Bug 1562841
Summary: | servlet profileSubmitCMCSimple throws NPE | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Geetika Kapoor <gkapoor> | |
Component: | pki-core | Assignee: | Christina Fu <cfu> | |
Status: | CLOSED ERRATA | QA Contact: | Asha Akkiangady <aakkiang> | |
Severity: | high | Docs Contact: | ||
Priority: | high | |||
Version: | 7.5 | CC: | cfu, mharmsen, msauton | |
Target Milestone: | rc | Keywords: | TestCaseProvided, ZStream | |
Target Release: | --- | |||
Hardware: | All | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | pki-core-10.5.9-2.el7 | Doc Type: | No Doc Update | |
Doc Text: |
Previously, ProfileSubmitCMCServlet missed to handle null auth.instance_id value in the profile so it threw NullPointerException when handling CMC simple requests.
Now the problem is fixed.
|
Story Points: | --- | |
Clone Of: | ||||
: | 1574848 (view as bug list) | Environment: | ||
Last Closed: | 2018-10-30 11:05:27 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1574848 |
Description
Geetika Kapoor
2018-04-02 17:00:47 UTC
issue was caused by missing auth.instance_id in the profile. Should add that to the profile for fix. Per RHEL 7.5.z/7.6/8.0 Triage: 7.5.z cfu: Decided to keep this bug and fix the profile by adding the missing auth id. commit 203db212a3dce216687dd2aac349fe37d2e92a96 (HEAD -> DOGTAG_10_5_BRANCH, origin/DOGTAG_10_5_BRANCH, ticket-2992-simpleCMC) Author: Christina Fu <cfu> Date: Thu Apr 19 17:11:34 2018 -0700 Ticket #2992 servlet profileSubmitCMCSimple throws NPE This patch addresses the issue that when auth.instance_id is not specified in the profile, NPE is thrown. Alternative is to add auth.instance_id value, but it's better to leave this as manual approval only without changing the functionality. fixes https://pagure.io/dogtagpki/issue/2992 Change-Id: I0a3afca1c66af96917a81c94b088d792f0332a4d Suggested test procedure for QE: Please note that due to lack of the security provisions like the Full CMC requests, we should just keep the auth.instance_id value empty, which will then require a CA agent to manually approve the request. 1. Run PKCS10Client to generate a PKCS#10 request. e.g. PKCS10Client -d . -p myPass -n "cn=just me cfu, uid=cfu" -o pkcs10.req.pem 2. Run AtoB to convert the PEM file produced by PKCS10Client above to binary: AtoB pkcs10.req.pem pkcs10.req 3. Create an HttpClient file as you would normally but pay special attention to: - input : the binary request above (e.g. pkcs10.req) - clientmode : false if this is a non-agent user; (I think it suffice to just do this) - servlet=/ca/ee/ca/profileSubmitCMCSimple?profileId=caECSimpleCMCUserCert 4. run HttpClient against the HttoClient file above 5. as a CA agent, check if the reuqest shows up; 6. manually approves it and see if the cert gets issued. Please note that although technically it is possible to add auth.instance_id to the profile, as we don't want to encourage auth-approval for simnple CMC for the security reasons above, the above steps for testing should be sufficient. commit f917433fdec8516b52b7f0cbf6895b854e2d3c81 (HEAD -> master, origin/master, origin/HEAD) Author: Christina Fu <cfu> Date: Tue Jun 26 15:16:53 2018 -0700 Ticket 2992 CMC Simple request profiles and CMCResponse to support simple response This patch fixes the broken profiles resulted from https://pagure.io/dogtagpki/issue/3018. In addition, CMCResponse has been improved to handle CMC simple response. fixes https://pagure.io/dogtagpki/issue/2992 Change-Id: If72aa08f044c96e4e5bd5ed98512d2936fe0d50a Test Env: rpm -qa pki-ca pki-ca-10.5.9-5.el7.noarch For more test details, Refer https://bugzilla.redhat.com/show_bug.cgi?id=1574848 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3195 |