Bug 171353 - Unable to download a certificate from Gateway/Phonebook
Summary: Unable to download a certificate from Gateway/Phonebook
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Directory Server
Classification: Red Hat
Component: UI - Gateway/Phonebook
Version: 7.1
Hardware: All
OS: Linux
medium
low
Target Milestone: DS8.1
: ---
Assignee: Rich Megginson
QA Contact: Viktor Ashirov
URL:
Whiteboard:
Depends On:
Blocks: 434912 FDS112
TreeView+ depends on / blocked
 
Reported: 2005-10-21 00:10 UTC by Marco Bill-Peter
Modified: 2016-05-06 14:43 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-05-06 14:43:28 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
diffs (1.09 KB, patch)
2008-02-28 21:30 UTC, Rich Megginson
no flags Details | Diff
cvs commit log (135 bytes, text/plain)
2008-02-28 22:18 UTC, Rich Megginson
no flags Details
cvs commit log (1.99 KB, text/plain)
2008-06-27 18:50 UTC, Rich Megginson
no flags Details

Description Ben Le 2005-10-21 00:10:10 UTC
Description of problem:
Unable to download the cert file from Gateway/Phonebook with Mozilla and Firefox
when click or double clicks to the link.

Version-Release number of selected component (if applicable):
7.1

How reproducible:
Setup CA on CS 7.1 with "publishing" and "default LDAP connection" are enabled
then issued a cert to user. Access the Gateway/Phonebook to get the cert from User.

Steps to Reproduce:
1.Go to the Gateway/Phonebook
http://master:19830/clients/dsgw/bin/lang?context=dsgw 
2.Click Advanced Search tab
3.Search a user (somebody) you want to download the cert file then click to the
link to open it.
4.The "download certificate" link will be display on top of the left side.
5. Click or double clicks to the link to download the file.

Actual results:
Nothing was happend. User was unable to download the file (cert).

Expected results:
1. A new window will pop up to let a user download the file.

Additional info:
 
It works with safari browser with one click on the link. Also it works with
mozilla and firefox when right mouse click on the link then select "Save Link as".

Comment 1 Orla Hegarty 2005-10-21 00:25:41 UTC
This is a weird one and seems to be browser related.

Steps to Reproduce:
1. Install Directory Server
2. Create backend dc=example,dc=com and import the Example.ldif
3. Get a cert for one of user entries and add it to the entry
1.Go to the Gateway/Phonebook
e.g. http://master:19830/clients/dsgw/bin/lang?context=dsgw 
2.Click Advanced Search tab
3.Search a user (somebody) you want to download the cert file then click to the
link to open it.
4.The "download certificate" link will be display on top of the left side.
5. Click or double clicks to the link to download the file.

So for mozilla or firefox single or double click doesn't pop up the window to
allow you to download the user certificate and add it to your key ring.

On Safari ( or IE - Ben reports ) a single click does pop up the window to allow
you to download the user certificate and add it to your key ring. Now you can
send email to that person using their public key. 

The odd thing that that a right click on mozilla or firefox invokes the window
to download that users public key. 



Comment 2 Chandrasekar Kannan 2007-07-25 19:10:19 UTC
DS7.2 is not a valid milestone anymore. Anything thats set to DS7.2 should be
set to DS8.0. Will make further changes per bug council on 07/24/2007, after this.

Comment 4 Red Hat Bugzilla 2007-10-19 04:28:02 UTC
User ble's account has been closed

Comment 5 Rich Megginson 2008-02-28 21:30:47 UTC
Created attachment 296266 [details]
diffs

Comment 6 Rich Megginson 2008-02-28 22:18:26 UTC
Created attachment 296278 [details]
cvs commit log

Reviewed by: nkinder (Thanks!)
Fix Description: The code expects the attribute to be encoded like this -
attrname&mimetype&index.  However, the code was outputtting the & as literal
"&" chars. We need to output them encoded as %26 instead.
With this fix, if I click on the Download Certificate link, and the certificate
is a real email certificate (i.e. not a CA cert or a server cert or some other
type of cert), Firefox 2 will silently install it under Other People's
certificates in the certificate window.  An attempt to use any other type of
cert will silently fail.  NOTE: If you actually want to use this cert in an
email program, you should right click on the link and select Save Link As... to
save the cert in a local file, then import that into your email program.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no

Comment 7 Rich Megginson 2008-06-27 18:50:21 UTC
Created attachment 310468 [details]
cvs commit log

Resolves: bug 171353
Bug Description: Unable to download a certificate from Gateway/Phonebook
Reviewed by: trivial
Fix Description: Have to support both "userCertificate;binary" and
"userCertificate"
Platforms tested: HP-UX
Flag Day: no
Doc impact: no

Comment 8 Anh Nguyen 2008-07-09 21:11:46 UTC
Intalled the binary cert via the console for user scarter; did the <advance
search> for this user via webapps; click <download certificate>; viewing the
downloaded certificat with this command: openssl x509 -inform DER -in
dosearch.html -text (see results below); marking this bug VERIFIED.

