Bug 1912691

Summary: [RFE] ticket classes should use SHA-256
Product: [oVirt] ovirt-engine Reporter: Yedidyah Bar David <didi>
Component: Backend.CoreAssignee: Liran Rotenberg <lrotenbe>
Status: CLOSED CURRENTRELEASE QA Contact: Qin Yuan <qiyuan>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 4.4.4CC: ahadas, bugs, dfodor, mperina, sgratch
Target Milestone: ovirt-4.4.6Keywords: CodeChange, FutureFeature
Target Release: 4.4.6.3Flags: ahadas: ovirt-4.4?
pm-rhel: planning_ack?
pm-rhel: devel_ack+
pm-rhel: testing_ack+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ovirt-engine-4.4.6.3 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-05-05 05:35:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Virt RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1912689    
Bug Blocks: 1912687    

Description Yedidyah Bar David 2021-01-05 08:21:04 UTC 
Description of problem:

TicketEncoder.java/TicketDecoder.java use SHA-1 for signatures/verification.

This should be replaced with SHA-256.

It should be done in coordination with updating the equivalent python code, and users of both of them.
Comment 2 Qin Yuan 2021-04-22 13:08:20 UTC 
Verified with:
ovirt-engine-4.4.6.5-447.gd80dda7.9.el8ev.noarch

Steps:
1. Create and run a VM
   - cluster compatibility version 4.6
   - template latest-rhel-guest-image-8.3-infra 
   - graphics protocol VNC
   - enable VirtIO serial console

2. Test noVNC
1) Make sure websocket proxy is configured, import CA of the engine in browser
2) Open VM console options window, select noVNC
3) Click VM Console button, check if a new browser tab with noVNC session appears.
4) Check if commands could be run on noVNC session.

3. Test serial console
1) Create ssh-key on engine by ssh-keygen -t rsa -f /root/.ssh/sc_test_key -q -N ''
2) Set the pub key (/root/.ssh/sc_test_key.pub) on engine web-UI under 'Options'
3) Make sure the VM is available for connection by running the following on the engine: ssh -o StrictHostKeyChecking=no -t -i /root/.ssh/sc_test_key -p 2222 ovirt-vmconsole@<engine_fqdn> list
4) Try connecting to the VM by running the following on the engine: ssh -o StrictHostKeyChecking=no -t -i /root/.ssh/sc_test_key -p 2222 ovirt-vmconsole@<engine_fqdn> connect --vm-name=<test_vm>
5) Check if commands could be run on serial console.

Results:
1. New browser tab with noVNC session appears when clicking VM Console button, could run commands on the opened noVNC session.
2. Could connect to VM serial console and run commands on it.
Comment 3 Sandro Bonazzola 2021-05-05 05:35:58 UTC 
This bugzilla is included in oVirt 4.4.6 release, published on May 4th 2021.

Since the problem described in this bug report should be resolved in oVirt 4.4.6 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.