Bug 1474664

Summary: NPE in HttpClient utility output
Product: Red Hat Enterprise Linux 7 Reporter: Geetika Kapoor <gkapoor>
Component: pki-coreAssignee: RHCS Maintainers <rhcs-maint>
Status: CLOSED DUPLICATE QA Contact: Asha Akkiangady <aakkiang>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.4CC: cfu, mharmsen
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-31 15:29:35 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Geetika Kapoor 2017-07-25 07:05:23 UTC 
Description of problem:

NPE in HttpClient utility in below mentioned cases:

1. During cmc request if KRA is not reachable or is shutdown.
2. In case encryption is not set in KRA, so there is no common way to communicate between KRA and CA 

KRA rest info:
<KRAInfo><Attributes/><ArchivalMechanism>encrypt</ArchivalMechanism><EncryptAlgorithm>AES/CBC/PKCS5Padding</EncryptAlgorithm><RecoveryMechanism>encrypt</RecoveryMechanism><WrapAlgorithm>AES/CBC/PKCS5Padding</WrapAlgorithm></KRAInfo>

 CA rest info:
<CAInfo><Attributes/><ArchivalMechanism>encrypt</ArchivalMechanism><EncryptAlgorithm>AES/CBC/PKCS5Padding</EncryptAlgorithm><WrapAlgorithm>AES/CBC/PKCS5Padding</WrapAlgorithm></CAInfo>

3. if key wrap algorithm is not set correctly, HttpClient fails with NPE.



Version-Release number of selected component (if applicable):

pki-ca-10.4.1-11.el7.noarch

How reproducible:

always

Steps to Reproduce:
1. This can be easily reproduce by shutting down KRA subsystem and try to perform any CMC archival test case.Example: self signed
2.
3.

Actual results:

1. NPE

Expected results:


Additional info:

Failures and NPE:

[root@pki1 certs_db]# HttpClient user-signed/HttpClient-cmc-crmf.self.cfg

Total number of bytes read = 3425
after SSLSocket created, thread token is NSS FIPS 140-2 User Private Key
client cert is not null
handshake happened
writing to socket
Total number of bytes read = 234
PEhUTUw+CjxCT0RZIEJHQ09MT1I9d2hpdGU+CjxQPgpUaGUgQ2VydGlmaWNhdGUg
U3lzdGVtIGhhcyBlbmNvdW50ZXJlZCBhbiB1bnJlY292ZXJhYmxlIGVycm9yLgo8
UD4KRXJyb3IgTWVzc2FnZTo8QlI+CjxJPmphdmEubGFuZy5OdWxsUG9pbnRlckV4
Y2VwdGlvbjwvST4KPFA+ClBsZWFzZSBjb250YWN0IHlvdXIgbG9jYWwgYWRtaW5p
c3RyYXRvciBmb3IgYXNzaXN0YW5jZS4KPC9CT0RZPgo8L0hUTUw+Cg0K


The response in binary format is stored in user-signed/cmc.self.Resp

[root@pki1 certs_db]# cat user-signed/cmc.self.Resp
<HTML>
<BODY BGCOLOR=white>
<P>
The Certificate System has encountered an unrecoverable error.
<P>
Error Message:<BR>
<I>java.lang.NullPointerException</I>
<P>
Please contact your local administrator for assistance.
</BODY>
</HTML>
Comment 2 Christina Fu 2017-08-21 18:50:05 UTC 
This looks like a duplicated bug for:
https://bugzilla.redhat.com/show_bug.cgi?id=1461528
which has just been fixed.
Comment 3 Matthew Harmsen 2017-08-31 15:29:35 UTC 

*** This bug has been marked as a duplicate of bug 1461528 ***