Bug 553423

Summary: displayBySerial returns a cryptic error if an unknown serial number is requested
Product: [Retired] Dogtag Certificate System Reporter: Rob Crittenden <rcritten>
Component: CAAssignee: Christina Fu <cfu>
Status: CLOSED EOL QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: urgent    
Version: 1.3CC: aakkiang, dpal, jgalipea, mharmsen
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-27 20:09:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 541012    
Attachments:
Description Flags
proposed fix none

Description Rob Crittenden 2010-01-07 20:44:17 UTC 
Description of problem:

Seen in IPA where you can request specific certificates based only on serial number:

$ ipa cert-get 99
ipa: ERROR: Certificate operation cannot be completed: EXCEPTION (LDAP operation failure - cn=99,ou=certificateRepository, ou=ca, o=ipaca netscape.ldap.LDAPException: error result (32); matchedDN = ou=certificaterepository,ou=ca,o=ipaca)

This LDAP exception should be mapped to a dogtag-specific error message indicating unknown serial number.

Version-Release number of selected component (if applicable):

pki-ca-1.3.0-6.fc12.noarch
Comment 2 Andrew Wnuk 2010-01-15 21:38:02 UTC 
*** Bug 553121 has been marked as a duplicate of this bug. ***
Comment 4 Andrew Wnuk 2010-04-27 00:14:03 UTC 
Created attachment 409320 [details]
proposed fix
Comment 5 Matthew Harmsen 2010-04-27 00:20:57 UTC 
attachment (id=409320) +mharmsen
REMINDER: fix spec file + include new file
Comment 6 Andrew Wnuk 2010-04-27 00:32:10 UTC 
svn add pki/base/common/src/com/netscape/certsrv/dbs/EDBRecordNotFoundException.java
A         pki/base/common/src/com/netscape/certsrv/dbs/EDBRecordNotFoundException.java

svn commit pki/base/common/src/com/netscape/certsrv/dbs/EDBRecordNotFoundException.java
Adding         pki/base/common/src/com/netscape/certsrv/dbs/EDBRecordNotFoundException.java
Transmitting file data .
Committed revision 1084.

svn commit pki/dogtag/common/pki-common.spec 
Sending        pki/dogtag/common/pki-common.spec
Transmitting file data .
Committed revision 1085.

svn commit pki/base/common/src/com/netscape/cmscore/dbs/DBSSession.java
Sending        pki/base/common/src/com/netscape/cmscore/dbs/DBSSession.java
Transmitting file data .
Committed revision 1086.

svn commit pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java
Sending        pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java
Transmitting file data .
Committed revision 1087.


svn commit pki/base/common/src/LogMessages_en.properties
Sending        pki/base/common/src/LogMessages_en.properties
Transmitting file data .
Committed revision 1088.

svn commit pki/base/common/src/UserMessages_en.properties
Sending        pki/base/common/src/UserMessages_en.properties
Transmitting file data .
Committed revision 1089.
Comment 8 Andrew Wnuk 2010-05-11 23:50:07 UTC 
*** Bug 489380 has been marked as a duplicate of this bug. ***
Comment 9 Asha Akkiangady 2010-05-12 16:06:53 UTC 
Tested this by sending agent and ee interface requests with a non-existing serial number. Example:
Agent interface: https://<host-name>:9443/ca/agent/ca/displayBySerial?op=displayBySerial&serialNumber=0xFFDDEE
EE interface: http://<host-name>:9180/ca/ee/ca/displayBySerial?op=displayBySerial&serialNumber=0xFFDDEE

Server responds with a valid error message "Certificate serial number 0xffddee not found".


Marking the bug verified.