Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-6840

PeerPublisher and PeerSyncTask to only publish required data for OCSP responder to work if a leaf certificate is published (Tests)

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: PKI core, Protocols
    • Labels:
      None

      Description

      Unit tests:

      Re-factor and extend unit tests concerned by PeerPublisher certificate publishing to reflect the new functionality for 'dontStoreCertificateMetadata' in:

      • PeerConnectionsTest.checkSyncTest
      • PeerConnectionsTest.testPublishCertificate

      Make sure that the existing functionality is not affected by code changes of the epics implementation tasks and the new functionality is called; and that the excluded or
      replaced data is handled properly on the receiving VAs instance.

       

      Regression tests:

      Set up test configuration as described in ECAQA-131.

      Run the following test cases with TestOCSP_EE and TestOCSP_EE_2 users and the option 'don't store certificate meta data except for CA and OCSP signing certificates:' in the peer systems data synchronzation view enabled and disabled:

      A: User certificate issuance and revocation with data synchronzation of the peer system:

      1. Create P12 file for TestOCSP_EE and TestOCSP_EE_2 users, note the certificate serial numbers (SN).
      2. Send OCSP request with SN to the CA (status: good)
      3. Send OCSP request with SN to the OCSP (status: unkown)
      4. Run data synchronzation with option enabled/disabled.
      5. Send OCSP request with SN to both instances (status: good)
      6. Check that values to be hidden because of GDPR were or were not transmitted (see server log and DB result sets.)
      7. Revoke user certificates with SN.
      8. Send OCSP request with SN to the CA (status: revoked)
      9. Send OCSP request with SN to the OCSP (status: good)
      10. Run data synchronzation with option enabled/disabled again.
      11. Send OCSP request with SN to both instances (status: revoked)
      12. Check that values to be hidden because of GDPR were or were not transmitted (see server log and DB result sets.)

       

        Attachments

          Activity

            People

            Assignee:
            anjakobs Andres Jakobs
            Reporter:
            anjakobs Andres Jakobs
            Verified by:
            Henrik Sunmark
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 4 hours
                4h
                Remaining:
                Time Spent - 30 minutes Remaining Estimate - 3 hours, 30 minutes
                3h 30m
                Logged:
                Time Spent - 30 minutes Remaining Estimate - 3 hours, 30 minutes
                30m