Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug 2246422 ServerSideKeygen static SKID #4597

Merged
merged 1 commit into from
Nov 8, 2023
Merged

Bug 2246422 ServerSideKeygen static SKID #4597

merged 1 commit into from
Nov 8, 2023

Conversation

ladycfu
Copy link
Contributor

@ladycfu ladycfu commented Nov 1, 2023

This patch intends to address the bug where in the case of ServerSide keygen, a static SKI extension was injected as a result.

fixes https://bugzilla.redhat.com/show_bug.cgi?id=2246422

Bug 2246422 ServerSideKeygen static SKID
6081596 
This patch intends to address the bug where in the case of
ServerSide keygen, a static SKI extension was injected as
a result.

fixes https://bugzilla.redhat.com/show_bug.cgi?id=2246422
jmagne
jmagne approved these changes Nov 1, 2023
View reviewed changes
Copy link
Contributor

@jmagne jmagne left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks fine to me. Just a couple of optional suggestions about the getExtension methods and some debug statements. Consider it a soft approve as you have done before.

base/server/src/main/java/com/netscape/cmscore/cert/CertUtils.java
addExtension(name, ext, info);
}

public static Extension getExtension(String name, X509CertInfo info) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a comment here on the returning of null if the input is not valid. I guess here the caller can't distinguish whether or not the the extension was not present or that the input was bad. Would it make sense to throw an exception in the bad input case?

base/server/src/main/java/com/netscape/cmscore/cert/CertUtils.java

logger.debug("EnrollDefault: Searching for " + name + " extension");

if (exts == null) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above about the input.

base/ca/src/main/java/com/netscape/cms/profile/common/CAEnrollProfile.java

if (isSSKeygen) {
try {
String pubKeyStr = request.getExtDataInString("public_key");
if (pubKeyStr == null) {
throw new EProfileException("Server-Side Keygen enrollment failed to retrieve public_key from KRA");
}
//logger.debug(method + "pubKeyStr = " + pubKeyStr);
logger.debug(method + "pubKeyStr = " + pubKeyStr);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did we comment out this debug value for a reason?

@jmagne
Copy link
Contributor

jmagne commented Nov 8, 2023

Based on the need for a scratch build and some successful internal testing, I will check this thing in myself, so the build can take place with this fix.

@jmagne jmagne merged commit efb1aa7 into dogtagpki:v10.13 Nov 8, 2023
48 of 58 checks passed
ladycfu added a commit that referenced this pull request Nov 16, 2023
@ladycfu
Bug 2246422 ServerSideKeygen static SKID (#4597)
4e42191 
This patch intends to address the bug where in the case of
ServerSide keygen, a static SKI extension was injected as
a result.

fixes https://bugzilla.redhat.com/show_bug.cgi?id=2246422
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmagne jmagne jmagne approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ladycfu @jmagne