Closed
Bug 1404915
Opened 8 years ago
Closed 6 years ago
Modify JSON schema in certificates collections to allow OneCRL to block by subject and Public Key Hash
Categories
(Cloud Services :: Operations: Miscellaneous, task)
Cloud Services
Operations: Miscellaneous
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: mgoodwin, Unassigned)
References
Details
Attachments
(2 files)
I happened to notice that the xml schema for https://settings-writer.prod.mozaws.net/v1/buckets/staging/collections/certificates (and for the corresponding collection in the blocklists bucket) lacks the necessary attributes for revoking certificates by subject and public key.
This is supported by the client (see https://dxr.mozilla.org/mozilla-central/source/services/common/blocklist-clients.js#360) since well before the kinto mechanism - so maybe we should also modify amo2kinto accordingly.
|
Reporter | |
Comment 1•8 years ago
|
||
|
||
Comment 2•8 years ago
|
||
Do you know how the XML entry should look like for previous clients?
The current record looks like that:
<certItem issuerName="MGYxCzAJBgNVBAYTAlVTMRYwF...IC0gRzM=">
<serialNumber>L79XLVO2ZmtAu7FAG8Wmzw==</serialNumber>
</certItem>
|
|
Reporter | |
Comment 3•8 years ago
|
||
(In reply to Rémy Hubscher (:natim) from comment #2)
> Do you know how the XML entry should look like for previous clients?
yes: From the old test_cert_blocklist.js, I see:
<certItem subject='MCIxIDAeBgNVBAMMF0Fub3RoZXIgVGVzdCBFbmQtZW50aXR5' pubKeyHash='VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8='>
</certItem>
|
|
Reporter | |
Comment 4•8 years ago
|
||
The attributes for the JSON object have the same name as the XML attributes.
|
|
Reporter | |
Comment 5•8 years ago
|
||
(In reply to Mark Goodwin [:mgoodwin] from comment #3)
> (In reply to Rémy Hubscher (:natim) from comment #2)
> > Do you know how the XML entry should look like for previous clients?
> yes: From the old test_cert_blocklist.js, I see:
>
> <certItem subject='MCIxIDAeBgNVBAMMF0Fub3RoZXIgVGVzdCBFbmQtZW50aXR5'
> pubKeyHash='VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8='>
> </certItem>
https://hg.mozilla.org/mozilla-central/file/f322e65d1069/toolkit/mozapps/extensions/nsBlocklistService.js#l974 <- this client code confirms the above is correct
|
|
||
Comment 6•8 years ago
|
||
Attachment #8914350 -
Flags: review?(mgoodwin)
|
|
||
Comment 7•8 years ago
|
||
|
|
Reporter | |
Comment 8•8 years ago
|
||
Comment on attachment 8914350 [details] [diff] [review]
Schema modifications
Review of attachment 8914350 [details] [diff] [review]:
-----------------------------------------------------------------
LGTM
Attachment #8914350 -
Attachment is patch: true
Attachment #8914350 -
Attachment mime type: text/x-github-pull-request → text/plain
Attachment #8914350 -
Flags: review?(mgoodwin) → review+
|
|
Reporter | |
Updated•8 years ago
|
Summary: Modify XML schema in certificates collections to allow OneCRL to block by subject and Public Key Hash → Modify JSON schema in certificates collections to allow OneCRL to block by subject and Public Key Hash
|
|
||
Comment 9•8 years ago
|
||
This has been validated in stage and is ready for production.
|
|
||
Updated•8 years ago
|
QA Contact: mwobensmith
|
|
||
Comment 10•8 years ago
|
||
I performed updates on both new and old profiles, and I did not see any problems related to this change.
|
||
Comment 11•6 years ago
|
||
No action in a long time, closing as WONTFIX. Please reopen if this is still needed.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•