Bug 648757 - expose and use updated cert verification function in JSS
Summary: expose and use updated cert verification function in JSS
Keywords:
Status: CLOSED EOL
Alias: None
Product: Dogtag Certificate System
Classification: Retired
Component: JSS
Version: unspecified
Hardware: Unspecified
OS: Unspecified
low
high
Target Milestone: ---
Assignee: Christina Fu
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On: 647364
Blocks: dogtagIPAv2 642407
TreeView+ depends on / blocked
 
Reported: 2010-11-02 02:27 UTC by Christina Fu
Modified: 2020-03-27 18:37 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of: 647364
Environment:
Last Closed: 2020-03-27 18:37:08 UTC
Embargoed:

Attachments (Terms of Use)

Description Christina Fu 2010-11-02 02:27:46 UTC 
+++ This bug was initially created as a clone of Bug #647364 +++

This was discovered during Bug 637330  - CC feature: Key
Management - verify sig of cert each time key is accessed (JAVA subsystems).

TPS has no such issue: Bug 642084  - CC feature: Key Management -provide signature verification functions (TPS subsystem)
Reason being that for TPS I could directly call the right function.

For Java subsystem, I need to expose that via JSS.

--- Additional comment from cfu on 2010-11-01 13:20:08 EDT ---

Created attachment 456936 [details]
JSS new function to verify certificates using non-obsolete NSS call

--- Additional comment from cfu on 2010-11-01 13:35:07 EDT ---

Created attachment 456938 [details]
java subsystems cert verification using new JSS function

This has dependency on the new JSS build.

--- Additional comment from cfu on 2010-11-01 14:40:34 EDT ---

Created attachment 456956 [details]
java subsystems cert verification using new JSS function

accidentally submitted wrong patch.  Replacing...

--- Additional comment from awnuk on 2010-11-01 14:56:59 EDT ---

attachment 456936 [details]
attachment 456956 [details]
+ awnuk

--- Additional comment from cfu on 2010-11-01 20:59:17 EDT ---

JSS on RHEL official build jss-4.2.6-8.el5idm:
https://brewweb.devel.redhat.com/buildinfo?buildID=148032

8.1 pseudo-trunk
$ svn commit
Sending        base/common/src/com/netscape/certsrv/apps/CMS.java
Sending        base/common/src/com/netscape/certsrv/apps/ICMSEngine.java
Sending        base/common/src/com/netscape/cmscore/apps/CMSEngine.java
Sending        base/common/src/com/netscape/cmscore/cert/CertUtils.java
Transmitting file data ....
Committed revision 1458.

tip cannot check in pending jss availability on fedora

--- Additional comment from cfu on 2010-11-01 21:05:14 EDT ---

Created attachment 457019 [details]
on TPS, matching Java side to allow not specifying cert usage

--- Additional comment from jmagne on 2010-11-01 21:23:19 EDT ---

attachment 457019 [details] jmagne++

--- Additional comment from cfu on 2010-11-01 22:20:34 EDT ---

RHCS81 TPS checkin
$ svn commit
Sending        tps/src/engine/RA.cpp
Transmitting file data .
Committed revision 1462.

tip:
$ svn commit
Sending        tps/src/engine/RA.cpp
Transmitting file data .
Committed revision 1463.

--- Additional comment from cfu on 2010-11-01 22:21:48 EDT ---

will clone this bug for Dogtag to wait for JSS to be built on Fedora.
Comment 1 Christina Fu 2010-11-04 00:59:04 UTC 
JSS 4.2.6.8 now available on Fedora:

Tip checkin:

$ svn commit
Enter passphrase for key '/home/cfu/.ssh/id_rsa': 
Sending        base/common/src/com/netscape/certsrv/apps/CMS.java
Sending        base/common/src/com/netscape/certsrv/apps/ICMSEngine.java
Sending        base/common/src/com/netscape/cmscore/apps/CMSEngine.java
Sending        base/common/src/com/netscape/cmscore/cert/CertUtils.java
Transmitting file data ....
Committed revision 1470.
Comment 2 Christina Fu 2010-11-04 00:59:55 UTC 
The patch depends on JSS 4.2.6.8
Note You need to log in before you can comment on or make changes to this bug.