Bug 1744095
| Summary: | CMCResponse is not working as expected | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Geetika Kapoor <gkapoor> |
| Component: | pki-core | Assignee: | Christina Fu <cfu> |
| Status: | CLOSED ERRATA | QA Contact: | PKI QE <bugzilla-pkiqe> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 8.1 | CC: | cfu, mharmsen |
| Target Milestone: | rc | Keywords: | Regression, TestCaseProvided |
| Target Release: | 8.0 | Flags: | cfu:
mirror+
|
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-04-28 15:45:17 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Geetika Kapoor
2019-08-21 10:29:34 UTC
Fixed on master:
commit 9b42819779925192788e5c93fc46719e96a0978b (HEAD -> master, origin/master, origin/HEAD)
Author: Christina Fu <cfu.redhat.com>
Date: Mon Sep 16 10:51:12 2019 -0700
Bug 1744095 - CMCResponse is not working as expected
This patch fixes the issue that HttpClient extracting less bytes than
the actual data size from the HTTP response.
My investigation shows that there used to be 6 lines of headers, and
now it's down to 5.
The fix is to default to 5, but add an unadvertised numHeaderLines
that allows one to customize in case the server changes again.
It is limited to the range of 1 - 56
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1744095
Test procedure: The issue is with HttpClient, not on CMCResponse, so tests don't necessarily have to be with CMC. Any existing QE test cases that use HttpClient would do. Test Environment:
================
# rpm -qa pki-* jss*
pki-tools-10.8.0-0.5.module+el8.2.0+5469+26e16009.x86_64
pki-base-10.8.0-0.5.module+el8.2.0+5469+26e16009.noarch
pki-symkey-10.8.0-0.5.module+el8.2.0+5469+26e16009.x86_64
pki-base-java-10.8.0-0.5.module+el8.2.0+5469+26e16009.noarch
pki-servlet-engine-9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch
pki-server-10.8.0-0.5.module+el8.2.0+5469+26e16009.noarch
pki-kra-10.8.0-0.5.module+el8.2.0+5469+26e16009.noarch
jss-4.6.2-2.module+el8.2.0+4573+c3c38c7b.x86_64
pki-servlet-4.0-api-9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch
pki-ca-10.8.0-0.5.module+el8.2.0+5469+26e16009.noarch
Test Case :
==========
1. Run script mentioned in QA whiteboard.
2. Check CMCResponse.
# CMCResponse -v -i /tmp/cmc_response.crt -o /tmp/cmc_response_pkcs7.crt
Cert:0
