[Pki-devel] [PATCH] 91 Refactored CertRevokeRequest and CertUnrevokeRequest classes in Dogtag 10

Abhishek Koneru akoneru at redhat.com
Fri May 16 15:49:37 UTC 2014 

Hi Christina,

Please find the revocation logs below.

Revocation using UI -

Without patch 91 -
[16/May/2014:11:18:09][http-bio-8443-exec-2]: SignedAuditEventFactory:
create()
message=[AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=$Unidentified$][CertSerialNum=0x7][RequestType=on-hold][RevokeReasonNum=6][Approval=complete] certificate status change request processed

With patch 91
[16/May/2014:11:36:52][http-bio-8443-exec-11]: SignedAuditEventFactory:
create()
message=[AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=8][CertSerialNum=0x7][RequestType=on-hold][RevokeReasonNum=6][Approval=complete] certificate status change request processed

Revocation using CLI - 

command - pki -d nssdb/ -c Secret123 -n "PKI Administrator for
redhat.com" cert-revoke 8

Without patch 91
[16/May/2014:11:24:36][http-bio-8443-exec-24]: SignedAuditEventFactory:
create()
message=[AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID=
$NonRoleUser$][Outcome=Success][ReqID=$Unidentified
$][CertSerialNum=0x8][RequestType=revoke][RevokeReasonNum=0][Approval=complete] certificate status change request processed

With patch 91 -
[16/May/2014:11:41:33][http-bio-8443-exec-17]: SignedAuditEventFactory:
create()
message=[AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID=
$NonRoleUser
$][Outcome=Success][ReqID=10][CertSerialNum=0x8][RequestType=revoke][RevokeReasonNum=0][Approval=complete] certificate status change request processed

Listing the certificate requests for enrolling the above certificates
using cli.
  Request ID: 7
  Type: enrollment
  Request Status: complete
  Operation Result: success
  Certificate ID: 0x7

  Request ID: 8
  Type: revocation
  Request Status: complete
  Operation Result: success

  Request ID: 9
  Type: enrollment
  Request Status: complete
  Operation Result: success
  Certificate ID: 0x8

  Request ID: 10
  Type: revocation
  Request Status: complete
  Operation Result: success

--Abhishek



On Thu, 2014-05-15 at 15:33 -0700, Christina Fu wrote:
> Hi Abhishek,
> The code appears to be correct, provided that the previously
> refactored code (which I did not review) works correctly, and it does
> not break the non-REST code.  Could you please
> 
> 1. provide a signed audit log event for one revocation request from
> the cli, where it shows an actual request id and verify that it is
> indeed the correct request id?
> 2.perform one single revocation from the non-REST agent interface and
> then verify the same revocation log event type for log request id?
> 
> thanks,
> Christina
> 
> On 05/05/2014 03:48 AM, Abhishek Koneru wrote:
> 
> > Sorry for the spam!
> > Please ignore the previous email.
> > 
> > --Abhishek
> > On Mon, 2014-05-05 at 06:44 -0400, Abhishek Koneru wrote:
> > > Please review the patch which refactors the CertRevokeRequest class and
> > > removes the CertUnrevokeRequest class in Dogtag 10. Description of the
> > > patch:
> > > 
> > > There seems to be no use of the requestID parameter in both revoke
> > > and unrevoke request. Removed requestID attribute in CertRevokeRequest
> > > remove the class CertUnrevokeRequest.
> > > 
> > > Also made changes in RevocationProcesor to use the requestID of the
> > > request created in it.
> > > 
> > > The setRequestID() is being called in the DoRevoke and DoUnRevoke
> > > servlets.
> > > Removed the call and a function auditRequesterId in both the classes.
> > > 
> > > The auditRequestorId method tries to get a "requestID" stored as a INPUT
> > > field
> > > in the reasonToRequest page. The ReasonToRevoke class which generates
> > > this page does not set the value.
> > > 
> > > * This patch is required for patch 92. The unrevoke_request method in
> > > CertClient on the python side will not work without this patch.
> > > 
> > > --Abhishek
> > > _______________________________________________
> > > Pki-devel mailing list
> > > Pki-devel at redhat.com
> > > https://www.redhat.com/mailman/listinfo/pki-devel
> > 
> > 
> > _______________________________________________
> > Pki-devel mailing list
> > Pki-devel at redhat.com
> > https://www.redhat.com/mailman/listinfo/pki-devel
> 
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel

More information about the Pki-devel mailing list