Policy OIDs in Case 1064 contain no delimiters for the previous policies
Categories
(CA Program :: Common CA Database, task, P1)
Tracking
(Not tracked)
People
(Reporter: kathleen.a.wilson, Assigned: poonam)
References
Details
(Whiteboard: [ccadb-bug])
Attachments
(3 files)
Last year in Case 00000786 the "Additional Policy Identifiers" field was saved as Policy OIDs separated by line feeds, e.g.
1.3.6.1.4.1.17326.1.3
1.3.6.1.4.1.17326.10.11
1.3.6.1.4.1.17326.10.14.2
1.3.6.1.4.1.17326.10.16.1
1.3.6.1.4.1.17326.10.16.2
1.3.6.1.4.1.17326.10.16.3
1.3.6.1.4.1.17326.10.16.5.1
...
This got saved to the policy document object associated with root certs as one very long OID:
1.3.6.1.4.1.17326.10.16.1.1.11.3.6.1.4.1.17326.10.16.1.1.21.3.6.1.4.1.17326.10.16.1.2.11.3.6.1.4.1.17326.10.16.1.2.21.3.6.1.4.1.17326.10.16.1.3.1.11.3.6.1.4.1.17326.10.16.1.3.1.21.3.6.1.4.1.17326.10.16.1.3.2.11.3.6.1.4.1.17326.10.16.1.3.2.21.3.6.1.4.1.17326.10.16.1.3.3.11.3.6.1.4.1.17326.10.16.1.3.3.21.3.6.1.4.1.17326.10.16.1.5.1.3.4.11.3.6.1.4.1.17326.10.16.1.5.1.3.4.21.3.6.1.4.1.1732 ...
Fortunately, this very long OID is not in the CA Owner record's list of Policy Identifiers.
I think we need to do the following:
-
Use Case 00000786 to figure out which other checks we need to add for saving "Additional Policy Identifiers" field contents.
e.g. change line feeds to semi-colons followed by a space -
Get a report of the Policy Document objects with long Policy OIDs so that we can fix them.
Reporter | ||
Comment 1•3 years ago
|
||
Reporter | ||
Comment 2•3 years ago
•
|
||
Show changes button
Looks like the bad Policy OID was copied over to the Policy Document associated with root certificates.
Reporter | ||
Comment 3•3 years ago
|
||
Edit popup for the policy with the bad OID -- note that the "Selected" in pick list and the free form "Additional Policy Identifiers" is empty. And the bad OID is not in the "Available" list.
Reporter | ||
Updated•3 years ago
|
Updated•3 years ago
|
Reporter | ||
Comment 4•2 years ago
|
||
Bumping this Bug up to the top of our priorities, because it causes bad and non-recoverable problems for CAs when they enter a list of "Additional Policy Identifiers" without using semicolon as the delimiter.
Reporter | ||
Updated•2 years ago
|
Assignee | ||
Comment 5•2 years ago
|
||
The code changes have been done and deployed in production. If a user enters Space, Newline, Comma, Carriage Return, it will get replaced with a semicolon and a space.
Also checked the data on CA Owner, Root Certificate, Policy Doc on Root Certificate and Policy Doc on Case records. Found one record on CA Owner with invalid text in Policy Identifiers field.
Reporter | ||
Comment 6•2 years ago
|
||
(In reply to Poonam Bhargava from comment #5)
The code changes have been done and deployed in production. If a user enters Space, Newline, Comma, Carriage Return, it will get replaced with a semicolon and a space.
Thanks!
Also checked the data on CA Owner, Root Certificate, Policy Doc on Root Certificate and Policy Doc on Case records. Found one record on CA Owner with invalid text in Policy Identifiers field.
Has the bad data in that record been fixed or deleted?
Assignee | ||
Comment 7•2 years ago
|
||
I just corrected the data for 'PostSignum' at https://ccadb.lightning.force.com/lightning/r/Account/001o000000HsrwAAAR/view
Reporter | ||
Comment 8•2 years ago
|
||
Thanks, Poonam!
Description
•