Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automatic recovery of encryption cert is not working when a token is physically damaged and a temporary token is issued #2606

Closed
pki-bot opened this issue Oct 3, 2020 · 3 comments
Closed

Automatic recovery of encryption cert is not working when a token is physically damaged and a temporary token is issued #2606

pki-bot opened this issue Oct 3, 2020 · 3 comments
Labels
Closed: Fixed
Milestone
10.3.8

Comments

@pki-bot
Copy link

pki-bot commented Oct 3, 2020

This issue was migrated from Pagure Issue #2486. Originally filed by rpattath (@rpattath) on 2016-09-28 00:51:25:

Automatic recovery of encryption cert is not working when a token is physically
damaged and a temporary token is issued

Steps to Reproduce:

TPS CS.cfg has the following

op.enroll.userKey.keyGen.encryption.recovery.destroyed.holdRevocationUntilLastC
redential=false
op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeCert=false
op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeCert.reason=0
op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeExpiredCerts=false
op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme=RecoverLast

2. Mark an enrolled token physically damaged, the signing cert is revoked and
encryption cert is active
3. Enroll a token for the same user

Actual results:

New encryption and signing certificates are issued for the new token

Expected results:

Encryption cert should be recovered from the old token

Additional info:

Attachment has the debug log during enrollment of the new token

Created attachment 1205264
TPS debug log during enrollment of new token
@pki-bot pki-bot added this to the 10.3.8 milestone Oct 3, 2020
@pki-bot
Copy link
Author

pki-bot commented Oct 3, 2020

Comment from mharmsen (@mharmsen) at 2016-10-18 23:21:54

Per PKI Bug Council of 10/18/2016: 10.3

@pki-bot pki-bot closed this as completed Oct 3, 2020
@pki-bot
Copy link
Author

pki-bot commented Oct 3, 2020

Comment from jmagne (@jmagne) at 2016-10-19 23:27:38

Closing due to the patch for this fix:

Author: Jack Magne jmagne@dhcp-16-206.sjc.redhat.com
Date: Tue Oct 18 15:08:44 2016 -0700

 Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches

 Fixes this bug 1381375.
The portion this patch fixes involves URL encoding glitch we encountered when recovering keys using
the "by cert" method.

Also this bug addresses:

Bug 1379379 - Unable to read an encrypted email using renewed tokens
The URL encoding problem was affecting the proper verification of this bug.

and

Bug 1379749 - Automatic recovery of encryption cert is not working when a token is physically damaged and a temporary token is issued

The URI encoding was also making this bug appear to fail more than it should have.
There is also a minor fix to the feature that makes sure it works.

This small fix is in TPSEngine.java where the constant for GenerateNewAndRecoverLast scheme is declared.

@pki-bot
Copy link
Author

pki-bot commented Oct 3, 2020

Comment from rpattath (@rpattath) at 2017-02-27 14:07:45

Metadata Update from @rpattath:

  • Issue set to the milestone: 10.3.8

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Closed: Fixed
Projects
None yet
Milestone
10.3.8
Development

No branches or pull requests
1 participant
@pki-bot