Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hide download and email if the certificate has been signed by scep request #6778

Merged
merged 9 commits into from
Jan 19, 2022
Merged

Hide download and email if the certificate has been signed by scep request #6778

merged 9 commits into from
Jan 19, 2022

Conversation

fdurand
Copy link
Member

@fdurand fdurand commented Dec 15, 2021

Description

Hide download and email if the certificate has been signed by scep request

Impacts

PKI

Delete branch after merge

YES

Checklist

  • Document the feature
  • Add unit tests
  • Add acceptance tests (TestLink)

NEWS file entries

Enhancements

  • Hide download and email for a certificate that has been signed by a scep request

@fdurand fdurand added this to the PacketFence-11.2 milestone Dec 15, 2021
@fdurand fdurand requested a review from nqb December 15, 2021 19:25
nqb
nqb suggested changes Dec 19, 2021
View reviewed changes
go/caddy/pfpki/models/models.go Outdated Show resolved Hide resolved
@nqb nqb force-pushed the fix/download_scep_certificate branch from 63ce1b3 to 6ec1582 Compare December 30, 2021 07:18
nqb
nqb suggested changes Dec 30, 2021
View reviewed changes
Copy link
Contributor

@nqb nqb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. Do we really want to prevent download of SCEP certificates from web admin ?

IMHO, we should allow admin users to download SCEP certificates from web admin because web admin doesn't display all informations of certificates (OCSP URL, key usage, etc.) and if you need these informations, you will have to look into DB.

Certificates generated through SCEP are stored in DB without private keys so it's not a problem. Perhaps we can have a "Copy Certificate" button like we have for CA certificates.

  1. Download button is still available when you click on a SCEP certificate

@fdurand fdurand force-pushed the fix/download_scep_certificate branch from 6ec1582 to b2582e5 Compare January 13, 2022 20:19
@fdurand
Copy link
Member Author

fdurand commented Jan 13, 2022

Just added a way to download the public key.
Also you need to recompile the pki in order to have the Download button removed from the admin gui.

nqb
nqb suggested changes Jan 14, 2022
View reviewed changes
Copy link
Contributor

@nqb nqb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • Existing SCEP certs will have a wrong value of scep field in DB. We need to update existing SCEP certs if we are able to distinguish them but I'm not sure it's possible.

@nqb nqb force-pushed the fix/download_scep_certificate branch from ec17f03 to 92860bd Compare January 17, 2022 06:34
@nqb
Copy link
Contributor

nqb commented Jan 17, 2022
edited
Loading

  • Existing SCEP certs will have a wrong value of scep field in DB. We need to update existing SCEP certs if we are able to distinguish them but I'm not sure it's possible.

I don't see an automated way to identify SCEP certificate in DB before.

EDIT: it means that "Download" button will be available for old SCEP certificates which can lead to confusion.

EDIT: fixed by 7153f05

@nqb
Copy link
Contributor

nqb commented Jan 18, 2022

Just did new tests:

  1. Download button is still available for SCEP certificates when you click on a SCEP certificate (not on the listing, only "Copy certificate")
  2. SCEP filter doesn't work:
    image

=> I expect to be able to select SCEP

@satkunas, could you take a look ?

@satkunas
Copy link
Contributor

Just did new tests:

  1. Download button is still available for SCEP certificates when you click on a SCEP certificate (not on the listing, only "Copy certificate")
  2. SCEP filter doesn't work:
    image

=> I expect to be able to select SCEP

@satkunas, could you take a look ?

@nqb the scep column has been pinned to ensure that the scep column is returned with each item in order to show/hide the download/email buttons. If this column is not showing up you'll need to clear your pkiCerts::defaultSearch preference.

nqb
nqb suggested changes Jan 19, 2022
View reviewed changes
db/upgrade-X.X-X.Y.sql Outdated Show resolved Hide resolved
@nqb
Copy link
Contributor

nqb commented Jan 19, 2022

Work as expected after I remove my preferences and clean my web browser cache.

@nqb nqb merged commit aa32c6d into devel Jan 19, 2022
@nqb nqb deleted the fix/download_scep_certificate branch January 19, 2022 21:24
nqb added a commit that referenced this pull request Jan 19, 2022
@nqb
news for #6778
1c0d0fb
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nqb nqb nqb requested changes

Assignees

@nqb nqb

Labels
Priority: Medium Status: For review Type: Feature / Enhancement
Projects
None yet
Milestone
PacketFence-11.2
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@fdurand @nqb @satkunas