+++ This bug was initially created as a clone of Bug #647364 +++ This was discovered during Bug 637330 - CC feature: Key Management - verify sig of cert each time key is accessed (JAVA subsystems). TPS has no such issue: Bug 642084 - CC feature: Key Management -provide signature verification functions (TPS subsystem) Reason being that for TPS I could directly call the right function. For Java subsystem, I need to expose that via JSS. --- Additional comment from cfu on 2010-11-01 13:20:08 EDT --- Created attachment 456936 [details] JSS new function to verify certificates using non-obsolete NSS call --- Additional comment from cfu on 2010-11-01 13:35:07 EDT --- Created attachment 456938 [details] java subsystems cert verification using new JSS function This has dependency on the new JSS build. --- Additional comment from cfu on 2010-11-01 14:40:34 EDT --- Created attachment 456956 [details] java subsystems cert verification using new JSS function accidentally submitted wrong patch. Replacing... --- Additional comment from awnuk on 2010-11-01 14:56:59 EDT --- attachment 456936 [details] attachment 456956 [details] + awnuk --- Additional comment from cfu on 2010-11-01 20:59:17 EDT --- JSS on RHEL official build jss-4.2.6-8.el5idm: https://brewweb.devel.redhat.com/buildinfo?buildID=148032 8.1 pseudo-trunk $ svn commit Sending base/common/src/com/netscape/certsrv/apps/CMS.java Sending base/common/src/com/netscape/certsrv/apps/ICMSEngine.java Sending base/common/src/com/netscape/cmscore/apps/CMSEngine.java Sending base/common/src/com/netscape/cmscore/cert/CertUtils.java Transmitting file data .... Committed revision 1458. tip cannot check in pending jss availability on fedora --- Additional comment from cfu on 2010-11-01 21:05:14 EDT --- Created attachment 457019 [details] on TPS, matching Java side to allow not specifying cert usage --- Additional comment from jmagne on 2010-11-01 21:23:19 EDT --- attachment 457019 [details] jmagne++ --- Additional comment from cfu on 2010-11-01 22:20:34 EDT --- RHCS81 TPS checkin $ svn commit Sending tps/src/engine/RA.cpp Transmitting file data . Committed revision 1462. tip: $ svn commit Sending tps/src/engine/RA.cpp Transmitting file data . Committed revision 1463. --- Additional comment from cfu on 2010-11-01 22:21:48 EDT --- will clone this bug for Dogtag to wait for JSS to be built on Fedora.
JSS 4.2.6.8 now available on Fedora: Tip checkin: $ svn commit Enter passphrase for key '/home/cfu/.ssh/id_rsa': Sending base/common/src/com/netscape/certsrv/apps/CMS.java Sending base/common/src/com/netscape/certsrv/apps/ICMSEngine.java Sending base/common/src/com/netscape/cmscore/apps/CMSEngine.java Sending base/common/src/com/netscape/cmscore/cert/CertUtils.java Transmitting file data .... Committed revision 1470.
The patch depends on JSS 4.2.6.8