[Pki-devel] [PATCH] 91 Refactored CertRevokeRequest and CertUnrevokeRequest classes in Dogtag 10

Abhishek Koneru akoneru at redhat.com
Fri May 16 18:19:29 UTC 2014 

Thanks Christina. Pushed to master.

--Abhishek
On Fri, 2014-05-16 at 09:11 -0700, Christina Fu wrote:
> Hi Abhishek,
> nice.  ACK.
> thanks,
> Christina
> 
> On 05/16/2014 08:49 AM, Abhishek Koneru wrote:
> > Hi Christina,
> >
> > Please find the revocation logs below.
> >
> > Revocation using UI -
> >
> > Without patch 91 -
> > [16/May/2014:11:18:09][http-bio-8443-exec-2]: SignedAuditEventFactory:
> > create()
> > message=[AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=$Unidentified$][CertSerialNum=0x7][RequestType=on-hold][RevokeReasonNum=6][Approval=complete] certificate status change request processed
> >
> > With patch 91
> > [16/May/2014:11:36:52][http-bio-8443-exec-11]: SignedAuditEventFactory:
> > create()
> > message=[AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=8][CertSerialNum=0x7][RequestType=on-hold][RevokeReasonNum=6][Approval=complete] certificate status change request processed
> >
> > Revocation using CLI -
> >
> > command - pki -d nssdb/ -c Secret123 -n "PKI Administrator for
> > redhat.com" cert-revoke 8
> >
> > Without patch 91
> > [16/May/2014:11:24:36][http-bio-8443-exec-24]: SignedAuditEventFactory:
> > create()
> > message=[AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID=
> > $NonRoleUser$][Outcome=Success][ReqID=$Unidentified
> > $][CertSerialNum=0x8][RequestType=revoke][RevokeReasonNum=0][Approval=complete] certificate status change request processed
> >
> > With patch 91 -
> > [16/May/2014:11:41:33][http-bio-8443-exec-17]: SignedAuditEventFactory:
> > create()
> > message=[AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID=
> > $NonRoleUser
> > $][Outcome=Success][ReqID=10][CertSerialNum=0x8][RequestType=revoke][RevokeReasonNum=0][Approval=complete] certificate status change request processed
> >
> > Listing the certificate requests for enrolling the above certificates
> > using cli.
> >    Request ID: 7
> >    Type: enrollment
> >    Request Status: complete
> >    Operation Result: success
> >    Certificate ID: 0x7
> >
> >    Request ID: 8
> >    Type: revocation
> >    Request Status: complete
> >    Operation Result: success
> >
> >    Request ID: 9
> >    Type: enrollment
> >    Request Status: complete
> >    Operation Result: success
> >    Certificate ID: 0x8
> >
> >    Request ID: 10
> >    Type: revocation
> >    Request Status: complete
> >    Operation Result: success
> >
> > --Abhishek
> >
> >
> >
> > On Thu, 2014-05-15 at 15:33 -0700, Christina Fu wrote:
> >> Hi Abhishek,
> >> The code appears to be correct, provided that the previously
> >> refactored code (which I did not review) works correctly, and it does
> >> not break the non-REST code.  Could you please
> >>
> >> 1. provide a signed audit log event for one revocation request from
> >> the cli, where it shows an actual request id and verify that it is
> >> indeed the correct request id?
> >> 2.perform one single revocation from the non-REST agent interface and
> >> then verify the same revocation log event type for log request id?
> >>
> >> thanks,
> >> Christina
> >>
> >> On 05/05/2014 03:48 AM, Abhishek Koneru wrote:
> >>
> >>> Sorry for the spam!
> >>> Please ignore the previous email.
> >>>
> >>> --Abhishek
> >>> On Mon, 2014-05-05 at 06:44 -0400, Abhishek Koneru wrote:
> >>>> Please review the patch which refactors the CertRevokeRequest class and
> >>>> removes the CertUnrevokeRequest class in Dogtag 10. Description of the
> >>>> patch:
> >>>>
> >>>> There seems to be no use of the requestID parameter in both revoke
> >>>> and unrevoke request. Removed requestID attribute in CertRevokeRequest
> >>>> remove the class CertUnrevokeRequest.
> >>>>
> >>>> Also made changes in RevocationProcesor to use the requestID of the
> >>>> request created in it.
> >>>>
> >>>> The setRequestID() is being called in the DoRevoke and DoUnRevoke
> >>>> servlets.
> >>>> Removed the call and a function auditRequesterId in both the classes.
> >>>>
> >>>> The auditRequestorId method tries to get a "requestID" stored as a INPUT
> >>>> field
> >>>> in the reasonToRequest page. The ReasonToRevoke class which generates
> >>>> this page does not set the value.
> >>>>
> >>>> * This patch is required for patch 92. The unrevoke_request method in
> >>>> CertClient on the python side will not work without this patch.
> >>>>
> >>>> --Abhishek
> >>>> _______________________________________________
> >>>> Pki-devel mailing list
> >>>> Pki-devel at redhat.com
> >>>> https://www.redhat.com/mailman/listinfo/pki-devel
> >>>
> >>> _______________________________________________
> >>> Pki-devel mailing list
> >>> Pki-devel at redhat.com
> >>> https://www.redhat.com/mailman/listinfo/pki-devel
> >> _______________________________________________
> >> Pki-devel mailing list
> >> Pki-devel at redhat.com
> >> https://www.redhat.com/mailman/listinfo/pki-devel
> >
>

More information about the Pki-devel mailing list