OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [kmip] Reporting TC errors

Responses inline. Thanks for the clear feedback.

On Tue, Sep 12, 2023 at 5:13âPM ììí ìì(CSêëí) <sunho.lee@mdsit.co.kr> wrote:

I found some errors in TC and have contacted you.


TC-ASYNC-9-30, Step=2

  • 'ResultStatus', âResponsePayload' is Not founded inÂBatchItem.

<ResponseMessage>
ÂÂ<ResponseHeader>
ÂÂÂÂ<ProtocolVersion>
ÂÂÂÂÂÂ<ProtocolVersionMajorÂtype="Integer" value="3"/>
ÂÂÂÂÂÂ<ProtocolVersionMinorÂtype="Integer" value="0"/>
ÂÂÂÂ</ProtocolVersion>
ÂÂÂÂ<TimeStampÂtype="DateTime" value="$NOW"/>
ÂÂ</ResponseHeader>
ÂÂ<BatchItem>
ÂÂÂÂ<Operation type="Enumeration" value="QueryAsynchronousRequests"/>
ÂÂ</BatchItem>
</ResponseMessage>


Corrected - there should ResultStatus=Success and an empty ResponsePayloadÂ

BL-M-20-30, Step=2

  • âUniqueIdentifier' founded. The Response Payload SHALL be empty.

<ResponseMessage>
ÂÂ<ResponseHeader>
ÂÂÂÂ<ProtocolVersion>
ÂÂÂÂÂÂ<ProtocolVersionMajorÂtype="Integer" value="3"/>
ÂÂÂÂÂÂ<ProtocolVersionMinorÂtype="Integer" value="0"/>
ÂÂÂÂ</ProtocolVersion>
ÂÂÂÂ<TimeStampÂtype="DateTime" value="$NOW"/>
ÂÂÂÂ<ServerCorrelationValueÂtype="TextString" value="55EBE18E-02018A04-6"/>
ÂÂ</ResponseHeader>
ÂÂ<BatchItem>
ÂÂÂÂ<Operation type="Enumeration" value="Obliterate"/>
ÂÂÂÂ<ResultStatusÂtype="Enumeration" value="Success"/>
ÂÂÂÂ<ResponsePayload>
ÂÂÂÂÂÂ<UniqueIdentifierÂtype="Identifier" value="$UNIQUE_IDENTIFIER_0"/>
ÂÂÂÂ</ResponsePayload>
ÂÂ</BatchItem>
</ResponseMessage>



Corrected. Obliterate does not return the UniqueIdentifier value so it should not be present.

Â

TC-IMPEXP-5-30, Step=2,3

  • I thought 'KeyFormatType' should be 'X_509â.
  • âCryptographicUsageMask' Not founded. Is it okay toÂnotÂhave it?


