Issue #2432: Kra-selftest behavior is not as expected - dogtagpki

dogtagpki

#2432 Kra-selftest behavior is not as expected

Closed: Fixed None Opened 7 years ago by gkapoor.

To test if we try to do find with KRA's CS.cfg it shows
"selftests.container.instance" as KRAPresence and
SystemCertsVerification but this is not shown when
we do a kra-selftest-find.

Also, in KRA selftest.log it says selftests.container.instance.KRAPresence does
not exist which is actually there in CS.cfg .Please refer below cli output's.

[root@pki1 alias]# pki -d /opt/rhqa_pki/certdb -c Secret123 -h
pki1.example.com -p 21080 -n "PKI KRA Administrator for Example.Org"
kra-selftest-find

1 entries matched

SelfTest ID: KRAPresence
Enabled at startup: false
Enabled on demand: true
Critical on demand: true

Number of entries returned 1

[root@pki1 alias]# pki -d /opt/rhqa_pki/certdb -c Secret123 -h
pki1.example.com -p 21080 -n "PKI KRA Administrator for Example.Org"
kra-selftest-run
Selftest ID: KRAPresence
Status: PASSED

Selftests completed

Steps to Reproduce:

Setup:
-----

1. stop the KRA services using systemctl stop
pki-tomcatd@topology-02-KRA.service
2. Make changes in CS.cfg

auths.revocationChecking.enabled=true
auths.revocationChecking.kra=kra
auths.revocationChecking.bufferSize=50
auths.revocationChecking.unknownStateInterval=0
auths.revocationChecking.validityInterval=120
auths.revocationChecking.url=http://pki1.example.com:20080/ca/ocsp

3. Make changes in server.xml @ /etc/pki/topology-02-KRA/server.xml

4. Import cert to KRA alias dir using:

[root@pki1 ~]# certutil -L -d /var/lib/pki/topology-02-CA/alias -n
"ocspSigningCert cert-topology-02-CA CA" -a > ocsp_signing.crt
[root@pki1 ~]# certutil -A -d /var/lib/pki/topology-02-KRA/alias/ -n
"ocspSigningCert cert-topology-02-CA CA" -t "C,," -i ocsp_signing.crt

5. Restart the KRA services using systemctl start
pki-tomcatd@topology-02-KRA.service.
==============================================================================

Actual results:

selftest.log:

0.http-bio-21443-exec-17 - [22/Jul/2016:05:02:49 EDT] [20] [1]
SelfTestSubsystem:  the self test property name
selftests.container.instance.KRAPresence does not exist
0.http-bio-21443-exec-14 - [22/Jul/2016:05:03:00 EDT] [20] [1] KRAPresence:
KRA is present


CS.cfg :

[root@pki1 alias]# grep "selftests.container.instance"
/etc/pki/topology-02-KRA/kra/CS.cfg
selftests.container.instance.KRAPresence=com.netscape.cms.selftests.kra.KRAPres
ence
selftests.container.instance.SystemCertsVerification=com.netscape.cms.selftests
.common.SystemCertsVerification

[root@pki1 alias]# grep "selftests.container.instance.KRAPresence"
/etc/pki/topology-02-KRA/kra/CS.cfg
selftests.container.instance.KRAPresence=com.netscape.cms.selftests.kra.KRAPres
ence

Expected results:

 with KRA's CS.cfg  it shows " selftests.container.instance" as KRAPresence and
SystemCertsVerification but this is not shown when we do a kra-selftest-find.
Also, in KRA selftest.log it says selftests.container.instance.KRAPresence does
not exist which is actually there in CS.cfg

mharmsen commented 7 years ago

Per CS/DS Meeting of 08/08/2016: 10.3.6

edewata commented 7 years ago

Fixed in master (10.4):

6bfee0e46aee93e1255ecb5652d46348557664d5
4001335ed5105112c64c433a26272286ecf66196

mharmsen commented 7 years ago

The following were checked in to DOGTAG_10_3_BRANCH:

commit e860276fc5889aae40beda33ea523358fbe76911
Author: Endi S. Dewata <edewata@redhat.com>
Date:   Tue Aug 16 01:43:36 2016 +0200

    Fixed SelfTestService.findSelfTests().

    The SelfTestService.findSelfTests() has been modified to return
    all selftests defined in the CS.cfg.

    https://fedorahosted.org/pki/ticket/2432
    (cherry picked from commit 4001335ed5105112c64c433a26272286ecf66196)

commit 422fc92597d80aa115efa59a592fbaf8851b243e
Author: Endi S. Dewata <edewata@redhat.com>
Date:   Tue Aug 16 00:15:15 2016 +0200

    Removed misleading log in SelfTestSubsystem.

    To avoid confusion, the isSelfTestCriticalAtStartup() and
    isSelfTestCriticalOnDemand() in SelfTestSubsystem have been
    modified to no longer log an error message if the selftest
    being checked does not exist in the corresponding property
    in CS.cfg.

    https://fedorahosted.org/pki/ticket/2432
    (cherry picked from commit 6bfee0e46aee93e1255ecb5652d46348557664d5)

Metadata Update from @gkapoor:
- Issue assigned to edewata
- Issue set to the milestone: 10.3.6

7 years ago

dmoluguw commented 3 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/2552

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata

Assignee

edewata

Tags

None

Blocking

None

Depending on

None

Priority

major

Milestone

10.3.6

lowhangingfruit

None

reporter

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1363608

type

defect

version

None

keywords

None

estimate

None

feature

None

origin

proposedpriority

None

fixedinversion

http://koji.fedoraproject.org/koji/buildinfo?buildID=793746

platforms

None

blockedby

None

blocking

None

reviewer

None

component

KRA

proposedmilestone

None

dogtagpki

Source Code

#2432 Kra-selftest behavior is not as expected Closed: Fixed None Opened 7 years ago by gkapoor.

1 entries matched

Number of entries returned 1

Selftests completed

Metadata

#2432 Kra-selftest behavior is not as expected

Closed: Fixed None Opened 7 years ago by gkapoor.