Bug 1469432
| Summary: | CMC plugin default change | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Jaroslav Reznik <jreznik> |
| Component: | pki-core | Assignee: | RHCS Maintainers <rhcs-maint> |
| Status: | CLOSED ERRATA | QA Contact: | Asha Akkiangady <aakkiang> |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 7.4 | CC: | cfu, dkholia, gkapoor, jmagne, mharmsen, msauton, salmy |
| Target Milestone: | rc | Keywords: | ZStream |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | pki-core-10.4.1-11.el7 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | 1466486 | Environment: | |
| Last Closed: | 2017-08-01 11:31:47 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1466486 | ||
| Bug Blocks: | 1470817 | ||
|
Description
Jaroslav Reznik
2017-07-11 09:25:24 UTC
*** Bug 1470948 has been marked as a duplicate of this bug. *** Test Build:
==========
rpm -qa pki-*
pki-console-10.4.1-5.el7pki.noarch
pki-javadoc-10.4.1-11.el7.noarch
pki-symkey-10.4.1-11.el7.x86_64
pki-tools-10.4.1-11.el7.x86_64
pki-base-10.4.1-11.el7.noarch
pki-kra-10.4.1-11.el7.noarch
pki-server-10.4.1-11.el7.noarch
pki-ocsp-10.4.1-10.el7pki.noarch
pki-base-java-10.4.1-11.el7.noarch
pki-ca-10.4.1-11.el7.noarch
pki-tps-10.4.1-10.el7pki.x86_64
pki-tks-10.4.1-10.el7pki.noarch
pki-core-debuginfo-10.4.1-11.el7.x86_64
Test Cases:
-----------
Test Case 1:
===========
When cmc.revokeCert.sharedSecret.class and cmc.sharedSecret.class are not present in CS.cfg
1. Install CA with new bits i.e pki-ca-10.4.1-11.el7.noarch.
2. Verified by default CS.cfg doesn't have:
cmc.revokeCert.sharedSecret.class=com.netscape.cms.authentication.SharedSecret
cmc.sharedSecret.class=com.netscape.cms.authentication.SharedSecret
3. perform one CMC test and see how it works if above two properties are missing from CA's CS.cfg.
<snip output>
Number of controls is 1
Control #0: CMCStatusInfo
OID: {1 3 6 1 5 5 7 7 1}
BodyList: 0
Status String: Proof-of-Identification Verification Failed after verifyIdentityProofV2
OtherInfo type: FAIL
</snip output>
Test Case 2: Add the two properties manually in CS.cfg and restart CA.
===========
1. Add the two properties manually in CS.cfg and make sure CMC tests worked.
2. Features tested and verified as part of this testing:
-- User-signed CMC requests Example (with PopLinkWitnessV2)
-- Self-Signed CMC Request Example (with IdentityProofV2)
-- User-signed CMC request Without POP (Encrypted POP / Decrypted POP)
-- User-Signed CMC Renewal Request
I have tried to cover basic sanity testing for CMC.Please revert if you think any other test case I need to cover as part of this testing.
Marking bug as verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:2335 |