Bug 496759

Summary: esc: User enrollment throws coolkey PKCS #11 CSP error
Product: [Retired] Dogtag Certificate System Reporter: Asha Akkiangady <aakkiang>
Component: ESCAssignee: Jack Magne <jmagne>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: alee, benl, mharmsen
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-07-22 23:34:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 443788    
Attachments:
Description Flags
At the end of the user enrollment shows 2 'Please enter your PIN' dialog boxes.
none
Error during PIN verification message, when correct pin is entered. none

Description Asha Akkiangady 2009-04-21 00:17:21 UTC
Created attachment 340457 [details]
At the end of the user enrollment shows 2  'Please enter your PIN' dialog boxes.

Description of problem:
User enrollment made with no changes to default esc-prefs.js shows 2 dialog boxes to enter the pin. Entering the correct pin leads to PKCS #11 CSP error.

Version-Release number of selected component (if applicable):
CS 8.0

How reproducible:


Steps to Reproduce:
Test is run on windows XP.
1. With the default esc-prefs.js setting start the esc application.
2. Insert token to the usb drive and enroll a user.

Actual results:
Has 2 'Please enter your PIN' dialog boxes. If you enter the correct pin them, throws PKCS #11 CSP error.

Expected results:
Should not show 2 'Please enter your PIN' dialog boxes. Entering correct PIN should not throw error.

Additional info:

Comment 1 Asha Akkiangady 2009-04-21 00:19:34 UTC
Created attachment 340458 [details]
Error during PIN verification message, when correct pin is entered.

Comment 2 Jack Magne 2009-06-06 00:17:57 UTC
This is caused by a bogus token removal event that takes place at the end of an enrollment. The bogus removal event is then followed by a bogus insertion event.

Comment 3 Jack Magne 2009-06-06 00:18:26 UTC
The following change fixes this:

Index: SmartCardMonitoringThread.cpp
===================================================================
RCS file: /cvs/dirsec/esc/src/lib/coolkey/SmartCardMonitoringThread.cpp,v
retrieving revision 1.4
diff -r1.4 SmartCardMonitoringThread.cpp
162c162
<         if (info && (!isPresent || (info->mSeries != PK11_GetSlotSeries(slot))
) ) {
---
>         if (info && !isPresent) {

Comment 4 Matthew Harmsen 2009-06-06 00:21:17 UTC
Comment #3 +mharmsen

Comment 5 Jack Magne 2009-06-06 00:24:05 UTC
Checking in SmartCardMonitoringThread.cpp;
/cvs/dirsec/esc/src/lib/coolkey/SmartCardMonitoringThread.cpp,v  <--  SmartCardM
onitoringThread.cpp
new revision: 1.5; previous revision: 1.4
done
Running syncmail...
Mailing relnotes...
...syncmail done.
Running syncmail...
Mailing cvsdirsec...
...syncmail done.

Comment 6 Jack Magne 2009-06-06 00:24:27 UTC
Will be fixed in next build.

Comment 7 Asha Akkiangady 2009-06-10 23:01:51 UTC
Verified.

Performed user enrollment with ESC build SmartCardManagerSetup-1.1.0-6.win32.i386.exe, no issues with pin verification.