Bug 1854043
| Summary: | /usr/bin/PrettyPrintCert is failing with a ClassNotFoundException | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Sumedh Sidhaye <ssidhaye> |
| Component: | pki-core | Assignee: | Alex Scheel <ascheel> |
| Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 8.3 | CC: | aakkiang, ascheel, cpinjani, edewata, ksiddiqu, rcritten, tscherf |
| Target Milestone: | rc | Keywords: | Regression |
| Target Release: | 8.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | pki-core-10.6-8030020200806183337.5ff1562f | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-11-04 03:15:45 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Sumedh Sidhaye
2020-07-06 07:47:54 UTC
I was able to reproduce it on a RHEL 8.3 machine. This is a bug: https://github.com/dogtagpki/pki/pull/497 Asha, could I get qa_ack+? qa_ack provided. Fix checked in upstream:
commit 9da92ed353f7466e9f49679b9ab66c8ab6767217
Author: Alexander Scheel <ascheel>
Date: Mon Jul 27 09:48:02 2020 -0400
Move PrettyPrint{Cert,Crl} to PKI_LIB classpath
JDK since v1.6 supports passing a directory with a glob (*) after it to
include all JARs in that given directory on the classpath. That is the
mechanism used by pki_java_command_wrapper.in which we should reuse for
the two CLIs which don't use that wrapper.
Resolves: rh-bz#1854043
Signed-off-by: Alexander Scheel <ascheel>
Tested on:
[root@pki1 test_dir]# rpm -qa | grep pki-tools
pki-tools-10.9.1-1.module+el8.3.0+7594+3661a26e.x86_64
[root@pki1 test_dir]# rpm -qa | grep -i slf4j
slf4j-1.7.25-4.module+el8+2452+b359bfcd.noarch
slf4j-jdk14-1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch
Test Procedure:
Run PrettyPrintCert on single certificates, not chains of certificates.
Proof of concept:
[root@pki1 ~]# /usr/bin/PrettyPrintCert /tmp/test_dir/ocsp_signing.crt
Certificate:
Data:
Version: v3
Serial Number: 0x2
Signature Algorithm: SHA512withRSA - 1.2.840.113549.1.1.13
Issuer: CN=CA Signing Certificate,OU=topology-02-CA,O=topology-02_Foobarmaster.org
Validity:
Not Before: Thursday, August 13, 2020 10:54:12 AM EDT America/New_York
Not After: Wednesday, August 3, 2022 10:54:12 AM EDT America/New_York
Subject: CN=CA OCSP Signing Certificate,OU=topology-02-CA,O=topology-02_Foobarmaster.org
Subject Public Key Info:
Algorithm: RSA - 1.2.840.113549.1.1.1
Public Key:
Exponent: 65537
Public Key Modulus: (2048 bits) :
B4:87:FA:C6:46:56:D8:E8:2B:20:1F:D8:81:5F:BE:BF:
53:8B:07:94:E8:F5:96:FD:FF:36:04:19:BF:EE:BC:9B:
C0:50:28:61:B5:B1:AF:39:12:78:96:FB:0F:B3:77:B0:
11:07:EA:B3:F7:FF:E4:0A:EC:77:80:FA:6C:63:81:A5:
