search

pki-bot / pki-issues-final

0 stars 0 forks source link

pkispawn of kra, ocsp and tks in a shared tomcat should check for the subsystem cert nickname validity #2026

Open pki-bot opened 3 years ago

pki-bot commented 3 years ago

This issue was migrated from Pagure Issue #2477. Originally filed by aakkiang (@aakkiang) on 2016-09-26 20:26:02:

When a wrong subsystem cert nickname is provided in the pkispawn input file for a shared tomcat instance, it should error out.

Steps to Reproduce:

1. pkispwan a CA instance with pki_subsystem_nickname=casubsystemcert

# certutil -L -d /var/lib/pki/pki-master/alias/ | grep casubsystemcert
casubsystemcert                                              u,u,u

2. pkispawn a kra instance in the shared tomcat with an in-correct subsystem
cert nickname, pki_subsystem_nickname=kra3subsystemcert

Actual results:

pkispawn is successful.

CS.cfg has:
cloning.subsystem.nickname=kra3subsystemcert
kra.cert.subsystem.nickname=casubsystemcert

Expected results:

pkispawn should error out with a message that nickname kra3subsystemcert is not
found.

Additional info:

The same problem persist for ocsp and tks as well.

pkispawn of TPS subsystem fails to install and throws following correct error
message when wrong nickname is provided.
ConfigurationUtils: getSubsystemCert: nickname=tps1subsystemcert
org.mozilla.jss.crypto.ObjectNotFoundException
pki-bot commented 3 years ago

Comment from aakkiang (@aakkiang) at 2017-02-27 14:11:13

Metadata Update from @aakkiang:

pki-bot commented 3 years ago

Comment from mharmsen (@mharmsen) at 2017-08-31 01:25:32

Metadata Update from @mharmsen:

pki-bot commented 3 years ago

Comment from mharmsen (@mharmsen) at 2018-04-23 21:36:24

Per 10.5.x/10.6 Triage: FUTURE

RHBZ: CLOSED UPSTREAM

pki-bot commented 3 years ago

Comment from mharmsen (@mharmsen) at 2018-04-23 21:36:25

Metadata Update from @mharmsen: