Bug 440546

Summary: Console CLI crashes when not prefixed with "https://"
Product: [Retired] Dogtag Certificate System Reporter: Bob Lord <blord>
Component: ConsoleAssignee: Andrew Wnuk <awnuk>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: low Docs Contact:
Priority: low    
Version: 1.0CC: benl, dpal, jgalipea, mharmsen
Target Milestone: 1.0   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-07-22 23:28:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 443788    
Attachments:
Description Flags
Proposed fix none

Description Bob Lord 2008-04-03 22:12:44 UTC
Description of problem:

The console code does not test the validity of the URL argument.  The URL
argument has to have a prefix of "https://".  If you do not use that prefix, it
will crash like this:

==
[root@lorddesktop crl_perf]# /usr/bin/pkiconsole mydesktop
Exception in thread "main" java.lang.NullPointerException
        at com.netscape.admin.certsrv.Console.main(Console.java:1667)
==

Instead, return a descriptive error message such as:
  Could not contact URL 'mydesktop'. Make sure you remember to prefix
  machine names with 'https://'.

Version-Release number of selected component (if applicable):
1.0.0

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 2 Andrew Wnuk 2008-10-13 21:11:40 UTC
Created attachment 320230 [details]
Proposed fix

Comment 4 Matthew Harmsen 2008-10-13 22:10:36 UTC
attachment (id=320230) +mharmsen

Approved with the following changes:

(1) Insert comments

+        if (protocol == null || protocol.length() == 0 ||
+            ((!protocol.equalsIgnoreCase("https")) &&
(!protocol.equalsIgnoreCase("http"))) ) {

Per our discussions, please place a comment regarding 'http' and other
protocols prior to this command.

+            System.err.println("\nIncorrect protocol"+
+                                 ((protocol != null && protocol.length() >
0)?": "+protocol:".")+
+                               "\nDefault supported protocol is 'https'.\n");
+            waitForKeyPress(); // allow the user to read the msg on Win NT
+            System.exit(1);
+        }


(2) Change order and name of 'drm' to 'kra':

+            System.err.println("\nMissing subsystems: "+sAdminURL+
+                               "\nDefault supported subsystems are 'ca', 'kra'
(DRM), 'ocsp', and 'tks'.\n");

+        if ((!path.equals("ca")) && (!path.equals("kra")) &&
+            (!path.equals("ocsp")) && (!path.equals("tks"))) {
+            System.err.println("\nWarning: Potentially incorrect subsystem:
"+path+
+                               "\n         Default supported subsystems are
'ca', 'kra' (DRM), 'ocsp', and 'tks'.\n");
+        }


(3)  Since ports differ amongst subsystems, and the new default will be port
separation, change the code to reflect this:

+        if (portNumber < 0) {
+            System.err.println("\nWarning: Unspecified port number:
"+sAdminURL+
+                               ".\n");
+        } else {
+            System.err.println("\nWarning: Attempt to connect to unknown port
number: "+sAdminURL+
+                               ".\n");
+        }

Comment 5 Andrew Wnuk 2008-10-13 22:47:44 UTC
svn commit pki/base/console/src/com/netscape/admin/certsrv/Console.java
Sending        pki/base/console/src/com/netscape/admin/certsrv/Console.java
Transmitting file data .
Committed revision 125.
svn commit pki/linux/console/pki-console.spec                                        
Sending        pki/linux/console/pki-console.spec
Transmitting file data .
Committed revision 126.

Comment 6 Jenny Severance 2009-06-12 15:35:51 UTC
verified:

[root@qe-blade-11 ~]# pkiconsole qe-blade-11.idm.lab.bos.redhat.com:9445/ca

URL error:  unknown protocol: qe-blade-11.idm.lab.bos.redhat.com