View Issue Details

IDProjectCategoryView StatusLast Update
0005632Compliance Test Tool (CTT) Unified Architecture1 - Script Issuepublic2020-06-03 17:31
ReporterLauri Saurus Assigned ToAlexander Allmendinger  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version1.04.09.394 
Fixed in Version1.03.341.396 
Summary0005632: Security User X509 017.js: Status code Bad_UserSignatureInvalid not accepted
Description

In test Security -> Security User X509 -> 017.js the only accepted result is Bad_IdentityTokenRejected. Our server currently returns Bad_UserSignatureInvalid. The specification states for Bad_UserSignatureInvalid: "The user token signature is missing or invalid. " I think Bad_UserSignatureInvalid should be the correct status code to return since even the test description says "Specify a valid/trusted user certificate and provide an invalid UserIdentitySignature.".

TagsSecurity
Files Affected

Relationships

related to 0005625 closedAlexander Allmendinger Security - Security User X509 - 016-js (also 017 and 018) 

Activities

Paul Hunkar

2020-05-08 16:13

administrator   ~0012041

For a session that is establish with a secure channel, the Bad_UserSignatureInvalid makes sense to return, but is there is not a secure channel (none) then masking what the user error is preferred.

recommend to also allow Bad_UserSignatureInvalid

Alexander Allmendinger

2020-05-25 20:07

developer   ~0012104

Added the Bad_UserSignatureInvalid to the Accepted Results for Security User X509 / 016, 017 and 018

Paul Hunkar

2020-06-03 17:31

administrator   ~0012173

reviewed in CMP Call

Issue History

Date Modified Username Field Change
2020-05-08 06:47 Lauri Saurus New Issue
2020-05-08 06:47 Lauri Saurus Tag Attached: Security
2020-05-08 16:13 Paul Hunkar Note Added: 0012041
2020-05-08 16:13 Paul Hunkar Assigned To => Alexander Allmendinger
2020-05-08 16:13 Paul Hunkar Status new => assigned
2020-05-08 16:30 Paul Hunkar Relationship added related to 0005625
2020-05-25 20:07 Alexander Allmendinger Status assigned => resolved
2020-05-25 20:07 Alexander Allmendinger Resolution open => fixed
2020-05-25 20:07 Alexander Allmendinger Fixed in Version => 1.03.341.396
2020-05-25 20:07 Alexander Allmendinger Note Added: 0012104
2020-06-03 17:31 Paul Hunkar Status resolved => closed
2020-06-03 17:31 Paul Hunkar Note Added: 0012173