Bug 1378517

Summary: two-step externally-signed CA installation fails due to missing AuthorityID
Product: Red Hat Enterprise Linux 7 Reporter: Matthew Harmsen <mharmsen>
Component: pki-coreAssignee: RHCS Maintainers <rhcs-maint>
Status: CLOSED DUPLICATE QA Contact: Asha Akkiangady <aakkiang>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.3Keywords: ZStream
Target Milestone: rc   
Target Release: 7.4   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-09-23 22:24:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Matthew Harmsen 2016-09-22 15:34:57 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/pki/ticket/2466

During two-step installation of externally-signed CA,
installation can fail because host authority's private key cannot
be located (a temporary condition), causing LWCA key replication
codepaths to fire, which throw a NullPointerException because the host
authority has not yet been assigned an AuthorityID.

{{{
Log file: /var/log/pki/pki-ca-spawn.20160921163609.log
Loading deployment configuration from external-step2.cfg.
Installing CA into /var/lib/pki/pki-tomcat.

Installation failed:
<!DOCTYPE html><html><head><title>Apache Tomcat/8.0.36 - Error report</title><style type="text/css">H1 {font-famil
y:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-
serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;ba
ckground-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:whi
te;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,san
s-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}.line {height: 1px; 
background-color: #525D76; border: none;}</style> </head><body><h1>HTTP Status 500 - java.lang.NullPointerExceptio
n</h1><div class="line"></div><p><b>type</b> Exception report</p><p><b>message</b> <u>java.lang.NullPointerExcepti
on</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this
 request.</u></p><p><b>exception</b></p><pre>org.jboss.resteasy.spi.UnhandledException: java.lang.NullPointerExcep
tion
        org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:77)
...
</pre><p><b>root cause</b></p><pre>java.lang.NullPointerException
        java.util.TreeMap.getEntry(TreeMap.java:347)
        java.util.TreeMap.containsKey(TreeMap.java:232)
        java.util.Collections$SynchronizedMap.containsKey(Collections.java:2578)
        com.netscape.ca.CertificateAuthority.initSigUnit(CertificateAuthority.java:1572)
        com.netscape.ca.CertificateAuthority.init(CertificateAuthority.java:525)
        com.netscape.cmscore.apps.CMSEngine.reinit(CMSEngine.java:1344)
        com.netscape.certsrv.apps.CMS.reinit(CMS.java:191)
        com.netscape.cms.servlet.csadmin.ConfigurationUtils.reInitSubsystem(ConfigurationUtils.java:2299)
        org.dogtagpki.server.rest.SystemConfigService.configure(SystemConfigService.java:181)
        org.dogtagpki.server.rest.SystemConfigService.configure(SystemConfigService.java:121)
...
</pre><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/8.0.36 logs.</u><
/p><hr class="line"><h3>Apache Tomcat/8.0.36</h3></body></html>

Please check the CA logs in /var/log/pki/pki-tomcat/ca.
}}}

Observed in pki-core-10.3.5-6.fc24; origin/DOGTAG_10_3_BRANCH
at commit 281cb00d06c34a5ea4f1393aab59b39cc2e5f168.
Comment 1 Matthew Harmsen 2016-09-23 22:24:24 UTC 

*** This bug has been marked as a duplicate of bug 1378275 ***