Issue #2486: Automatic recovery of encryption cert is not working when a token is physically damaged and a temporary token is issued - dogtagpki

dogtagpki

#2486 Automatic recovery of encryption cert is not working when a token is physically damaged and a temporary token is issued

Closed: Fixed None Opened 7 years ago by rpattath.

Automatic recovery of encryption cert is not working when a token is physically
damaged and a temporary token is issued

Steps to Reproduce:

TPS CS.cfg has the following

op.enroll.userKey.keyGen.encryption.recovery.destroyed.holdRevocationUntilLastC
redential=false
op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeCert=false
op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeCert.reason=0
op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeExpiredCerts=false
op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme=RecoverLast

2. Mark an enrolled token physically damaged, the signing cert is revoked and
encryption cert is active
3. Enroll a token for the same user

Actual results:

New encryption and signing certificates are issued for the new token

Expected results:

Encryption cert should be recovered from the old token

Additional info:

Attachment has the debug log during enrollment of the new token

Created attachment 1205264
TPS debug log during enrollment of new token

mharmsen commented 7 years ago

Per PKI Bug Council of 10/18/2016: 10.3

jmagne commented 7 years ago

Closing due to the patch for this fix:

Author: Jack Magne jmagne@dhcp-16-206.sjc.redhat.com
Date: Tue Oct 18 15:08:44 2016 -0700

 Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches

 Fixes this bug #1381375.
The portion this patch fixes involves URL encoding glitch we encountered when recovering keys using
the "by cert" method.

Also this bug addresses:

Bug 1379379 - Unable to read an encrypted email using renewed tokens
The URL encoding problem was affecting the proper verification of this bug.

and

Bug 1379749 - Automatic recovery of encryption cert is not working when a token is physically damaged and a temporary token is issued

The URI encoding was also making this bug appear to fail more than it should have.
There is also a minor fix to the feature that makes sure it works.

This small fix is in TPSEngine.java where the constant for GenerateNewAndRecoverLast scheme is declared.

Metadata Update from @rpattath:
- Issue set to the milestone: 10.3.8

7 years ago

dmoluguw commented 3 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/2606

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

major

Milestone

10.3.8

lowhangingfruit

None

reporter

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1379749

type

defect

version

None

keywords

None

estimate

None

feature

None

origin

proposedpriority

None

fixedinversion

None

platforms

None

blockedby

None

blocking

None

reviewer

None

component

TPS

proposedmilestone

None

dogtagpki

Source Code

#2486 Automatic recovery of encryption cert is not working when a token is physically damaged and a temporary token is issued Closed: Fixed None Opened 7 years ago by rpattath.

Metadata

#2486 Automatic recovery of encryption cert is not working when a token is physically damaged and a temporary token is issued

Closed: Fixed None Opened 7 years ago by rpattath.