[Pki-devel] [PATCH] 91 Refactored CertRevokeRequest and CertUnrevokeRequest classes in Dogtag 10

Christina Fu cfu at redhat.com
Fri May 16 16:11:36 UTC 2014 

Hi Abhishek,
nice.  ACK.
thanks,
Christina

On 05/16/2014 08:49 AM, Abhishek Koneru wrote:
> Hi Christina,
>
> Please find the revocation logs below.
>
> Revocation using UI -
>
> Without patch 91 -
> [16/May/2014:11:18:09][http-bio-8443-exec-2]: SignedAuditEventFactory:
> create()
> message=[AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=$Unidentified$][CertSerialNum=0x7][RequestType=on-hold][RevokeReasonNum=6][Approval=complete] certificate status change request processed
>
> With patch 91
> [16/May/2014:11:36:52][http-bio-8443-exec-11]: SignedAuditEventFactory:
> create()
> message=[AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=8][CertSerialNum=0x7][RequestType=on-hold][RevokeReasonNum=6][Approval=complete] certificate status change request processed
>
> Revocation using CLI -
>
> command - pki -d nssdb/ -c Secret123 -n "PKI Administrator for
> redhat.com" cert-revoke 8
>
> Without patch 91
> [16/May/2014:11:24:36][http-bio-8443-exec-24]: SignedAuditEventFactory:
> create()
> message=[AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID=
> $NonRoleUser$][Outcome=Success][ReqID=$Unidentified
> $][CertSerialNum=0x8][RequestType=revoke][RevokeReasonNum=0][Approval=complete] certificate status change request processed
>
> With patch 91 -
> [16/May/2014:11:41:33][http-bio-8443-exec-17]: SignedAuditEventFactory:
> create()
> message=[AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID=
> $NonRoleUser
> $][Outcome=Success][ReqID=10][CertSerialNum=0x8][RequestType=revoke][RevokeReasonNum=0][Approval=complete] certificate status change request processed
>
> Listing the certificate requests for enrolling the above certificates
> using cli.
>    Request ID: 7
>    Type: enrollment
>    Request Status: complete
>    Operation Result: success
>    Certificate ID: 0x7
>
>    Request ID: 8
>    Type: revocation
>    Request Status: complete
>    Operation Result: success
>
>    Request ID: 9
>    Type: enrollment
>    Request Status: complete
>    Operation Result: success
>    Certificate ID: 0x8
>
>    Request ID: 10
>    Type: revocation
>    Request Status: complete
>    Operation Result: success
>
> --Abhishek
>
>
>
> On Thu, 2014-05-15 at 15:33 -0700, Christina Fu wrote:
>> Hi Abhishek,
>> The code appears to be correct, provided that the previously
>> refactored code (which I did not review) works correctly, and it does
>> not break the non-REST code.  Could you please
>>
>> 1. provide a signed audit log event for one revocation request from
>> the cli, where it shows an actual request id and verify that it is
>> indeed the correct request id?
>> 2.perform one single revocation from the non-REST agent interface and
>> then verify the same revocation log event type for log request id?
>>
>> thanks,
>> Christina
>>
>> On 05/05/2014 03:48 AM, Abhishek Koneru wrote:
>>
>>> Sorry for the spam!
>>> Please ignore the previous email.
>>>
>>> --Abhishek
>>> On Mon, 2014-05-05 at 06:44 -0400, Abhishek Koneru wrote:
>>>> Please review the patch which refactors the CertRevokeRequest class and
>>>> removes the CertUnrevokeRequest class in Dogtag 10. Description of the
>>>> patch:
>>>>
>>>> There seems to be no use of the requestID parameter in both revoke
>>>> and unrevoke request. Removed requestID attribute in CertRevokeRequest
>>>> remove the class CertUnrevokeRequest.
>>>>
>>>> Also made changes in RevocationProcesor to use the requestID of the
>>>> request created in it.
>>>>
>>>> The setRequestID() is being called in the DoRevoke and DoUnRevoke
>>>> servlets.
>>>> Removed the call and a function auditRequesterId in both the classes.
>>>>
>>>> The auditRequestorId method tries to get a "requestID" stored as a INPUT
>>>> field
>>>> in the reasonToRequest page. The ReasonToRevoke class which generates
>>>> this page does not set the value.
>>>>
>>>> * This patch is required for patch 92. The unrevoke_request method in
>>>> CertClient on the python side will not work without this patch.
>>>>
>>>> --Abhishek
>>>> _______________________________________________
>>>> Pki-devel mailing list
>>>> Pki-devel at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/pki-devel
>>>
>>> _______________________________________________
>>> Pki-devel mailing list
>>> Pki-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/pki-devel
>> _______________________________________________
>> Pki-devel mailing list
>> Pki-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-devel
>

More information about the Pki-devel mailing list