85:8F:E0:35:0D:F3:D2:88:59:A9:EE:E2:AE:A3:FA:E4:
E2:6A:26:11:01:BC:79:57:23:42:D0:AE:90:CB:B6:12:
50:5B:F3:2F:73:B6:F0:9B:FE:4D:31:42:0A:06:50:8D:
1F:39:9B:52:D9:81:81:CC:C5:6D:4D:90:3D:F8:08:63:
4C:24:B9:45:B6:2E:7F:35:A4:AE:35:8F:C0:C0:46:7F:
2C:A3:6B:C8:F7:45:E4:21:E0:99:39:20:7E:28:73:9E:
C2:A7:CB:FB:8E:FC:AF:07:3E:95:9F:A5:B2:BF:81:07:
FF:6C:A8:96:BB:AA:98:A8:FB:D9:BF:C1:F3:64:1F:8E:
15:B4:90:C6:4D:F1:D9:7A:AF:A1:AB:E8:7A:35:2B:54:
32:75:3B:36:E7:77:FE:CD:06:F8:AA:41:ED:B2:63:42:
9E:89:B0:84:4C:99:48:9C:13:96:B9:3F:00:B7:D9:C7:
69:DE:7E:30:05:07:18:85:9C:53:A2:F3:89:F6:A6:6D
Extensions:
Identifier: Authority Key Identifier - 2.5.29.35
Critical: no
Key Identifier:
A1:F6:F6:2C:E6:F9:8E:8F:22:CC:B7:DC:99:5B:70:D0:
46:25:93:8F
Identifier: 1.3.6.1.5.5.7.1.1
Critical: no
Value:
30:33:30:31:06:08:2B:06:01:05:05:07:30:01:86:25:
68:74:74:70:3A:2F:2F:70:6B:69:31:2E:65:78:61:6D:
70:6C:65:2E:63:6F:6D:3A:32:30:30:38:30:2F:63:61:
2F:6F:63:73:70
Identifier: Extended Key Usage: - 2.5.29.37
Critical: no
Extended Key Usage:
OCSPSigning
Identifier: 1.3.6.1.5.5.7.48.1.5
Critical: no
Value:
05:00
Signature:
Algorithm: SHA512withRSA - 1.2.840.113549.1.1.13
Signature:
54:67:24:28:1A:75:22:1F:2D:A6:0F:F3:59:B9:E6:1B:
19:9A:88:CE:27:12:ED:7A:75:84:E3:ED:F2:0E:16:C5:
6B:D1:17:DB:FA:F3:C5:E0:BD:D6:D4:A3:D6:14:DC:D2:
46:B0:5C:F0:15:20:B7:F7:0B:DF:F4:16:EA:DB:17:68:
67:A3:AF:A2:0A:B5:88:22:F7:89:5C:0F:2C:00:C3:01:
5D:7C:FE:0A:2D:8B:B4:8C:14:D4:4D:8B:F2:05:C7:24:
CE:A7:F4:80:E2:61:B3:9B:12:9A:82:BE:A0:FE:92:6E:
AE:8F:71:0E:DF:A7:6F:13:8C:FC:A5:FF:34:FD:F0:80:
D0:91:6B:9D:CB:74:95:AD:96:EE:4B:52:56:EE:6E:CB:
CB:30:0F:0B:9B:83:A2:39:2C:A1:3C:EA:0D:FB:D8:6E:
A2:C7:EE:D0:B9:6C:7A:2E:C9:44:71:D7:59:C5:D4:ED:
84:11:90:52:E3:0C:5C:A1:F5:DC:A8:76:AC:25:87:76:
99:E1:C6:E0:B4:2E:7F:37:3F:68:E0:84:75:19:85:6D:
F8:17:8E:C6:87:6B:D2:D2:E8:A7:BD:91:93:17:19:02:
FF:40:1F:75:E0:91:EB:86:0A:A4:E4:43:85:8D:28:F6:
2F:20:60:3E:D9:A7:B1:99:90:04:06:3D:EF:4C:C0:DD
FingerPrint
MD2:
C0:3E:E5:25:B2:29:27:81:6A:A3:4B:0D:BD:6A:B1:DF
MD5:
A0:C3:B4:BD:6D:77:F3:C3:91:B1:52:92:C8:33:D0:73
SHA-1:
BA:CF:68:F1:B6:BA:A8:5A:8D:D0:79:80:2A:6C:87:41:
B1:D3:68:3D
SHA-256:
36:60:F7:48:95:8B:C6:3D:37:B8:54:B9:A5:B4:99:BF:
94:B4:7E:E1:81:6E:E9:78:15:21:93:E3:44:25:6E:09
SHA-512:
45:AA:F0:D0:96:AB:85:81:AA:E0:19:3C:C0:26:97:85:
22:44:C1:AA:80:D4:E7:78:C5:31:CD:EB:97:C1:2F:A0:
91:59:89:7B:2A:E6:DC:C0:15:B9:2F:5B:EF:8D:91:23:
46:03:80:44:64:61:A5:93:F5:A5:A3:BF:AA:0E:B1:43
[root@pki1 test_dir]# grep BEGIN /tmp/test_dir/ocsp_signing.crt | wc -l
1
Hence, Marking this Bugzilla verified.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:4847 |