#2443 Prevent deletion of host CA's keys if LWCA entry deleted
Closed: Fixed None Opened 7 years ago by ftweedal.

If authorityMonitor observes the deletion of the host CA's
authority entry, it will treat it the same as any other lightweight
CA and delete the signing cert AND KEY from the NSSDB.
Because the database is replicated, the change would be observed and
the deletion effected on all running clones almost simultaneously. Unless
the main CA private key is backed up somewhere there is no way to recover
from this.

Although this should only happen if someone does something silly to
the database, we really should do extra checks to prevent this.


Per PKI Bug Council of 08/31/2016: 10.3.6

Checked into master:

commit 68d98b63e18c5c952e0cdf3193b0ce1a5c55d5c1

Author: Fraser Tweedale <ftweedal@redhat.com>
Date:   Wed Aug 24 14:40:46 2016 +1000

    Prevent deletion of host CA cert and key from NSSDB

    If authorityMonitor observes the deletion of the host CA's authority
    entry, it will treat it the same as any other lightweight CA and
    delete the signing cert AND KEY from the NSSDB. Because the database
    is replicated, the change would be observed and deletion immediately
    effected on all running clones.  Unless the main CA private key is
    backed up somewhere there is no way to recover from this.

    Although this scenario does not arise in normal operation, the
    impact is severe so add a check that prevents cert and key deletion
    for host authority.

    Fixes: https://fedorahosted.org/pki/ticket/2443

Cherry-picked into DOGTAG_10_3_BRANCH:

From a1f225e0034d89cc011b81604439111ed725961e Mon Sep 17 00:00:00 2001
From: Fraser Tweedale ftweedal@redhat.com
Date: Wed, 24 Aug 2016 14:40:46 +1000
Subject: [PATCH 06/10] Prevent deletion of host CA cert and key from NSSDB

If authorityMonitor observes the deletion of the host CA's authority
entry, it will treat it the same as any other lightweight CA and
delete the signing cert AND KEY from the NSSDB. Because the database
is replicated, the change would be observed and deletion immediately
effected on all running clones. Unless the main CA private key is
backed up somewhere there is no way to recover from this.

Although this scenario does not arise in normal operation, the
impact is severe so add a check that prevents cert and key deletion
for host authority.

Fixes: https://fedorahosted.org/pki/ticket/2443
(cherry picked from commit 68d98b63e18c5c952e0cdf3193b0ce1a5c55d5c1)

Metadata Update from @ftweedal:
- Issue assigned to ftweedal
- Issue set to the milestone: 10.3.6

7 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/2563

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Login to comment on this ticket.

Metadata