<ResponseMessage>
ÂÂÂÂ<ResponseHeader>
ÂÂÂÂÂÂ<ProtocolVersion>
ÂÂÂÂÂÂÂÂ<ProtocolVersionMajorÂtype="Integer" value="3" />
ÂÂÂÂÂÂÂÂ<ProtocolVersionMinorÂtype="Integer" value="0" />
ÂÂÂÂÂÂ</ProtocolVersion>
ÂÂÂÂÂÂ<TimeStampÂtype="DateTime" value="$NOW" />
ÂÂÂÂÂÂ<ServerCorrelationValueÂtype="TextString" value="B0A32C55-F2D5D57D-6" />
ÂÂÂÂ</ResponseHeader>
ÂÂÂÂ<BatchItem>
ÂÂÂÂÂÂ<Operation type="Enumeration" value="Export" />
ÂÂÂÂÂÂ<ResultStatusÂtype="Enumeration" value="Success" />
ÂÂÂÂÂÂ<ResponsePayload>
ÂÂÂÂÂÂÂÂ<ObjectTypeÂtype="Enumeration" value="Certificate" />
ÂÂÂÂÂÂÂÂ<UniqueIdentifierÂtype="Identifier" value="$UNIQUE_IDENTIFIER_0" />
ÂÂÂÂÂÂÂÂ<Attributes>
ÂÂÂÂÂÂÂÂÂÂ<UniqueIdentifierÂtype="Identifier" value="$UNIQUE_IDENTIFIER_0" />
ÂÂÂÂÂÂÂÂÂÂ<ShortUniqueIdentifierÂtype="ByteString" value="$SHORT_UNIQUE_IDENTIFIER_0" />
ÂÂÂÂÂÂÂÂÂÂ<ObjectTypeÂtype="Enumeration" value="Certificate" />
ÂÂÂÂÂÂÂÂÂÂ<CryptographicAlgorithmÂtype="Enumeration" value="RSA" />
ÂÂÂÂÂÂÂÂÂÂ<CryptographicLengthÂtype="Integer" value="2048" />
ÂÂÂÂÂÂÂÂÂÂ<CertificateTypeÂtype="Enumeration" value="X_509" />
ÂÂÂÂÂÂÂÂÂÂ<CertificateLengthÂtype="Integer" value="1043" />
ÂÂÂÂÂÂÂÂÂÂ<X_509CertificateIdentifier>
ÂÂÂÂÂÂÂÂÂÂÂÂ<IssuerDistinguishedNameÂtype="ByteString" value="3062310b3009060355040613024155310b3009060355040813025350310a3008060355040713014c310a3008060355040a13014f310b3009060355040b13024f55310b300906035504031302434e3114301206092a864886f70d0109011605456d61696c" />
ÂÂÂÂÂÂÂÂÂÂÂÂ<CertificateSerialNumberÂtype="ByteString" value="020900e31cb99f91cb07ed" />
ÂÂÂÂÂÂÂÂÂÂ</X_509CertificateIdentifier>
ÂÂÂÂÂÂÂÂÂÂ<X_509CertificateSubject>
ÂÂÂÂÂÂÂÂÂÂÂÂ<SubjectDistinguishedNameÂtype="ByteString" value="3062310b3009060355040613024155310b3009060355040813025350310a3008060355040713014c310a3008060355040a13014f310b3009060355040b13024f55310b300906035504031302434e3114301206092a864886f70d0109011605456d61696c" />
ÂÂÂÂÂÂÂÂÂÂ</X_509CertificateSubject>
ÂÂÂÂÂÂÂÂÂÂ<X_509CertificateIssuer>
ÂÂÂÂÂÂÂÂÂÂÂÂ<IssuerDistinguishedNameÂtype="ByteString" value="3062310b3009060355040613024155310b3009060355040813025350310a3008060355040713014c310a3008060355040a13014f310b3009060355040b13024f55310b300906035504031302434e3114301206092a864886f70d0109011605456d61696c" />
ÂÂÂÂÂÂÂÂÂÂ</X_509CertificateIssuer>
ÂÂÂÂÂÂÂÂÂÂ<DigitalSignatureAlgorithmÂtype="Enumeration" value="SHA_256WithRSAEncryption" />
ÂÂÂÂÂÂÂÂÂÂ<Digest>
ÂÂÂÂÂÂÂÂÂÂÂÂ<HashingAlgorithmÂtype="Enumeration" value="SHA_256" />
ÂÂÂÂÂÂÂÂÂÂÂÂ<DigestValueÂtype="ByteString"
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂvalue="3610018f1b8ffb5172bef76bb81f5a56ca79a8991ea126a6b1fb6678eb758788" />
ÂÂÂÂÂÂÂÂÂÂÂÂ<KeyFormatTypeÂtype="Enumeration" value="Raw" />
ÂÂÂÂÂÂÂÂÂÂ</Digest>
ÂÂÂÂÂÂÂÂÂÂ<KeyFormatTypeÂtype="Enumeration" value="Raw" />
ÂÂÂÂÂÂÂÂÂÂ<LeaseTimeÂtype="Interval" value="3600" />
ÂÂÂÂÂÂÂÂÂÂ<InitialDateÂtype="DateTime" value="$NOW" />
ÂÂÂÂÂÂÂÂÂÂ<State type="Enumeration" value="PreActive" />
ÂÂÂÂÂÂÂÂÂÂ<LastChangeDateÂtype="DateTime" value="$NOW" />
ÂÂÂÂÂÂÂÂÂÂ<Fresh type="Boolean" value="true" />
ÂÂÂÂÂÂÂÂÂÂ<Sensitive type="Boolean" value="false" />
ÂÂÂÂÂÂÂÂÂÂ<AlwaysSensitiveÂtype="Boolean" value="false" />
ÂÂÂÂÂÂÂÂÂÂ<Extractable type="Boolean" value="true" />
ÂÂÂÂÂÂÂÂÂÂ<NeverExtractableÂtype="Boolean" value="false" />
ÂÂÂÂÂÂÂÂÂÂ<CertificateSubjectSTÂtype="TextString" value="SP" />
