Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 583754 - pki-silent needs an option to configure signing algorithm for CA certificates
Summary: pki-silent needs an option to configure signing algorithm for CA certificates
Keywords:
Status: CLOSED EOL
Alias: None
Product: Dogtag Certificate System
Classification: Retired
Component: Installation Wizard
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Ade Lee
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks: dogtagIPAv2
TreeView+ depends on / blocked
 
Reported: 2010-04-19 16:34 UTC by Andrew Wnuk
Modified: 2020-03-27 20:05 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-03-27 20:05:14 UTC
Embargoed:

Attachments (Terms of Use)
patch to fix (deleted)
2010-11-16 17:05 UTC, Ade Lee 		awnuk: review+
Details | Diff
pkisilent script for successful CA configuration (deleted)
2010-11-26 09:00 UTC, Kashyap Chamarthy 		no flags Details
make signing_algorithm arg optional (deleted)
2011-01-03 15:37 UTC, John Dennis 		no flags Details | Diff
View All

Description Andrew Wnuk 2010-04-19 16:34:50 UTC 
Description of problem:
pki-silent needs an option to configure signing algorithm for CA certificates.
Comment 3 Ade Lee 2010-11-16 17:05:50 UTC 
Created attachment 460884 [details]
patch to fix
Comment 4 Ade Lee 2010-11-16 17:48:34 UTC 
8.1:

[vakwetu@goofy-vm4 silent]$ svn ci -m "Bugzilla Bug 583754 - pki-silent needs an option to configure signing algorithm for CA certificates" 
Sending        silent/src/ca/ConfigureCA.java
Sending        silent/src/subca/ConfigureSubCA.java
Sending        silent/templates/pki_silent.template
Sending        silent/templates/subca_silent.template
Transmitting file data ....
Committed revision 1506.

tip: 

[vakwetu@dhcp231-121 silent]$ svn ci -m "Bugzilla Bug 583754 - pki-silent needs an option to configure signing algorithm for CA certificates"
Sending        silent/src/ca/ConfigureCA.java
Sending        silent/src/subca/ConfigureSubCA.java
Sending        silent/templates/pki_silent.template
Sending        silent/templates/subca_silent.template
Transmitting file data ....
Committed revision 1507.
Comment 5 Ade Lee 2010-11-16 17:52:50 UTC 
FYI - this submission will change the invocation of pkisilent for the configuration of a CA and subCA.

For both CA and subCA, new parameters are added:
        -signing_algorithm ${ca_signing_algorithm} \
        -signing_signingalgorithm ${ca_signing_signingalgorithm} \
        -ocsp_signing_signingalgorithm ${ca_ocsp_signing_signingalgorithm} \

For subCA, the following parameter has been removed:
        -key_algorithm

See the new templates for explanantions of the new parameters.
Comment 7 Kashyap Chamarthy 2010-11-26 09:00:39 UTC 
Created attachment 463019 [details]
pkisilent script for successful CA configuration
Comment 8 John Dennis 2010-12-24 18:05:16 UTC 
I think there may be a problem with the patch. Aren't these new signing arguments meant to be optional with a default of SHA256withRSA? As currently implemented the arg parser is demanding they be provided on the command line. A quick look at the code suggests the SHA256withRSA value will be provided as a default but the arg parser aborts the process before we get that far because it believes the argument is required. 

Required parameter -signing_algorithm is not specified.

This occurs because the string "optional" does not appear in the argument description set via parser.addOption(). (ArgParser.java line 1711).

Was it intended these arguments were meant to be required?
Comment 9 Ade Lee 2011-01-03 14:22:23 UTC 
RE comment 8: 

Agreed,  I noticed that you attached a patch to https://bugzilla.redhat.com/show_bug.cgi?id=588323. which I reviewed and approved.

I am closing this bug then, pending the application of that patch.

Make sure that the changes are checked into both 8.1 and the tip.
Comment 10 John Dennis 2011-01-03 15:37:37 UTC 
Created attachment 471495 [details]
make signing_algorithm arg optional

Actual patch which was committed. Note, this also includes documentation of the default values in the usage message.
Comment 11 John Dennis 2011-01-03 15:41:29 UTC 
dogtag commit:

Committed revision 1679

CS 8.1 commit:

Committed revision 1680
Note You need to log in before you can comment on or make changes to this bug.