[root@dhcp-231 ~]# openssl x509 -in /tmp/dosearch.htm -text -inform DER
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 10000 (0x2710)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: O=redhat, CN=RedHat Subordinate CA Test Cert
        Validity
            Not Before: Jun 19 20:53:43 2008 GMT
            Not After : Dec 19 20:53:43 2009 GMT
        Subject: O=redhat, CN=RedHat Subordinate CA Test Cert
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:af:5b:b5:20:12:46:c9:9c:2d:8d:df:7b:11:c1:
                    61:fa:79:9d:9a:3b:8c:52:81:4b:20:60:b9:43:e4:
                    2c:66:cc:a8:3b:66:bc:8a:3a:1e:f8:fe:af:3d:45:
                    86:34:16:39:7a:73:39:1f:e3:5d:e0:83:f9:3a:1e:
                    aa:0b:67:45:1c:4d:dd:fc:8c:1c:f4:4d:ea:4e:cc:
                    41:20:6e:2a:ce:0a:ef:76:04:37:59:e0:32:2f:64:
                    f4:2c:ea:a9:ad:f7:e2:ef:43:ae:d8:9e:09:62:8d:
                    7c:d2:fe:4d:44:c4:d1:7e:35:51:50:65:bf:85:81:
                    b4:1b:c1:2c:7e:31:1b:4f:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:TRUE, pathlen:0
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication,
OCSP Signing
            X509v3 Key Usage: 
                Digital Signature, Certificate Sign, CRL Sign
    Signature Algorithm: md5WithRSAEncryption
        a3:96:30:0f:9d:d5:fa:61:22:94:c6:d6:f6:c3:41:ad:67:5a:
        bb:9b:bc:d5:22:76:cb:3f:78:a8:8e:e2:60:28:72:c7:9a:d2:
        65:a0:5c:3c:62:a3:6e:f0:38:68:3e:db:88:14:2e:a6:df:32:
        cb:6e:4c:26:87:71:6b:3d:ab:5b:70:f8:d1:df:91:fa:d6:59:
        76:0d:d8:46:58:ba:b1:c2:29:b9:48:05:ab:11:9a:70:be:64:
        43:ca:c6:5b:0b:81:fe:40:de:d4:3e:56:b1:e6:f4:77:7d:67:
        cf:ef:49:ca:4b:d4:0f:30:27:e4:98:8a:d5:13:90:81:1f:f4:
        8e:0d
-----BEGIN CERTIFICATE-----
MIICNjCCAZ+gAwIBAgICJxAwDQYJKoZIhvcNAQEEBQAwOzEPMA0GA1UEChMGcmVk
aGF0MSgwJgYDVQQDEx9SZWRIYXQgU3Vib3JkaW5hdGUgQ0EgVGVzdCBDZXJ0MB4X
DTA4MDYxOTIwNTM0M1oXDTA5MTIxOTIwNTM0M1owOzEPMA0GA1UEChMGcmVkaGF0
MSgwJgYDVQQDEx9SZWRIYXQgU3Vib3JkaW5hdGUgQ0EgVGVzdCBDZXJ0MIGfMA0G
CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvW7UgEkbJnC2N33sRwWH6eZ2aO4xSgUsg
YLlD5CxmzKg7ZryKOh74/q89RYY0Fjl6czkf413gg/k6HqoLZ0UcTd38jBz0TepO
zEEgbirOCu92BDdZ4DIvZPQs6qmt9+LvQ67YnglijXzS/k1ExNF+NVFQZb+FgbQb
wSx+MRtPvQIDAQABo0kwRzAPBgNVHRMECDAGAQH/AgEAMCcGA1UdJQQgMB4GCCsG
AQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwCwYDVR0PBAQDAgGGMA0GCSqGSIb3
DQEBBAUAA4GBAKOWMA+d1fphIpTG1vbDQa1nWrubvNUidss/eKiO4mAocsea0mWg
XDxio27wOGg+24gULqbfMstuTCaHcWs9q1tw+NHfkfrWWXYN2EZYurHCKblIBasR
mnC+ZEPKxlsLgf5A3tQ+VrHm9Hd9Z8/vScpL1A8wJ+SYitUTkIEf9I4N
-----END CERTIFICATE-----
[root@dhcp-231 ~]# 




Note You need to log in before you can comment on or make changes to this bug.