Closed Bug 1791621 Opened 3 years ago Closed 2 years ago

Policy OIDs in Case 1064 contain no delimiters for the previous policies

Categories

(CA Program :: Common CA Database, task, P1)

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: kathleen.a.wilson, Assigned: poonam)

References

Details

(Whiteboard: [ccadb-bug])

Attachments

(3 files)

Last year in Case 00000786 the "Additional Policy Identifiers" field was saved as Policy OIDs separated by line feeds, e.g.
1.3.6.1.4.1.17326.1.3
1.3.6.1.4.1.17326.10.11
1.3.6.1.4.1.17326.10.14.2
1.3.6.1.4.1.17326.10.16.1
1.3.6.1.4.1.17326.10.16.2
1.3.6.1.4.1.17326.10.16.3
1.3.6.1.4.1.17326.10.16.5.1
...

This got saved to the policy document object associated with root certs as one very long OID:
1.3.6.1.4.1.17326.10.16.1.1.11.3.6.1.4.1.17326.10.16.1.1.21.3.6.1.4.1.17326.10.16.1.2.11.3.6.1.4.1.17326.10.16.1.2.21.3.6.1.4.1.17326.10.16.1.3.1.11.3.6.1.4.1.17326.10.16.1.3.1.21.3.6.1.4.1.17326.10.16.1.3.2.11.3.6.1.4.1.17326.10.16.1.3.2.21.3.6.1.4.1.17326.10.16.1.3.3.11.3.6.1.4.1.17326.10.16.1.3.3.21.3.6.1.4.1.17326.10.16.1.5.1.3.4.11.3.6.1.4.1.17326.10.16.1.5.1.3.4.21.3.6.1.4.1.1732 ...

Fortunately, this very long OID is not in the CA Owner record's list of Policy Identifiers.

I think we need to do the following:

  1. Use Case 00000786 to figure out which other checks we need to add for saving "Additional Policy Identifiers" field contents.
    e.g. change line feeds to semi-colons followed by a space

  2. Get a report of the Policy Document objects with long Policy OIDs so that we can fix them.

Show changes button

Looks like the bad Policy OID was copied over to the Policy Document associated with root certificates.

Edit popup for the policy with the bad OID -- note that the "Selected" in pick list and the free form "Additional Policy Identifiers" is empty. And the bad OID is not in the "Available" list.

Summary: Unable to Delete Policy Identifiers in Case 1064 → Policy OIDs in Case 1064 contain no delimiters for the previous policies
Product: NSS → CA Program

Bumping this Bug up to the top of our priorities, because it causes bad and non-recoverable problems for CAs when they enter a list of "Additional Policy Identifiers" without using semicolon as the delimiter.

Severity: -- → S1
Status: NEW → ASSIGNED

The code changes have been done and deployed in production. If a user enters Space, Newline, Comma, Carriage Return, it will get replaced with a semicolon and a space.

Also checked the data on CA Owner, Root Certificate, Policy Doc on Root Certificate and Policy Doc on Case records. Found one record on CA Owner with invalid text in Policy Identifiers field.

(In reply to Poonam Bhargava from comment #5)

The code changes have been done and deployed in production. If a user enters Space, Newline, Comma, Carriage Return, it will get replaced with a semicolon and a space.

Thanks!

Also checked the data on CA Owner, Root Certificate, Policy Doc on Root Certificate and Policy Doc on Case records. Found one record on CA Owner with invalid text in Policy Identifiers field.

Has the bad data in that record been fixed or deleted?

Thanks, Poonam!

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Duplicate of this bug: 1778408
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: