subject:"\[Pki\-devel\] \[pki\-devel\]\[PATCH\] 0062\-Allow\-cert\-and\-key\-indexes\-9.patch"

Re: [Pki-devel] [pki-devel][PATCH] 0062-Allow-cert-and-key-indexes-9.patch

2016-02-05 Thread John Magne

ACKED by cfu:

Pushed to master: commit 9bd94a0a54793a0720b803846ce2291e5064c2ae

Various fedora libcoolkey builds done with patch to support this, winding 
through the system.

Closing #1734.

- Original Message -
From: "Christina Fu" <c...@redhat.com>
To: pki-devel@redhat.com
Sent: Friday, February 5, 2016 4:22:40 PM
Subject: Re: [Pki-devel] [pki-devel][PATCH] 
0062-Allow-cert-and-key-indexes-9.patch

the code looks good. 
I applied the patch and upgraded my libcoolkey and played with it. I was able 
to enroll for 2 certs and "recover" 5 (makes a total of 7), and then continued 
to run externalReg enrollment again to delete one cert and recover another. 

ACK, 
Christina 

On 02/02/2016 06:46 PM, John Magne wrote: 



Subject: [PATCH] Allow cert and key indexes > 9.

Ticket: Ticket #1734 : TPS issue with overflowing PKCS#11 cert index numbers

This patch contains the following:

1. Fixes in TPS to allow the server to set and read muscle object ID's that are 
greater than 9.

The id is stored as a single ASCII byte in the object id. Previous libcoolkey 
patches exist to now support numbers
larger than 9, by the following:

0-9 is represented by the ascii chars for 0 through 9,.
10 - 35 represented by the ascii chars for 'A' through 'Z'.
36 - 61 represented by the ascii chars for 'a' through 'z'.

Once coolkey is updated it will be able to read these id's.

TPS with this patch will be able to both read number 0 - 62 and to set them 
when creating pkcs#11 objects to be stored on the token.

When the proper libcoolkey is installed, the coolkey driver will be able to 
read certs and keys with id's > 9. Thus, for instance a cert with an id of C6, 
with keys of k12, and k13, will be supported and viewable in the Firefox cert 
viewer. Also the certs will be usable for operations.

2. A fix to the routine that finds a free id number to assign to a soon to be 
recovered cert will now have the ability to find unused slots instead of just 
inrementing one over the highest currently used index.

3. Made a couple of minor cleanup fixes to externalReg functionality discovered 
during testing of this feature.

Tested up to 7 certs on the token. Also did some re-tests of cfu's cert 
retention feature and those checked. 


___
Pki-devel mailing list Pki-devel@redhat.com 
https://www.redhat.com/mailman/listinfo/pki-devel 


___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

[Pki-devel] [pki-devel][PATCH] 0062-Allow-cert-and-key-indexes-9.patch

2016-02-02 Thread John Magne

Subject: [PATCH] Allow cert and key indexes > 9.

Ticket: Ticket #1734 : TPS issue with overflowing PKCS#11 cert index numbers

This patch contains the following:

1. Fixes in TPS to allow the server to set and read muscle object ID's that are 
greater than 9.

The id is stored as a single ASCII byte in the object id. Previous libcoolkey 
patches exist to now support numbers
larger than 9, by the following:

0-9 is represented by the ascii chars for 0 through 9,.
10 - 35 represented by the ascii chars for 'A' through 'Z'.
36 - 61 represented by the ascii chars for 'a' through 'z'.

Once coolkey is updated it will be able to read these id's.

TPS with this patch will be able to both read number 0 - 62 and to set them 
when creating pkcs#11 objects to be stored on the token.

When the proper libcoolkey is installed, the coolkey driver will be able to 
read certs and keys with id's > 9. Thus, for instance a cert with an id of C6, 
with keys of k12, and k13, will be supported and viewable in the Firefox cert 
viewer. Also the certs will be usable for operations.

2. A fix to the routine that finds a free id number to assign to a soon to be 
recovered cert will now have the ability to find unused slots instead of just 
inrementing one over the highest currently used index.