MIIDsjCCApqgAwIBAgIBDTANBgkqhkiG9w0BAQ0FADBhMSUwIwYDVQQKDBx0b3Bv
bG9neS0wM19Gb29iYXJtYXN0ZXIub3JnMRcwFQYDVQQLDA50b3BvbG9neS0wMy1D
QTEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yMDAyMDUwODUx
MjZaFw0yMDA4MDMwNzUxMjZaMD8xEjAQBgNVBAoTCVRlc3QgQ2VydDEXMBUGCgmS
JomT8ixkAQETB1RFc1RpbkcxEDAOBgNVBAMTB1Rlc3RpbmcwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCvCjHRW9vygPw9qlmNcUCb4t2vBZEy3YI7tl0M
XCoSnnt/mwcMsu5JrU7hPrhDdWgmCZat9n6o1Crz1uHh5ttHpH8t/ECXzxAPrYS4
J+P4dOkv0dbO8NDMIT01yb/PHIHju7SCvvlerRUoSI0l15hLyBgiAamCBo5m/P9R
/DlblastzOulPwxaHWmPQSQQiZMMxNGpRzTNZ++Zb7KhwK9NGWo5jYEyjpNeWzII
PZ4EH1Vp2PBDkqFMzqo5gFTsLkixt4/R5DRNDubU2RFrHGW2M/+DV7OGf8KjuwFx
DxM5z87N72ovLqLWilIp9SDswZkOK52gXKgckgoCkIK/l2ODAgMBAAGjgZYwgZMw
HwYDVR0jBBgwFoAUy5H3jS5hgaBEmd6Uvq24jBTnKxgwQQYIKwYBBQUHAQEENTAz
MDEGCCsGAQUFBzABhiVodHRwOi8vcGtpMS5leGFtcGxlLmNvbToyMDA4MC9jYS9v
Y3NwMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUH
AwQwDQYJKoZIhvcNAQENBQADggEBAI5ZKnILXW0dO8FP5IO5OOlCE/LdEkpLrmXw
ZmyTWcjOBqUhEaaWdo/MD+6FjdiolZidlfEZIJbqFhyQ7G8IxUmtEuELXi3SGnKb
VaFjkQaer0nBK+lWt//OujPKsMYaN2hnzy1ZYnM6+I4fr9aWfx82NbI+zlbU4+lD
NpQlDHirHQkju3wQCvjsZdFJIbYOuQIAU/xnhl0WYO/3MtDBXJb/rq85Lt+7hO8P
i+ZGe/lIrHTR/EHEbpKShx9Hmto2TMZsVAulo33jdQyR+2+QwTHsFstc4j4kzKLp
mNWo869S8s2h/szDdfTRxydCN68ip6DNlHFidZv6av8Q1O0IJVg=
===
Cert:1
MIID5TCCAs2gAwIBAgIBATANBgkqhkiG9w0BAQ0FADBhMSUwIwYDVQQKDBx0b3Bv
bG9neS0wM19Gb29iYXJtYXN0ZXIub3JnMRcwFQYDVQQLDA50b3BvbG9neS0wMy1D
QTEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yMDAyMDUwODIw
NDFaFw00MDAyMDUwODIwNDFaMGExJTAjBgNVBAoMHHRvcG9sb2d5LTAzX0Zvb2Jh
cm1hc3Rlci5vcmcxFzAVBgNVBAsMDnRvcG9sb2d5LTAzLUNBMR8wHQYDVQQDDBZD
QSBTaWduaW5nIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEApZhxLd2kiY+396Fuic0rvqNXx+axbuweFDc6KZxul1p3G70NpJiRCWD+
YL9fWn+lHd3jLlxoqP+0pdycH/iooKi6ADBs8dodHwXrUcnK0hbw1ewBPw9m40ae
hrh29elUSojvCbDL/kYA3lo7ZUtPVxhGhO9/hZ4/rE4zhXJecD1JjealCNSFJf2Q
i9/Ylr8+FGjDOUD4GZmTF8btphW8QpsqweynWj+V4bGykZqxbBCPdtrCVkJJuwCj
vbtDYRoU5eypsv1EOSgTEEHUJqll19+NKu1606oM7hoiV1iea07tn4CYpEzUpcpU
UjGXKjUukL1uoO2BhSexKA3MFSwK0wIDAQABo4GnMIGkMB8GA1UdIwQYMBaAFMuR
940uYYGgRJnelL6tuIwU5ysYMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
AgHGMB0GA1UdDgQWBBTLkfeNLmGBoESZ3pS+rbiMFOcrGDBBBggrBgEFBQcBAQQ1
MDMwMQYIKwYBBQUHMAGGJWh0dHA6Ly9wa2kxLmV4YW1wbGUuY29tOjIwMDgwL2Nh