ÂÂÂÂÂÂÂÂÂÂ<CertificateSubjectEmailÂtype="TextString" value="Email" />
ÂÂÂÂÂÂÂÂÂÂ<CertificateSubjectCÂtype="TextString" value="AU" />
ÂÂÂÂÂÂÂÂÂÂ<CertificateSubjectLÂtype="TextString" value="L" />
ÂÂÂÂÂÂÂÂÂÂ<CertificateSubjectOÂtype="TextString" value="O" />
ÂÂÂÂÂÂÂÂÂÂ<CertificateSubjectOUÂtype="TextString" value="OU" />
ÂÂÂÂÂÂÂÂÂÂ<CertificateSubjectCNÂtype="TextString" value="CN" />
ÂÂÂÂÂÂÂÂÂÂ<CertificateIssuerSTÂtype="TextString" value="SP" />
ÂÂÂÂÂÂÂÂÂÂ<CertificateIssuerEmailÂtype="TextString" value="Email" />
ÂÂÂÂÂÂÂÂÂÂ<CertificateIssuerCÂtype="TextString" value="AU" />
ÂÂÂÂÂÂÂÂÂÂ<CertificateIssuerLÂtype="TextString" value="L" />
ÂÂÂÂÂÂÂÂÂÂ<CertificateIssuerOÂtype="TextString" value="O" />
ÂÂÂÂÂÂÂÂÂÂ<CertificateIssuerOUÂtype="TextString" value="OU" />
ÂÂÂÂÂÂÂÂÂÂ<CertificateIssuerCNÂtype="TextString" value="CN" />
ÂÂÂÂÂÂÂÂÂÂ<ObjectClassÂtype="Enumeration" value="User" />
ÂÂÂÂÂÂÂÂÂÂ<ProtectionStorageMaskÂtype="Integer" value="Software" />
ÂÂÂÂÂÂÂÂ</Attributes>
ÂÂÂÂÂÂÂÂ<Certificate>
ÂÂÂÂÂÂÂÂÂÂ<CertificateTypeÂtype="Enumeration" value="X_509" />
ÂÂÂÂÂÂÂÂÂÂ<CertificateValueÂtype="ByteString" value="3082040f308202f7a003020102020900e31cb99f91cb07ed300d06092a864886f70d01010b05003062310b3009060355040613024155310b3009060355040813025350310a3008060355040713014c310a3008060355040a13014f310b3009060355040b13024f55310b300906035504031302434e3114301206092a864886f70d0109011605456d61696c301e170d3130303530313036303831365a170d3132303433303036303831365a3062310b3009060355040613024155310b3009060355040813025350310a3008060355040713014c310a3008060355040a13014f310b3009060355040b13024f55310b300906035504031302434e3114301206092a864886f70d0109011605456d61696c30820122300d06092a864886f70d01010105000382010f003082010a0282010100e5b86a3cf3fb109c4622d94fa2883bf6d9098c95e1ba3344bcb50edbfba41741409b9b1931ad674d5164b833f1b1b84434bd8abddce2197f66539832f413cfff32e16cb7e67296525158cc58f085ef6ec87e15de0879534322f690d0766a5c4b0287daf50c5f84b9959ca19537609281ec2d2b3e626be9e94dbfc2cb3d75bd03d964e8379e2c5125817ff72dbee80d06a8d63e25842af38fa1aaf9e493a4ef436c1a3a4400cd4bbcd9d9bcf030d41290f3c3bfa829cff0fbf682453875cfc6b2ab5b6b3315c8281dc13f318aeeb0b05f81ea6042ffedd574b74043c33a11c2aaec2f4cf2a02e9dfd3417acdc43be26a1cf3de2463540cfa621e246de8879f9ef0203010001a381c73081c4301d0603551d0e041604144dd89a6ba988a08aa6f4a8ab5b532edea9338c2c3081940603551d2304818c30818980144dd89a6ba988a08aa6f4a8ab5b532edea9338c2ca166a4643062310b3009060355040613024155310b3009060355040813025350310a3008060355040713014c310a3008060355040a13014f310b3009060355040b13024f55310b300906035504031302434e3114301206092a864886f70d0109011605456d61696c820900e31cb99f91cb07ed300c0603551d13040530030101ff300d06092a864886f70d01010b05000382010100acda7b0c6df7e4f6507c0958f25f6b5e3bfb4de7a36f5c8aacf0664b2aec18ba2d5dda6ae35dfc103eadb1c39a0e4e3166c19eca4a35e96eb6092f74904e67a3a32e127a4f5dba655d16feeb260acb7b7245910e25e689074c057db1e17af58d8df303e5a1e881f72d46226863e2da9b4dc8f443cb5b5114e4c9e1867ce109b016a059a0b27ea3bf912f463e57fcf7b5237f124b787dfa74385cb97c400403e3362077749a8ffbe37cb2675e9db0278c6682b579622f6355acbf71fa968e68a78cf0d6a63a5a8cea8a9b97c8c482d91fa73ee76012e3dd8b379d5e4c132279b1d915c979c48e60e1454a2846e661d5659885c026a523bc613ab21db8b86f9096" />
ÂÂÂÂÂÂÂÂ</Certificate>
ÂÂÂÂÂÂ</ResponsePayload>
ÂÂÂÂ</BatchItem>
ÂÂ</ResponseMessage>