3. Made a couple of minor cleanup fixes to externalReg functionality discovered 
during testing of this feature.

Tested up to 7 certs on the token. Also did some re-tests of cfu's cert 
retention feature and those checked.
From 911d7fde7a49d2f854f391ea95771b4000c8535e Mon Sep 17 00:00:00 2001
From: Jack Magne 
Date: Fri, 22 Jan 2016 18:03:36 -0800
Subject: [PATCH] Allow cert and key indexes > 9.

Ticket: Ticket #1734 : TPS issue with overflowing PKCS#11 cert index numbers

This patch contains the following:

1. Fixes in TPS to allow the server to set and read muscle object ID's that are greater than 9.

The id is stored as a single ASCII byte in the object id. Previous libcoolkey patches exist to now support numbers
larger than 9, by the following:

0-9 is represented by the ascii chars for 0 through 9,.
10 - 35 represented by the ascii chars for 'A' through 'Z'.
36 - 61 represented by the ascii chars for 'a' through 'z'.

Once coolkey is updated it will be able to read these id's.

TPS with this patch will be able to both read number 0 - 62 and to set them when creating pkcs#11 objects to be stored on the token.

When the proper libcoolkey is installed, the coolkey driver will be able to read certs and keys with id's > 9. Thus, for instance a cert with an id of C6, with keys of k12, and k13, will be supported and viewable in the Firefox cert viewer. Also the certs will be usable for operations.

2. A fix to the routine that finds a free id number to assign to a soon to be recovered cert will now have the ability to find unused slots instead of just inrementing one over the highest currently used index.

3. Made a couple of minor cleanup fixes to externalReg functionality discovered during testing of this feature.
---
 .../org/dogtagpki/server/tps/main/ObjectSpec.java  | 208 +++-
 .../org/dogtagpki/server/tps/main/PKCS11Obj.java   |  92 -
 .../server/tps/processor/CertEnrollInfo.java   |   9 +-
 .../server/tps/processor/EnrolledCertsInfo.java|   7 +
 .../server/tps/processor/TPSEnrollProcessor.java   | 213 -
 5 files changed, 380 insertions(+), 149 deletions(-)

diff --git a/base/tps/src/org/dogtagpki/server/tps/main/ObjectSpec.java b/base/tps/src/org/dogtagpki/server/tps/main/ObjectSpec.java
index a8dbdb1..00cc447 100644
--- a/base/tps/src/org/dogtagpki/server/tps/main/ObjectSpec.java
+++ b/base/tps/src/org/dogtagpki/server/tps/main/ObjectSpec.java
@@ -236,7 +236,8 @@ public class ObjectSpec {
 // down to the cert's id, the code below changes both "4" and "5" back
 // to "2".
 
-int val = (objectID.charAt(1) - '0');
+int val = objectSpec.getObjectIndex();
+
 switch (objectID.charAt(0)) {
 case 'c':
 
@@ -290,7 +291,7 @@ public class ObjectSpec {
 
 fixedAttrs = 0x0080; /* CKA_TOKEN */
 xclass = (int) PKCS11Constants.CKO_CERTIFICATE;
-id = objectID.charAt(1) - '0';
+id = objectSpec.getObjectIndex();
 
 objectSpec.setFixedAttributes(fixedAttrs | (xclass << 4) | id);
 }
@@ -453,4 +454,207 @@ public class ObjectSpec {
 return data;
 }
 
+public int getObjectIndex() {
+return ObjectSpec.getObjectIndex(this.objectID);
+}
+
+public static int getObjectIndex(long objectID) {
+char char_index = (char) ((objectID >> 16) & 0xff);
+int index = -1;
+
+if (char_index >= '0' && char_index <= '9') {
+index = char_index - '0';
+}
+if (char_index >= 'A' && char_index <= 'Z') {
+index = char_index - 'A' + 10;
+}
+if (char_index >= 'a' && char_index <= 'z') {
+

Re: [Pki-devel] [pki-devel][PATCH] 0062-Allow-cert-and-key-indexes-9.patch

[Pki-devel] [pki-devel][PATCH] 0062-Allow-cert-and-key-indexes-9.patch

2 matches

Site Navigation

Mail list logo

Footer information