L29jc3AwDQYJKoZIhvcNAQENBQADggEBAB5rDr45e0PfXJAV8u+BtF64e+4NSvWO
zawuwiy4qt9d+0qwfjv9fN6pKSfj4mofzisk2wvG+wOtFKQcrsT5K4MKovHOyUPr
sKK6tg/OJ/LyIktZJWou8eHa/UgEU39E/Snt1yDf2A002mLvSirdZyeM2QTH8zNq
uORPXzJTJ8Md3R9BWvbr7zyJ/BB1RvvSRz36UE9IdHE/ppz8Nmc1/o1bbQwhFkYO
6B5CVDCaeN8P7zE/tuFrDWk+Hj2QjbOvAZ/gO5CK34SqinJWqhjF4VoiDGj2+pv/
/5O+b3tPkgwTYhWG0k3939cJ4G7lSwFvmkCZwMvd/ZLvWfFz6HRo80I=
===
Certificates:
Certificate:
Data:
Version: v3
Serial Number: 0xD
Signature Algorithm: SHA512withRSA - 1.2.840.113549.1.1.13
Issuer: CN=CA Signing Certificate,OU=topology-03-CA,O=topology-03_Foobarmaster.org
Validity:
Not Before: Wednesday, February 5, 2020 3:51:26 AM EST America/New_York
Not After: Monday, August 3, 2020 3:51:26 AM EDT America/New_York
Subject: CN=Testing,UID=TEsTinG,O=Test Cert
Subject Public Key Info:
Algorithm: RSA - 1.2.840.113549.1.1.1
Public Key:
Exponent: 65537
Public Key Modulus: (2048 bits) :
AF:0A:31:D1:5B:DB:F2:80:FC:3D:AA:59:8D:71:40:9B:
E2:DD:AF:05:91:32:DD:82:3B:B6:5D:0C:5C:2A:12:9E:
7B:7F:9B:07:0C:B2:EE:49:AD:4E:E1:3E:B8:43:75:68:
26:09:96:AD:F6:7E:A8:D4:2A:F3:D6:E1:E1:E6:DB:47:
A4:7F:2D:FC:40:97:CF:10:0F:AD:84:B8:27:E3:F8:74:
E9:2F:D1:D6:CE:F0:D0:CC:21:3D:35:C9:BF:CF:1C:81:
E3:BB:B4:82:BE:F9:5E:AD:15:28:48:8D:25:D7:98:4B:
C8:18:22:01:A9:82:06:8E:66:FC:FF:51:FC:39:5B:95:
AB:2D:CC:EB:A5:3F:0C:5A:1D:69:8F:41:24:10:89:93:
0C:C4:D1:A9:47:34:CD:67:EF:99:6F:B2:A1:C0:AF:4D:
19:6A:39:8D:81:32:8E:93:5E:5B:32:08:3D:9E:04:1F:
55:69:D8:F0:43:92:A1:4C:CE:AA:39:80:54:EC:2E:48:
B1:B7:8F:D1:E4:34:4D:0E:E6:D4:D9:11:6B:1C:65:B6:
33:FF:83:57:B3:86:7F:C2:A3:BB:01:71:0F:13:39:CF:
CE:CD:EF:6A:2F:2E:A2:D6:8A:52:29:F5:20:EC:C1:99:
0E:2B:9D:A0:5C:A8:1C:92:0A:02:90:82:BF:97:63:83
Extensions:
Identifier: Authority Key Identifier - 2.5.29.35
Critical: no
Key Identifier:
CB:91:F7:8D:2E:61:81:A0:44:99:DE:94:BE:AD:B8:8C:
14:E7:2B:18
Identifier: 1.3.6.1.5.5.7.1.1
Critical: no
Value:
30:33:30:31:06:08:2B:06:01:05:05:07:30:01:86:25:
68:74:74:70:3A:2F:2F:70:6B:69:31:2E:65:78:61:6D:
70:6C:65:2E:63:6F:6D:3A:32:30:30:38:30:2F:63:61:
2F:6F:63:73:70
Identifier: Key Usage: - 2.5.29.15
Critical: yes
Key Usage:
Digital Signature
Non Repudiation
Key Encipherment
Identifier: Extended Key Usage: - 2.5.29.37
Critical: no
Extended Key Usage:
1.3.6.1.5.5.7.3.2
1.3.6.1.5.5.7.3.4
Signature:
Algorithm: SHA512withRSA - 1.2.840.113549.1.1.13