The Key Format Type should be Raw - it was listed as X_509 which is the Subject Public Key Information format which is not what this is - X_509 does not mean an X_509 certificate - that is communicated in the CertificateType. TheÂKey Format Type is meant to be Raw (i.e. binary).

We need to discuss Cryptographic Usage Mask - the specification notes it as mandatory within the attribute - except for Opaque Objects - but that isn't current practice - and it is also noted for "Keys" in the description and "All Objects" in the Attribute Rules.

We can easily add one in here but its value would only be able to be Verify (there is no other Cryptographic Usage Mask for a Certificate).

Â


TC-OFFSET-1-30, Step=2,3,4

  • I thought 'UniqueIdentifier.type' should be 'Identifier'.

<ResponseMessage>
ÂÂ<ResponseHeader>
ÂÂÂÂ<ProtocolVersion>
ÂÂÂÂÂÂ<ProtocolVersionMajorÂtype="Integer" value="3"/>
ÂÂÂÂÂÂ<ProtocolVersionMinorÂtype="Integer" value="0"/>
ÂÂÂÂ</ProtocolVersion>
ÂÂÂÂ<TimeStampÂtype="DateTime" value="$NOW"/>
ÂÂ</ResponseHeader>
ÂÂ<BatchItem>
ÂÂÂÂ<Operation type="Enumeration" value="Locate"/>
ÂÂÂÂ<ResultStatusÂtype="Enumeration" value="Success"/>
ÂÂÂÂ<ResponsePayload>
ÂÂÂÂÂÂ<UniqueIdentifierÂtype="Identifier" value="$UNIQUE_IDENTIFIER_4"/>
ÂÂÂÂ</ResponsePayload>
ÂÂ</BatchItem>
ÂÂ<BatchItem>
ÂÂÂÂ<Operation type="Enumeration" value="GetAttributes"/>
ÂÂÂÂ<ResultStatusÂtype="Enumeration" value="Success"/>
ÂÂÂÂ<ResponsePayload>
ÂÂÂÂÂÂ<UniqueIdentifierÂtype="Reference" value="$UNIQUE_IDENTIFIER_4"/>
ÂÂÂÂÂÂ<Attributes>
ÂÂÂÂÂÂÂÂ<Attribute>
ÂÂÂÂÂÂÂÂÂÂ<VendorIdentificationÂtype="TextString" value="x"/>
ÂÂÂÂÂÂÂÂÂÂ<AttributeNameÂtype="TextString" value="ID"/>
ÂÂÂÂÂÂÂÂÂÂ<AttributeValueÂtype="TextString" value="TC-OFFSET-1-30-key5"/>
ÂÂÂÂÂÂÂÂ</Attribute>
ÂÂÂÂÂÂ</Attributes>
ÂÂÂÂ</ResponsePayload>
ÂÂ</BatchItem>
</ResponseMessage>


It could be either in this context - but I'll change it to Identifier for consistency with the other test cases.

These updates will all be in the intext version I upload.

Thanks,
Tim.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]