[Pki-devel] [PATCH] To fix 1358462 - pki pkcs12-cert-del shows a successfully deleted message when a wrong nickname is provided
Geetika Kapoor
gkapoor at redhat.com
Fri Aug 12 11:24:46 UTC 2016
Hello Endi ,
Here is the fix with test cases that i tested.
Thanks
Geetika
On 08/12/2016 08:50 AM, Geetika Kapoor wrote:
> Yes Endi your right .. Fix should be more generic .. I will fix it in core method and will send for review.
>
> Thanks
> Geetika
> ----- Original Message -----
> From: Endi Sukma Dewata <edewata at redhat.com>
> To: Geetika Kapoor <gkapoor at redhat.com>, pki-devel at redhat.com
> Sent: Thu, 11 Aug 2016 21:25:03 -0400 (EDT)
> Subject: Re: [Pki-devel] [PATCH] To fix 1358462 - pki pkcs12-cert-del shows a successfully deleted message when a wrong nickname is provided
>
> On 8/11/2016 4:56 AM, Geetika Kapoor wrote:
>> Hi,
>>
>> This patch fix BZ 1358462 - pki pkcs12-cert-del shows a successfully
>> deleted message when a wrong nickname is provided.
>> If we provide wrong cert nickname it gives "Certificate Nickname
>> subsystemCert cert-topology-02-CA doesn't exist" and also if cert
>> nickname doesn't exist it won't share the number of entries present.
>> If cert nickname match then only it shows how many entries exist.
>>
>> Thanks
>> Geetika
> Hi Geetika,
>
> Similar to what I mentioned to Abhijeet, I added your patch to this
> ticket to make sure it's not forgotten:
> https://fedorahosted.org/pki/ticket/2414
>
> I looked at the patch briefly, I think instead of fixing it in
> PKCS12CertRemoveCLI, it probably should be fixed in the
> PKCS12.removeCertInfoByNickname(). Basically if the cert to be deleted
> doesn't exist the method should throw an exception. The CLI then should
> catch the exception and display the error. This way the error checking
> will be done consistently regardless who calls the method.
>
> If you're going to revise the patch please attach it to this ticket.
>
> Thanks.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Fix-for-BZ-1358462.patch
Type: text/x-patch
Size: 1463 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20160812/650a7fce/attachment.bin>
-------------- next part --------------
Test cases:
----------
1. Find the certs.
[root at pki1 ~]# pki pkcs12-cert-find --pkcs12-file /tmp/test_BZ/ca.p12 --pkcs12-password-file /tmp/test_BZ/password.txt
---------------
5 entries found
---------------
Certificate ID: 8f10550112e84d196c20368492579914900732bc
Serial Number: 0x2
Nickname: ocspSigningCert cert-topology-02-CA CA
Subject DN: CN=CA OCSP Signing Certificate,O=topology-02_Foobarmaster.org
Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org
Trust Flags: u,u,u
Has Key: true
Certificate ID: 3bb6074fa6efe3d0b0e785b0366ccaacc4ca75c8
Serial Number: 0x1
Nickname: caSigningCert cert-topology-02-CA CA
Subject DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org
Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org
Trust Flags: CTu,Cu,Cu
Has Key: true
Certificate ID: 1f32ec27dbb05aa0a305011d0114513b7fd17c6b
Serial Number: 0x4
Nickname: subsystemCert cert-topology-02-CA
Subject DN: CN=Subsystem Certificate,O=topology-02_Foobarmaster.org
Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org
Trust Flags: u,u,u
Has Key: true
Certificate ID: 9bf832618b627f34ba17ed2664f5b50e4e0c9e7a
Serial Number: 0x3
Nickname: Server-Cert cert-topology-02-CA
Subject DN: CN=pki1.example.com,O=topology-02_Foobarmaster.org
Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org
Trust Flags: u,u,u
Has Key: true
Certificate ID: 2d0929b8e6e827b1f7fdf37f915b5a5b0662d42b
Serial Number: 0x5
Nickname: auditSigningCert cert-topology-02-CA CA
Subject DN: CN=CA Audit Signing Certificate,O=topology-02_Foobarmaster.org
Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org
Trust Flags: u,u,Pu
Has Key: true
2. Try to remove a cert which doesn't exist.
[root at pki1 ~]# pki pkcs12-cert-del "test" --pkcs12-file /tmp/test_BZ/ca.p12 --pkcs12-password-file /tmp/test_BZ/password.txt
