Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1358462 - pki pkcs12-cert-del shows a successfully deleted message when a wrong nickname is provided
Summary: pki pkcs12-cert-del shows a successfully deleted message when a wrong nicknam...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: pki-core
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: 7.3
Assignee: RHCS Maintainers
QA Contact: Asha Akkiangady
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-07-20 18:25 UTC by Roshni
Modified: 2016-11-04 05:26 UTC (History)
3 users (show)

Fixed In Version: pki-core-10.3.3-8.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-04 05:26:20 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:2396 normal SHIPPED_LIVE pki-core bug fix and enhancement update 2016-11-03 13:55:03 UTC

Description Roshni 2016-07-20 18:25:08 UTC
Description of problem:
pki pkcs12-cert-del shows a successfully deleted message when a wrong nickname is provided

Version-Release number of selected component (if applicable):
pki-ca-10.3.3-3.1.el7.noarch

How reproducible:
always

Steps to Reproduce:
[root@nocp1 ~]# pki -d certdb -c redhat pkcs12-cert-find --pkcs12-file ca.p12 --pkcs12-password-file password.txt
---------------
4 entries found
---------------
  Certificate ID: 3aea83b9dcbeb0df43ed5ffa4ac8e1113d8c73df
  Serial Number: 0x1
  Nickname: caSigningCert cert-pki-tomcat CA
  Subject DN: CN=CA Signing Certificate,O=idm.lab.eng.rdu2.redhat.com Security Domain
  Issuer DN: CN=CA Signing Certificate,O=idm.lab.eng.rdu2.redhat.com Security Domain
  Trust Flags: CTu,Cu,Cu
  Has Key: true

  Certificate ID: c996c15f08f30b1065c6f93479c6deb459c522d3
  Serial Number: 0x5
  Nickname: auditSigningCert cert-pki-tomcat CA
  Subject DN: CN=CA Audit Signing Certificate,O=idm.lab.eng.rdu2.redhat.com Security Domain
  Issuer DN: CN=CA Signing Certificate,O=idm.lab.eng.rdu2.redhat.com Security Domain
  Trust Flags: u,u,Pu
  Has Key: true

  Certificate ID: ad25c38a6f54cba489fdfbd236e4f9c13deacc68
  Serial Number: 0x2
  Nickname: ocspSigningCert cert-pki-tomcat CA
  Subject DN: CN=CA OCSP Signing Certificate,O=idm.lab.eng.rdu2.redhat.com Security Domain
  Issuer DN: CN=CA Signing Certificate,O=idm.lab.eng.rdu2.redhat.com Security Domain
  Trust Flags: u,u,u
  Has Key: true

  Certificate ID: 30667dde0d151d85a5dd22ef0162528b2fb40e09
  Serial Number: 0x4
  Nickname: subsystemCert cert-pki-tomcat
  Subject DN: CN=Subsystem Certificate,O=idm.lab.eng.rdu2.redhat.com Security Domain
  Issuer DN: CN=CA Signing Certificate,O=idm.lab.eng.rdu2.redhat.com Security Domain
  Trust Flags: u,u,u
  Has Key: true
[root@nocp1 ~]# pki -d certdb -c redhat pkcs12-cert-del "subsystemCert cert-pki-tomcat CA" --pkcs12-file ca.p12 --pkcs12-password-file password.txt
------------------------------------------------------
Deleted certificate "subsystemCert cert-pki-tomcat CA"
------------------------------------------------------
[root@nocp1 ~]# pki -d certdb -c redhat pkcs12-cert-find --pkcs12-file ca.p12 --pkcs12-password-file password.txt
---------------
4 entries found
---------------
  Certificate ID: 3aea83b9dcbeb0df43ed5ffa4ac8e1113d8c73df
  Serial Number: 0x1
  Nickname: caSigningCert cert-pki-tomcat CA
  Subject DN: CN=CA Signing Certificate,O=idm.lab.eng.rdu2.redhat.com Security Domain
  Issuer DN: CN=CA Signing Certificate,O=idm.lab.eng.rdu2.redhat.com Security Domain
  Trust Flags: CTu,Cu,Cu
  Has Key: true

  Certificate ID: c996c15f08f30b1065c6f93479c6deb459c522d3
  Serial Number: 0x5
  Nickname: auditSigningCert cert-pki-tomcat CA
  Subject DN: CN=CA Audit Signing Certificate,O=idm.lab.eng.rdu2.redhat.com Security Domain
  Issuer DN: CN=CA Signing Certificate,O=idm.lab.eng.rdu2.redhat.com Security Domain
  Trust Flags: u,u,Pu
  Has Key: true

