Project

General

Profile

Actions

Task #3208

closed

Add possibility to download PKCS12 of other user

Added by Petr Fišer over 1 year ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Roman Kučera
Target version:
Start date:
10/12/2022
Due date:
% Done:

100%

Estimated time:
24.00 h
Owner:

Description

We need functionality where an application (with access to IdM REST API) needs to download PKCS12 that belong to ordinary users.

  • Other user (application) must be able to see PKCS12 bags and status of certificates in them (valid, revoked, ...) to choose the bag for download.
  • This feature must be guarded by separate privilege in the IdM.
  • PKCS12 still remains encrypted with user-supplied password, that does not change.

If you need more details, let me know.

Actions #1

Updated by Roman Kučera over 1 year ago

  • Sprint set to Sprint 12.3-8 (Nov 09 - Nov 23)
Actions #2

Updated by Roman Kučera over 1 year ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 60
Actions #3

Updated by Roman Kučera over 1 year ago

  • % Done changed from 60 to 80

Localization added

New behavior for downloading key is:
  • You are owner of the crt, you can download - you need this new permission to
  • You have permission DOWNLOADKEY for certificate and authority which created that certificate.
Actions #4

Updated by Roman Kučera over 1 year ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Roman Kučera to Tomáš Doischer

Can you please make a review?

Actions #5

Updated by Tomáš Doischer over 1 year ago

  • Status changed from Needs feedback to In Progress
  • Assignee changed from Tomáš Doischer to Roman Kučera

LGTM, but there is a bug in the frontend where a request cannot be sent (not caused by you). Can you please look at it?

Actions #6

Updated by Roman Kučera over 1 year ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Roman Kučera to Tomáš Doischer

The issue should be fixed, request for driver without eav is working.
I don't have driver with EAV so I can't test if this works to.

Actions #7

Updated by Tomáš Doischer over 1 year ago

  • Status changed from Needs feedback to In Progress
  • Assignee changed from Tomáš Doischer to Roman Kučera
  • % Done changed from 80 to 90

Thank you for the fix. :) I don't have that driver either but I don't think this change can break anything.

LGTM, merged to develop. Before I close it, can you add a few lines to the documentation, please? This setting is not entirely obvious. After that, you can close the ticket.

Actions #8

Updated by Roman Kučera over 1 year ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Roman Kučera to Tomáš Doischer

Documentation edited https://wiki.czechidm.com/tutorial/adm/modules_crt#generate_certificate_in_gui
There is section about downloading key.

Actions #9

Updated by Tomáš Doischer over 1 year ago

  • Status changed from Needs feedback to Resolved
  • Assignee changed from Tomáš Doischer to Roman Kučera
  • % Done changed from 90 to 100

Thanks, LGTM.

Actions #10

Updated by Peter Štrunc about 1 year ago

  • Status changed from Resolved to In Progress
  • Target version set to 3.0.3
Actions #11

Updated by Peter Štrunc about 1 year ago

  • Status changed from In Progress to Closed
Actions

Also available in: Atom PDF