Bug 1358462

Summary: pki pkcs12-cert-del shows a successfully deleted message when a wrong nickname is provided
Product: Red Hat Enterprise Linux 7 Reporter: Roshni <rpattath>
Component: pki-coreAssignee: RHCS Maintainers <rhcs-maint>
Status: CLOSED ERRATA QA Contact: Asha Akkiangady <aakkiang>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.3CC: lmiksik, mharmsen, nkinder
Target Milestone: rc   
Target Release: 7.3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: pki-core-10.3.3-8.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-04 05:26:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Roshni 2016-07-20 18:25:08 UTC 
Description of problem:
pki pkcs12-cert-del shows a successfully deleted message when a wrong nickname is provided

Version-Release number of selected component (if applicable):
pki-ca-10.3.3-3.1.el7.noarch

How reproducible:
always

Steps to Reproduce:
[root@nocp1 ~]# pki -d certdb -c redhat pkcs12-cert-find --pkcs12-file ca.p12 --pkcs12-password-file password.txt
---------------
4 entries found
---------------
  Certificate ID: 3aea83b9dcbeb0df43ed5ffa4ac8e1113d8c73df
  Serial Number: 0x1
  Nickname: caSigningCert cert-pki-tomcat CA
  Subject DN: CN=CA Signing Certificate,O=idm.lab.eng.rdu2.redhat.com Security Domain
  Issuer DN: CN=CA Signing Certificate,O=idm.lab.eng.rdu2.redhat.com Security Domain
  Trust Flags: CTu,Cu,Cu
  Has Key: true

  Certificate ID: c996c15f08f30b1065c6f93479c6deb459c522d3
  Serial Number: 0x5
  Nickname: auditSigningCert cert-pki-tomcat CA
  Subject DN: CN=CA Audit Signing Certificate,O=idm.lab.eng.rdu2.redhat.com Security Domain
  Issuer DN: CN=CA Signing Certificate,O=idm.lab.eng.rdu2.redhat.com Security Domain
  Trust Flags: u,u,Pu
  Has Key: true

  Certificate ID: ad25c38a6f54cba489fdfbd236e4f9c13deacc68
  Serial Number: 0x2
  Nickname: ocspSigningCert cert-pki-tomcat CA
  Subject DN: CN=CA OCSP Signing Certificate,O=idm.lab.eng.rdu2.redhat.com Security Domain
  Issuer DN: CN=CA Signing Certificate,O=idm.lab.eng.rdu2.redhat.com Security Domain
  Trust Flags: u,u,u
  Has Key: true

  Certificate ID: 30667dde0d151d85a5dd22ef0162528b2fb40e09
  Serial Number: 0x4
  Nickname: subsystemCert cert-pki-tomcat
  Subject DN: CN=Subsystem Certificate,O=idm.lab.eng.rdu2.redhat.com Security Domain
  Issuer DN: CN=CA Signing Certificate,O=idm.lab.eng.rdu2.redhat.com Security Domain
  Trust Flags: u,u,u
  Has Key: true
[root@nocp1 ~]# pki -d certdb -c redhat pkcs12-cert-del "subsystemCert cert-pki-tomcat CA" --pkcs12-file ca.p12 --pkcs12-password-file password.txt
------------------------------------------------------
Deleted certificate "subsystemCert cert-pki-tomcat CA"
------------------------------------------------------
[root@nocp1 ~]# pki -d certdb -c redhat pkcs12-cert-find --pkcs12-file ca.p12 --pkcs12-password-file password.txt
---------------
4 entries found
---------------
  Certificate ID: 3aea83b9dcbeb0df43ed5ffa4ac8e1113d8c73df
  Serial Number: 0x1
  Nickname: caSigningCert cert-pki-tomcat CA
  Subject DN: CN=CA Signing Certificate,O=idm.lab.eng.rdu2.redhat.com Security Domain
  Issuer DN: CN=CA Signing Certificate,O=idm.lab.eng.rdu2.redhat.com Security Domain
  Trust Flags: CTu,Cu,Cu
  Has Key: true

  Certificate ID: c996c15f08f30b1065c6f93479c6deb459c522d3
  Serial Number: 0x5
  Nickname: auditSigningCert cert-pki-tomcat CA
  Subject DN: CN=CA Audit Signing Certificate,O=idm.lab.eng.rdu2.redhat.com Security Domain
  Issuer DN: CN=CA Signing Certificate,O=idm.lab.eng.rdu2.redhat.com Security Domain
  Trust Flags: u,u,Pu
  Has Key: true

