View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005632 | Compliance Test Tool (CTT) Unified Architecture | 1 - Script Issue | public | 2020-05-08 06:47 | 2020-06-03 17:31 |
| Reporter | Lauri Saurus | Assigned To | Alexander Allmendinger | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Product Version | 1.04.09.394 | ||||
| Fixed in Version | 1.03.341.396 | ||||
| Summary | 0005632: Security User X509 017.js: Status code Bad_UserSignatureInvalid not accepted | ||||
| Description | In test Security -> Security User X509 -> 017.js the only accepted result is Bad_IdentityTokenRejected. Our server currently returns Bad_UserSignatureInvalid. The specification states for Bad_UserSignatureInvalid: "The user token signature is missing or invalid. " I think Bad_UserSignatureInvalid should be the correct status code to return since even the test description says "Specify a valid/trusted user certificate and provide an invalid UserIdentitySignature.". | ||||
| Tags | Security | ||||
| Files Affected | |||||
| related to | 0005625 | closed | Alexander Allmendinger | Security - Security User X509 - 016-js (also 017 and 018) |
|
|
For a session that is establish with a secure channel, the Bad_UserSignatureInvalid makes sense to return, but is there is not a secure channel (none) then masking what the user error is preferred. recommend to also allow Bad_UserSignatureInvalid |
|
|
Added the Bad_UserSignatureInvalid to the Accepted Results for Security User X509 / 016, 017 and 018 |
|
|
reviewed in CMP Call |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2020-05-08 06:47 | Lauri Saurus | New Issue | |
| 2020-05-08 06:47 | Lauri Saurus | Tag Attached: Security | |
| 2020-05-08 16:13 | Paul Hunkar | Note Added: 0012041 | |
| 2020-05-08 16:13 | Paul Hunkar | Assigned To | => Alexander Allmendinger |
| 2020-05-08 16:13 | Paul Hunkar | Status | new => assigned |
| 2020-05-08 16:30 | Paul Hunkar | Relationship added | related to 0005625 |
| 2020-05-25 20:07 | Alexander Allmendinger | Status | assigned => resolved |
| 2020-05-25 20:07 | Alexander Allmendinger | Resolution | open => fixed |
| 2020-05-25 20:07 | Alexander Allmendinger | Fixed in Version | => 1.03.341.396 |
| 2020-05-25 20:07 | Alexander Allmendinger | Note Added: 0012104 | |
| 2020-06-03 17:31 | Paul Hunkar | Status | resolved => closed |
| 2020-06-03 17:31 | Paul Hunkar | Note Added: 0012173 |
