. '''To Software''' '''[[Software|Software]]''' - '''To Software-Assessment - ''' '''[[Software/Assessment|Software/Assessment]]''' - '''To Current Test - ''' '''[[Software/CurrentTest|Software/CurrentTest]]'''

----

= Software Current Tests - Bug 841 (Cert Login Problem) =

 ||<#00FF00> '''2011-07-06 00:00 - Bug 841 last updated''' ||

== Background Informations, Instructions, Testmatrix ==

== Testserver Links ==
   || [[Software/CurrentTest|Main Entry Info Page for Software Testers]] || [[Software/CurrentTest]] ||
   || [[http://cacert1.it-sls.de|Testserver Main Entry Page]] || [[http://cacert1.it-sls.de]] ||
   || [[https://ca-mgr1.it-sls.de/login|Testserver Mgmt System Entry Page]] || [[https://ca-mgr1.it-sls.de/login]] ||
   || [[Software/Assessment/TestserverManagementSystem|Testserver Mgmt System Docu]] || [[Software/Assessment/TestserverManagementSystem]] ||
   || [[Software/Assessment/FAQ|Testers and Developers FAQ]] || [[Software/Assessment/FAQ]] ||
   || [[https://bugs.cacert.org|Bugtracker (for reporting]] || [[https://bugs.cacert.org]] ||

== Testserver 1: http://cacert1.it-sls.de ==


<<BR>>

 || 9.1 || Patch || (!) [[https://bugs.cacert.org/view.php?id=841|Bugs # 841]] {*} {*} ||
 || 9.2 || Developer || u60 ||
 ||<^> 9.3 ||<^> Purpose of patch || 0000841: Problems on cert login with "duplicate" serial numbers ||
 ||<^> 9.4 ||<^> Patch Area || Cert Login, account matching ||
 || 9.5 || Patch Testing Requirements || Client Cert login enabled, logged in ||
 ||<^> 9.6 ||<^> Remarks || test szenario:<<BR>>1. create 1 client cert, class1 and class3<<BR>>2. Check serial number of class1 and class3 cert<<BR>>3. create more client certs for the issuer with the lesser number until number reached of other issuer<<BR>>4. continue issueing class1 and class3 certs with different user accounts, diffenrent name, different email<<BR>>5. check if dupe serial numbers created for class1 and class3 eg 10:0C = 10:0C<<BR>>6. client cert login with class1 and class3<<BR>>7. check if cert with serial number and issuer matches the cert - account relation<<BR>>[[Software/CurrentTest/bug841|Bug 841 - more infos]] ||


== Instructions and Sample Test Matrix for Software Testers ==

=== Introduction ===

The Cert Login Bug revealed a problem, that is not a real issue in the production environment, but may become one day.

The problem relates to client cert to account mapping.

 {{{
Username         Root issued Cert         Class3 issued Cert
                 serial #                 serial #

User 1           10:00 <--------------+
User 2           10:01 <-----------+  |
User 3           10:02             |  |
User 4                             |  +-> 10:00
User 5           10:03 <-------+   |
User 6                         |   +----> 10:01
User 7                         +--------> 10:03


If User 6 logs in with client certs serial number 10:01
the cert may link to the account of User 2

The same may happen if User 7 tries to cert login
with cert with serial # 10:03 (this may match with account
of User 5)
-or-
User 4 tries to login with certs serial # 10:00
and maybe linked to account of User 1
}}}

To reproduce the problem or to test if the problem is fixed, the software tester has to create as many client certs with as many usernames (different test accounts) with different issuer (issued thru class1 and/or issued from class3)

If you check your client certs you should have a couple of test certs created:
 {{{
CAcert Testserver (class1, CAcert Testserver Root)
CAcert WoT User     10:54
User Abc            10:38
User Def            10:37 <--

CAcert Testsever   (class3, CAcert Testserver Class 3)
             ^-- typo is a well known problem :)
User 4              10:49
User Fgh            10:37 <--
User 6              10:31

You can start testing with user "User Def" or "User Fgh"
}}}

=== Preliminaries ===

 1. Create different user accounts
 1. assure useraccount at least with 50 assurance points (to issue class3 certs)
 1. for each user account create at least one class1 and one class3 cert with login enabled
 1. cert login to account, check if cert an account matches (compare name, email, serno)

  * Root / Class 1 currently starts at 10:59
  * Class 3 currently starts at 10:58

          

=== Reporting ===

Report your results under:<<BR>>
 [[https://bugs.cacert.org/view.php?id=841]]<<BR>>
of each step you walk thru

 {{{
eg:
a) adding account XYZ
b) assured upto 50 points
c) issued cert class1  10:59
d) issued cert class3  10:3F
}}}

=== Additional Tests ===

Find other places for client cert -> account matching and test it



'''''Happy testing'''''


=== Certs prepared ===

 {{{
User                  Root Cert       Class3 Cert
-------               -------------   ------------
unknown.cert@w..de    10:59
unknown.cert@w..de                    10:58
unknown.cert@w..de                    10:57
 .                                      .
 .                                      .
unknown.cert@w..de                    10:3F
}}}



----
 . CategorySoftwareAssessment