  Certificate ID: ad25c38a6f54cba489fdfbd236e4f9c13deacc68
  Serial Number: 0x2
  Nickname: ocspSigningCert cert-pki-tomcat CA
  Subject DN: CN=CA OCSP Signing Certificate,O=idm.lab.eng.rdu2.redhat.com Security Domain
  Issuer DN: CN=CA Signing Certificate,O=idm.lab.eng.rdu2.redhat.com Security Domain
  Trust Flags: u,u,u
  Has Key: true

  Certificate ID: 30667dde0d151d85a5dd22ef0162528b2fb40e09
  Serial Number: 0x4
  Nickname: subsystemCert cert-pki-tomcat
  Subject DN: CN=Subsystem Certificate,O=idm.lab.eng.rdu2.redhat.com Security Domain
  Issuer DN: CN=CA Signing Certificate,O=idm.lab.eng.rdu2.redhat.com Security Domain
  Trust Flags: u,u,u
  Has Key: true
Comment 2 Matthew Harmsen 2016-07-20 20:39:25 UTC 
Upstream ticket:
https://fedorahosted.org/pki/ticket/2414
Comment 3 Matthew Harmsen 2016-08-29 22:23:58 UTC 
Cherry-picked to DOGTAG_10_3_RHEL_BRANCH:

commit caa7ef990bc5e45ce0aba29acb4f9ddec66e7551
Author: Geetika Kapoor <gkapoor>
Date:   Fri Aug 12 05:35:58 2016 -0400

    Fix for BZ 1358462
    
    (cherry picked from commit 4b48187b744f1cff2a64c4c5eb00866875a1f99d)
    (cherry picked from commit 92b6378053ef427b3a73866dbee415f7ee32d5ae)
Comment 5 Roshni 2016-09-15 13:32:31 UTC 
[root@cypher ~]# rpm -qi pki-ca
Name        : pki-ca
Version     : 10.3.3
Release     : 10.el7
Architecture: noarch
Install Date: Tue 13 Sep 2016 09:58:32 AM EDT
Group       : System Environment/Daemons
Size        : 2431460
License     : GPLv2
Signature   : (none)
Source RPM  : pki-core-10.3.3-10.el7.src.rpm
Build Date  : Sat 10 Sep 2016 02:18:45 AM EDT
Build Host  : ppc-042.build.eng.bos.redhat.com
Relocations : (not relocatable)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor      : Red Hat, Inc.
URL         : http://pki.fedoraproject.org/
Summary     : Certificate System - Certificate Authority

[root@cypher ~]# pki -d certsdb -c Secret123 pkcs12-cert-find --pkcs12-file /root/.dogtag/pki-tomcat-rootCA/ca_admin_cert.p12 --pkcs12-password Secret123
---------------
1 entries found
---------------
  Certificate ID: 45d4a680fe6cbd3bd06bf28911f12fda02edab12
  Serial Number: 0x24
  Nickname: PKI Administrator for idmqe.lab.eng.bos.redhat.com
  Subject DN: CN=PKI Administrator,E=caadmin.eng.bos.redhat.com,OU=pki-tomcat-rootCA,O=idmqe.lab.eng.bos.redhat.com Security Domain
  Issuer DN: CN=Certificate Authority,OU=pki-ca,O=IdmqeLabEngBosRedhat Domain
  Has Key: true
[root@cypher ~]# pki -d certsdb -c Secret123 pkcs12-cert-del caadmin --pkcs12-file /root/.dogtag/pki-tomcat-rootCA/ca_admin_cert.p12 --pkcs12-password Secret123 
Exception: Certificate not found: caadmin

[root@cypher ~]# pki -d certsdb -c Secret123 pkcs12-cert-del "PKI Administrator for idmqe.lab.eng.bos.redhat.com" --pkcs12-file /root/.dogtag/pki-tomcat-rootCA/ca_admin_cert.p12 --pkcs12-password Secret123
------------------------------------------------------------------------
Deleted certificate "PKI Administrator for idmqe.lab.eng.bos.redhat.com"
------------------------------------------------------------------------
Comment 7 errata-xmlrpc 2016-11-04 05:26:20 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2396.html