  Certificate ID: ad25c38a6f54cba489fdfbd236e4f9c13deacc68
  Serial Number: 0x2
  Nickname: ocspSigningCert cert-pki-tomcat CA
  Subject DN: CN=CA OCSP Signing Certificate,O=idm.lab.eng.rdu2.redhat.com Security Domain
  Issuer DN: CN=CA Signing Certificate,O=idm.lab.eng.rdu2.redhat.com Security Domain
  Trust Flags: u,u,u
  Has Key: true

  Certificate ID: 30667dde0d151d85a5dd22ef0162528b2fb40e09
  Serial Number: 0x4
  Nickname: subsystemCert cert-pki-tomcat
  Subject DN: CN=Subsystem Certificate,O=idm.lab.eng.rdu2.redhat.com Security Domain
  Issuer DN: CN=CA Signing Certificate,O=idm.lab.eng.rdu2.redhat.com Security Domain
  Trust Flags: u,u,u
  Has Key: true

Comment 2 Matthew Harmsen 2016-07-20 20:39:25 UTC
Upstream ticket:
https://fedorahosted.org/pki/ticket/2414

Comment 3 Matthew Harmsen 2016-08-29 22:23:58 UTC
Cherry-picked to DOGTAG_10_3_RHEL_BRANCH:

commit caa7ef990bc5e45ce0aba29acb4f9ddec66e7551
Author: Geetika Kapoor <gkapoor@redhat.com>
Date:   Fri Aug 12 05:35:58 2016 -0400

    Fix for BZ 1358462
    
    (cherry picked from commit 4b48187b744f1cff2a64c4c5eb00866875a1f99d)
    (cherry picked from commit 92b6378053ef427b3a73866dbee415f7ee32d5ae)

Comment 5 Roshni 2016-09-15 13:32:31 UTC
[root@cypher ~]# rpm -qi pki-ca
Name        : pki-ca
Version     : 10.3.3
Release     : 10.el7
Architecture: noarch
Install Date: Tue 13 Sep 2016 09:58:32 AM EDT
Group       : System Environment/Daemons
Size        : 2431460
License     : GPLv2
Signature   : (none)
Source RPM  : pki-core-10.3.3-10.el7.src.rpm
Build Date  : Sat 10 Sep 2016 02:18:45 AM EDT
Build Host  : ppc-042.build.eng.bos.redhat.com
Relocations : (not relocatable)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor      : Red Hat, Inc.
URL         : http://pki.fedoraproject.org/
Summary     : Certificate System - Certificate Authority

[root@cypher ~]# pki -d certsdb -c Secret123 pkcs12-cert-find --pkcs12-file /root/.dogtag/pki-tomcat-rootCA/ca_admin_cert.p12 --pkcs12-password Secret123
---------------
1 entries found
---------------
  Certificate ID: 45d4a680fe6cbd3bd06bf28911f12fda02edab12
  Serial Number: 0x24
  Nickname: PKI Administrator for idmqe.lab.eng.bos.redhat.com
  Subject DN: CN=PKI Administrator,E=caadmin@idmqe.lab.eng.bos.redhat.com,OU=pki-tomcat-rootCA,O=idmqe.lab.eng.bos.redhat.com Security Domain
  Issuer DN: CN=Certificate Authority,OU=pki-ca,O=IdmqeLabEngBosRedhat Domain
  Has Key: true
[root@cypher ~]# pki -d certsdb -c Secret123 pkcs12-cert-del caadmin --pkcs12-file /root/.dogtag/pki-tomcat-rootCA/ca_admin_cert.p12 --pkcs12-password Secret123 
Exception: Certificate not found: caadmin

[root@cypher ~]# pki -d certsdb -c Secret123 pkcs12-cert-del "PKI Administrator for idmqe.lab.eng.bos.redhat.com" --pkcs12-file /root/.dogtag/pki-tomcat-rootCA/ca_admin_cert.p12 --pkcs12-password Secret123
------------------------------------------------------------------------
Deleted certificate "PKI Administrator for idmqe.lab.eng.bos.redhat.com"
------------------------------------------------------------------------

Comment 7 errata-xmlrpc 2016-11-04 05:26:20 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2396.html


Note You need to log in before you can comment on or make changes to this bug.