Bug 1466067 - SubjectNameDefault: improve error handling when substitutions fail
SubjectNameDefault: improve error handling when substitutions fail
Status: NEW
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: pki-core (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: RHCS Maintainers
Asha Akkiangady
: GSSTriaged
Depends On:
  Show dependency treegraph
Reported: 2017-06-28 19:27 EDT by Matthew Harmsen
Modified: 2017-09-01 11:29 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Matthew Harmsen 2017-06-28 19:27:15 EDT
When there are failed substitutions (usually due to misconfiguration of
profile), there is a somewhat cryptic `StringIndexOutOfBoundsException`:

[10/Jun/2017:12:02:16][ajp-bio-]: BasicProfile: populate() policy setid =serverCertSet          
[10/Jun/2017:12:02:16][ajp-bio-]: SubjectNameDefault: populate start                            
java.lang.StringIndexOutOfBoundsException: String index out of range: -1                                             
at java.lang.String.substring(String.java:1967)                                                                      
at com.netscape.certsrv.pattern.Pattern.substitute2(Pattern.java:132)                                                
at com.netscape.cms.profile.def.EnrollDefault.mapPattern(EnrollDefault.java:804)                                     
at com.netscape.cms.profile.def.SubjectNameDefault.populate(SubjectNameDefault.java:160)                             
at com.netscape.cms.profile.def.EnrollDefault.populate(EnrollDefault.java:224)                                       
at com.netscape.cms.profile.common.BasicProfile.populate(BasicProfile.java:1101)                                     
at com.netscape.cms.profile.common.EnrollProfile.populate(EnrollProfile.java:1330)                                   
at com.netscape.cms.servlet.cert.CertProcessor.populateRequests(CertProcessor.java:362) 

We should catch exceptions related to failed substitutions in the SubjectNameDefault (and other profile components that use this
substitution machinery) and report a better, more useful error message
to the client.

Note You need to log in before you can comment on or make changes to this bug.