Bug 488291 - Missing renewal feature for smart cards in TMS
Missing renewal feature for smart cards in TMS
Status: CLOSED ERRATA
Product: Dogtag Certificate System
Classification: Community
Component: TPS (Show other bugs)
1.1
All Linux
urgent Severity medium
: ---
: ---
Assigned To: Christina Fu
Chandrasekar Kannan
:
Depends On: 493118
Blocks: 443788
  Show dependency treegraph
 
Reported: 2009-03-03 11:48 EST by Christina Fu
Modified: 2015-01-04 18:36 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-07-22 19:32:45 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
smart card cert renewal feature implementation (32.20 KB, text/plain)
2009-03-31 13:12 EDT, Christina Fu
no flags Details
profiles change to give renewal grace period (1.97 KB, application/octet-stream)
2009-03-31 13:14 EDT, Christina Fu
no flags Details
smart card renewal sample signing profile (307 bytes, text/plain)
2009-03-31 13:15 EDT, Christina Fu
no flags Details
smart card renewal sample encryption profile (318 bytes, text/plain)
2009-03-31 13:15 EDT, Christina Fu
no flags Details
added smart card enrollment profiles to CA's CS.cfg (3.25 KB, text/plain)
2009-03-31 13:21 EDT, Christina Fu
no flags Details
tps spec file change (18.33 KB, text/plain)
2009-03-31 13:38 EDT, Christina Fu
no flags Details
ca spec file changes (15.88 KB, text/plain)
2009-03-31 13:45 EDT, Christina Fu
no flags Details

  None (edit)
Comment 1 Christina Fu 2009-03-31 13:12:35 EDT
Created attachment 337337 [details]
smart card cert renewal feature implementation
Comment 2 Christina Fu 2009-03-31 13:14:12 EDT
Created attachment 337338 [details]
profiles change to give renewal grace period
Comment 3 Christina Fu 2009-03-31 13:15:09 EDT
Created attachment 337339 [details]
smart card renewal sample signing profile
Comment 4 Christina Fu 2009-03-31 13:15:58 EDT
Created attachment 337340 [details]
smart card renewal sample encryption profile
Comment 5 Christina Fu 2009-03-31 13:21:12 EDT
Created attachment 337341 [details]
added smart card enrollment profiles to CA's CS.cfg
Comment 6 Christina Fu 2009-03-31 13:27:55 EDT
Submitted is the basic renewal feature for smart card (token) certificate renewal.
Note:
* The grace period check on TPS is currently disabled.  It relies on the CA to make decisions.
* To enable a token for renewal, agent needs to go to TUS agent interface and change the policy to "RENEW=YES" (this is different from the default of "RE_ENROLL=YES"
* Currently labels are not tunable in CS.cfg.  It will be added later.
* This feature will require the newest ESC from today's (would-be) changes.
* To try renewal, format and enroll token. Then when you press "Enroll" button again on ESC for the same token, you will be exercising the renewal code.

Jack please review.
Comment 7 Christina Fu 2009-03-31 13:38:29 EDT
Created attachment 337351 [details]
tps spec file change
Comment 8 Christina Fu 2009-03-31 13:45:58 EDT
Created attachment 337355 [details]
ca spec file changes
Comment 9 Jack Magne 2009-03-31 14:00:13 EDT
Attachment (id=337337) +jmagne  ;

Check for memory leaks though, lots of new complex code.
Comment 10 Christina Fu 2009-03-31 14:02:23 EDT
(In reply to comment #9)
> Attachment (id=337337) +jmagne  ;
> 
> Check for memory leaks though, lots of new complex code.  

yes, that will be done post Beta.  This feature is not on by default and will not affect existing functionality.
Comment 11 Jack Magne 2009-03-31 14:05:00 EDT
Attachment (id=337338) +jmagne
Comment 12 Jack Magne 2009-03-31 14:09:43 EDT
Attachments (id=337340) (id=337341) (id=337351) (id=337355) +jmagne
Comment 13 Christina Fu 2009-03-31 14:19:00 EDT
/home/cfu/dogtag/src-tps/pki/base/tps
[cfu@claw tps]$ svn commit
Sending        tps/doc/CS.cfg
Sending        tps/src/cms/CertEnroll.cpp
Sending        tps/src/engine/RA.cpp
Sending        tps/src/include/cms/CertEnroll.h
Sending        tps/src/include/engine/RA.h
Sending        tps/src/include/processor/RA_Enroll_Processor.h
Sending        tps/src/include/processor/RA_Processor.h
Sending        tps/src/include/tus/tus_db.h
Sending        tps/src/processor/RA_Enroll_Processor.cpp
Sending        tps/src/tus/tus_db.c
Transmitting file data ..........
Committed revision 356.

/home/cfu/dogtag/src-tps/pki/base/ca/shared
[cfu@claw shared]$ svn commit
Sending        shared/conf/CS.cfg
Sending        shared/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg
Adding         shared/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg
Sending        shared/profiles/ca/caTokenUserSigningKeyEnrollment.cfg
Adding         shared/profiles/ca/caTokenUserSigningKeyRenewal.cfg
Transmitting file data .....
Committed revision 357.

/home/cfu/dogtag/src-tps/pki/dogtag/tps
[cfu@claw tps]$ svn commit
Sending        tps/pki-tps.spec
Transmitting file data .
Committed revision 358.

/home/cfu/dogtag/src-tps/pki/dogtag/ca
[cfu@claw ca]$ svn commit
Sending        ca/pki-ca.spec
Transmitting file data .
Committed revision 359.

Note You need to log in before you can comment on or make changes to this bug.