com
    Security Domain
       Status: VALID

       Serial Number: 0x6
       Subject DN: CN=PKI
    Administrator,E=caadmin(a)example.com,O=example.com Security Domain
       Status: VALID

       Serial Number: 0x7
       Subject DN: UID=test
       Status: VALID
    ----------------------------
    Number of entries returned 7
    ----------------------------

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

[PATCH] TRAC Ticket #488 - Dogtag 10: Fix cli 'cert-find' clientAuth issue (REVISED)