#2985 pki pkcs12-cert-mod gives a success message when a non-existing nickname is provided
Closed: migrated 3 years ago by dmoluguw. Opened 5 years ago by mharmsen.

pki pkcs12-cert-mod gives a success message when a non-existing nickname is provided

Steps to Reproduce:

[root@qe-blade-09 ~]# pki pkcs12-cert-find --pkcs12-file ca.p12 --pkcs12-password-file password.txt 
---------------
6 entries found
---------------
  Certificate ID: e5265d08d36cde2bdff5caf5eeeb783d7a06b9a9
  Serial Number: 0xa
  Nickname: caSigningCert cert-pki-subca
  Subject DN: CN=Certificate Authority 1,OU=pki-subca,O=IdmqeLabEngBosRedhat Domain
  Issuer DN: CN=Certificate Authority,OU=pki-rootca,O=IdmqeLabEngBosRedhat Domain
  Has Key: true

  Certificate ID: 895682d8630ce9995ea6b7ad924b97e0424662d
  Serial Number: 0x1
  Nickname: ocspSigningCert cert-pki-subca
  Subject DN: CN=OCSP Signing Certificate 1,OU=pki-subca,O=IdmqeLabEngBosRedhat Domain
  Issuer DN: CN=Certificate Authority 1,OU=pki-subca,O=IdmqeLabEngBosRedhat Domain
  Has Key: true

  Certificate ID: c0b211501718d3e72118c0df578e1d7595f74136
  Serial Number: 0x3
  Nickname: auditSigningCert cert-pki-subca
  Subject DN: CN=CA Audit Signing Certificate 1,OU=pki-subca,O=IdmqeLabEngBosRedhat Domain
  Issuer DN: CN=Certificate Authority 1,OU=pki-subca,O=IdmqeLabEngBosRedhat Domain
  Has Key: true

  Certificate ID: da8b3c14905f88d435a55c5d9ad3c7e85b11367b
  Serial Number: 0x1
  Nickname: Certificate Authority - pki-rootca - IdmqeLabEngBosRedhat Domain
  Subject DN: CN=Certificate Authority,OU=pki-rootca,O=IdmqeLabEngBosRedhat Domain
  Issuer DN: CN=Certificate Authority,OU=pki-rootca,O=IdmqeLabEngBosRedhat Domain
  Has Key: false

  Certificate ID: f086e60c6f211bd2940b420e2ac6d3c1a8256919
  Serial Number: 0x2
  Nickname: Server-Cert cert-pki-subca
  Subject DN: CN=qe-blade-03.idmqe.lab.eng.bos.redhat.com,OU=pki-subca,O=IdmqeLabEngBosRedhat Domain
  Issuer DN: CN=Certificate Authority 1,OU=pki-subca,O=IdmqeLabEngBosRedhat Domain
  Has Key: true

  Certificate ID: 37b1e733caed07e9ef918c07aaba2c23898b1867
  Serial Number: 0xb
  Nickname: subsystemCert cert-pki-subca
  Subject DN: CN=CA Subsystem Certificate 1,OU=pki-subca,O=IdmqeLabEngBosRedhat Domain
  Issuer DN: CN=Certificate Authority,OU=pki-rootca,O=IdmqeLabEngBosRedhat Domain
  Has Key: true
[root@qe-blade-09 ~]# pki pkcs12-key-find --pkcs12-file ca.p12 --pkcs12-password-file password.txt
---------------
5 entries found
---------------
  Key ID: e5265d08d36cde2bdff5caf5eeeb783d7a06b9a9
  Subject DN: CN=Certificate Authority 1,OU=pki-subca,O=IdmqeLabEngBosRedhat Domain

  Key ID: 895682d8630ce9995ea6b7ad924b97e0424662d
  Subject DN: CN=OCSP Signing Certificate 1,OU=pki-subca,O=IdmqeLabEngBosRedhat Domain

  Key ID: c0b211501718d3e72118c0df578e1d7595f74136
  Subject DN: CN=CA Audit Signing Certificate 1,OU=pki-subca,O=IdmqeLabEngBosRedhat Domain

  Key ID: f086e60c6f211bd2940b420e2ac6d3c1a8256919
  Subject DN: CN=qe-blade-03.idmqe.lab.eng.bos.redhat.com,OU=pki-subca,O=IdmqeLabEngBosRedhat Domain

  Key ID: 37b1e733caed07e9ef918c07aaba2c23898b1867
  Subject DN: CN=CA Subsystem Certificate 1,OU=pki-subca,O=IdmqeLabEngBosRedhat Domain
[root@qe-blade-09 ~]# pki pkcs12-cert-mod "caSigningCert cert-pki-rootCA" --pkcs12-file ca.p12 --pkcs12-password-file password.txt --trust-flags "CTu,Cu,Cu"
---------------------------------------------------
Updated certificate "caSigningCert cert-pki-rootCA"
---------------------------------------------------

Expected results:

pki pkcs12-cert-mod should fail with an appropriate error message

Per 10.5.x/10.6 Triage: FUTURE

edewata: negative case

Metadata Update from @mharmsen:
- Custom field component adjusted to None
- Custom field feature adjusted to None
- Custom field origin adjusted to None
- Custom field proposedmilestone adjusted to None
- Custom field proposedpriority adjusted to None
- Custom field reviewer adjusted to None
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1537307
- Custom field type adjusted to None
- Custom field version adjusted to None

5 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/3103

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata Update from @dmoluguw:
- Issue close_status updated to: migrated
- Issue status updated to: Closed (was: Open)

3 years ago

Login to comment on this ticket.

Metadata