This bug is created as a clone of upstream ticket:
Normally a successful CERT_REQUEST_PROCESSED event would be accompanied by a cert object, and a failed one would be accompanied by a request object.
However, the following code logs a failure with a cert object:
On May 16, 2017, cfu wrote:
If a cert has already been issued (which seems to be the case of the L642 in the above report), then as far as CertRequestProcessedEvent goes, it is supposed to be considered a SUCCESS (the cert has already been issued!!!!!);
The fact that the code is under an Exception catch clause means something else happened, and it should be dealt with outside of the CertRequestProcessedEvent.
I suggest you find out what would cause this to happen and see if it deserves any audit-worthy event to be recorded. If not, a debug message should do, since it already rethrown the exception a few lines down.
On May 17, 2017, edewata wrote:
The queue.processRequest() in line 618 is quite complex. There could be many things that could generate EBaseException, so I'll leave that to be handled by the caller in line 265.
I think the original intent of the code was to trigger a CERT_REQUEST_PROCESSED event if a new certificate was generated by queue.processRequest() regardless of the exception, so I'm moving the event trigger into a finally-clause.
Please see the following patch:
On May 17, 2017, edewata pushed these changes:
Fixed CERT_REQUEST_PROCESSED events in ConnectorServlet.
The code that generates CERT_REQUEST_PROCESSED events in ConnectorServlet.processRequest() has been moved into a finally- clause that wraps around IRequestQueue.processRequest() to ensure that the events are generated properly. If a cert was issued for the request that has just been processed the event outcome is a Success, otherwise it's a Failure. Any exception thrown by the IRequestQueue.processRequest() will be passed to the ConnectorServlet.processRequest()'s callers.
Fixed in master:
Fixed in master:
I verified this bug on pki 10.4.1-9.el7 build.
Steps I followed to verify this bug:
1. Created certificate requests.
2. After rejecting the request, in audit logs, I could see the outcome as a failure and InfoValue as null with certificate request id.
3. After the canceling the request, in audit logs, I could see the outcome as failure and InfoValue as null with certificate request id.
Verifying this bug.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
*** Bug 1446366 has been marked as a duplicate of this bug. ***