Warning : Certificate Nickname test doesn't exist
3. Make sure all 5 entries exist.
[root at pki1 ~]# pki pkcs12-cert-find --pkcs12-file /tmp/test_BZ/ca.p12 --pkcs12-password-file /tmp/test_BZ/password.txt
---------------
5 entries found
---------------
Certificate ID: 8f10550112e84d196c20368492579914900732bc
Serial Number: 0x2
Nickname: ocspSigningCert cert-topology-02-CA CA
Subject DN: CN=CA OCSP Signing Certificate,O=topology-02_Foobarmaster.org
Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org
Trust Flags: u,u,u
Has Key: true
Certificate ID: 3bb6074fa6efe3d0b0e785b0366ccaacc4ca75c8
Serial Number: 0x1
Nickname: caSigningCert cert-topology-02-CA CA
Subject DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org
Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org
Trust Flags: CTu,Cu,Cu
Has Key: true
Certificate ID: 1f32ec27dbb05aa0a305011d0114513b7fd17c6b
Serial Number: 0x4
Nickname: subsystemCert cert-topology-02-CA
Subject DN: CN=Subsystem Certificate,O=topology-02_Foobarmaster.org
Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org
Trust Flags: u,u,u
Has Key: true
Certificate ID: 9bf832618b627f34ba17ed2664f5b50e4e0c9e7a
Serial Number: 0x3
Nickname: Server-Cert cert-topology-02-CA
Subject DN: CN=pki1.example.com,O=topology-02_Foobarmaster.org
Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org
Trust Flags: u,u,u
Has Key: true
Certificate ID: 2d0929b8e6e827b1f7fdf37f915b5a5b0662d42b
Serial Number: 0x5
Nickname: auditSigningCert cert-topology-02-CA CA
Subject DN: CN=CA Audit Signing Certificate,O=topology-02_Foobarmaster.org
Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org
Trust Flags: u,u,Pu
4. Remove a valid cert and make sure now 4 entries left.
root at pki1 ~]# pki pkcs12-cert-del "auditSigningCert cert-topology-02-CA CA" --pkcs12-file /tmp/test_BZ/ca.p12 --pkcs12-password-file /tmp/test_BZ/password.txt
-------------------------------------------------------------
Deleted certificate "auditSigningCert cert-topology-02-CA CA"
-------------------------------------------------------------
5. Now check number of certs again.Make sure only one deleted.
[root at pki1 ~]# pki pkcs12-cert-find --pkcs12-file /tmp/test_BZ/ca.p12 --pkcs12-password-file /tmp/test_BZ/password.txt
---------------
4 entries found
---------------
Certificate ID: 8f10550112e84d196c20368492579914900732bc
Serial Number: 0x2
Nickname: ocspSigningCert cert-topology-02-CA CA
Subject DN: CN=CA OCSP Signing Certificate,O=topology-02_Foobarmaster.org
Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org
Trust Flags: u,u,u
Has Key: true
Certificate ID: 3bb6074fa6efe3d0b0e785b0366ccaacc4ca75c8
Serial Number: 0x1
Nickname: caSigningCert cert-topology-02-CA CA
Subject DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org
Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org
Trust Flags: CTu,Cu,Cu
Has Key: true
Certificate ID: 1f32ec27dbb05aa0a305011d0114513b7fd17c6b
Serial Number: 0x4
Nickname: subsystemCert cert-topology-02-CA
Subject DN: CN=Subsystem Certificate,O=topology-02_Foobarmaster.org
Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org
Trust Flags: u,u,u
Has Key: true
Certificate ID: 9bf832618b627f34ba17ed2664f5b50e4e0c9e7a
Serial Number: 0x3
Nickname: Server-Cert cert-topology-02-CA
Subject DN: CN=pki1.example.com,O=topology-02_Foobarmaster.org
Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org
Trust Flags: u,u,u
Has Key: true
6. try to remove an empty cert.
[root at pki1 ~]# pki pkcs12-cert-del --pkcs12-file /tmp/test_BZ/ca.p12 --pkcs12-password-file /tmp/test_BZ/password.txt
Error: Missing certificate nickname.
usage: pkcs12-cert-del <nickname> [OPTIONS...]
--debug Run in debug mode.
--help Show help options
--pkcs12-file <path> PKCS #12 file
--pkcs12-password <password> PKCS #12 password
--pkcs12-password-file <path> PKCS #12 password file
-v,--verbose Run in verbose mode.
More information about the Pki-devel
mailing list