Bug 480255
Summary: | User Certificate gets renewed when cert is not in grace period. | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Retired] Dogtag Certificate System | Reporter: | Asha Akkiangady <aakkiang> | ||||||||
Component: | Certificate Manager | Assignee: | Christina Fu <cfu> | ||||||||
Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> | ||||||||
Severity: | medium | Docs Contact: | |||||||||
Priority: | high | ||||||||||
Version: | unspecified | CC: | awnuk, benl, jgalipea, jmagne, mharmsen | ||||||||
Target Milestone: | --- | ||||||||||
Target Release: | --- | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2009-07-22 23:31:11 UTC | Type: | --- | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Bug Depends On: | |||||||||||
Bug Blocks: | 443788 | ||||||||||
Attachments: |
|
Description
Asha Akkiangady
2009-01-16 00:14:34 UTC
*** Bug 481373 has been marked as a duplicate of this bug. *** Please supply your test profile. To test grace period, you must have the following parameters in your profile, and have enabled in the policyset list: policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint policyset.userCertSet.10.constraint.params.renewal.graceBefore=30 policyset.userCertSet.10.constraint.params.renewal.graceAfter=30 policyset.userCertSet.10.default.class_id=noDefaultImpl policyset.userCertSet.10.default.name=No Default Since I do not see these in your bug report description, I am requesting you to attach your profile so I can take a look. Thanks. Yes, the renewal grace period has the default values as mentioned in the Description of problem above. policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint policyset.userCertSet.10.constraint.params.renewal.graceBefore=30 policyset.userCertSet.10.constraint.params.renewal.graceAfter=30 policyset.userCertSet.10.default.class_id=noDefaultImpl policyset.userCertSet.10.default.name=No Default Created attachment 347253 [details]
calculate the time diff in terms of miliseconds instead of days
Created attachment 347254 [details]
spec file diff
attachment (id=347253) attachment (id=347254) +mharmsen [cfu@jaw common]$ pwd /home/cfu/dogtag/src0/pki/base/common [cfu@jaw common]$ svn commit src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java Sending src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java Transmitting file data . Committed revision 575. [cfu@jaw common]$ pwd /home/cfu/dogtag/src0/pki/dogtag/common [cfu@jaw common]$ svn commit pki-common.spec Sending pki-common.spec Transmitting file data . Committed revision 576. the fix actually is no good. Created attachment 347298 [details]
had to resolve to BigInteger
Attachment (id=347298) +jmange [cfu@jaw constraint]$ svn commit RenewGracePeriodConstraint.java Sending RenewGracePeriodConstraint.java Transmitting file data . Committed revision 581. Verified: Sorry, your request has been rejected. The reason is "Request Rejected - Outside of Renewal Grace Period: 30 days before and 30 days after original cert expiration date" |