Signature:
8E:59:2A:72:0B:5D:6D:1D:3B:C1:4F:E4:83:B9:38:E9:
42:13:F2:DD:12:4A:4B:AE:65:F0:66:6C:93:59:C8:CE:
06:A5:21:11:A6:96:76:8F:CC:0F:EE:85:8D:D8:A8:95:
98:9D:95:F1:19:20:96:EA:16:1C:90:EC:6F:08:C5:49:
AD:12:E1:0B:5E:2D:D2:1A:72:9B:55:A1:63:91:06:9E:
AF:49:C1:2B:E9:56:B7:FF:CE:BA:33:CA:B0:C6:1A:37:
68:67:CF:2D:59:62:73:3A:F8:8E:1F:AF:D6:96:7F:1F:
36:35:B2:3E:CE:56:D4:E3:E9:43:36:94:25:0C:78:AB:
1D:09:23:BB:7C:10:0A:F8:EC:65:D1:49:21:B6:0E:B9:
02:00:53:FC:67:86:5D:16:60:EF:F7:32:D0:C1:5C:96:
FF:AE:AF:39:2E:DF:BB:84:EF:0F:8B:E6:46:7B:F9:48:
AC:74:D1:FC:41:C4:6E:92:92:87:1F:47:9A:DA:36:4C:
C6:6C:54:0B:A5:A3:7D:E3:75:0C:91:FB:6F:90:C1:31:
EC:16:CB:5C:E2:3E:24:CC:A2:E9:98:D5:A8:F3:AF:52:
F2:CD:A1:FE:CC:C3:75:F4:D1:C7:27:42:37:AF:22:A7:
A0:CD:94:71:62:75:9B:FA:6A:FF:10:D4:ED:08:25:58
FingerPrint
MD2:
34:10:60:0C:65:71:06:6A:15:EA:1A:B0:F7:2A:DB:6C
MD5:
AF:BB:F1:58:A8:F7:F0:D5:E5:2A:DF:FF:16:1C:83:2C
SHA-1:
27:EA:1C:E7:BB:8B:56:E7:37:8B:47:DF:62:B1:FB:4D:
52:82:2B:2D
SHA-256:
FC:A9:CC:14:70:89:A9:C9:74:03:FE:F8:59:DA:B9:45:
1B:CC:28:A4:7F:E5:80:8F:0E:5F:9E:9C:25:25:A1:11
SHA-512:
00:8E:27:63:41:68:2A:64:9A:2D:83:35:82:7F:43:24:
23:3A:9E:89:F9:F4:2A:F8:7E:52:BD:E6:29:6C:B2:C3:
9C:BF:CC:74:A5:17:94:12:1D:17:85:ED:98:F2:ED:77:
27:6D:B9:F8:AE:7A:DD:AA:9E:39:A7:BD:14:EE:DC:9E
Certificate:
Data:
Version: v3
Serial Number: 0x1
Signature Algorithm: SHA512withRSA - 1.2.840.113549.1.1.13
Issuer: CN=CA Signing Certificate,OU=topology-03-CA,O=topology-03_Foobarmaster.org
Validity:
Not Before: Wednesday, February 5, 2020 3:20:41 AM EST America/New_York
Not After: Sunday, February 5, 2040 3:20:41 AM EST America/New_York
Subject: CN=CA Signing Certificate,OU=topology-03-CA,O=topology-03_Foobarmaster.org
Subject Public Key Info:
Algorithm: RSA - 1.2.840.113549.1.1.1
Public Key:
Exponent: 65537
Public Key Modulus: (2048 bits) :
A5:98:71:2D:DD:A4:89:8F:B7:F7:A1:6E:89:CD:2B:BE:
A3:57:C7:E6:B1:6E:EC:1E:14:37:3A:29:9C:6E:97:5A:
77:1B:BD:0D:A4:98:91:09:60:FE:60:BF:5F:5A:7F:A5:
1D:DD:E3:2E:5C:68:A8:FF:B4:A5:DC:9C:1F:F8:A8:A0:
A8:BA:00:30:6C:F1:DA:1D:1F:05:EB:51:C9:CA:D2:16:
F0:D5:EC:01:3F:0F:66:E3:46:9E:86:B8:76:F5:E9:54:
4A:88:EF:09:B0:CB:FE:46:00:DE:5A:3B:65:4B:4F:57:
18:46:84:EF:7F:85:9E:3F:AC:4E:33:85:72:5E:70:3D:
49:8D:E6:A5:08:D4:85:25:FD:90:8B:DF:D8:96:BF:3E:
14:68:C3:39:40:F8:19:99:93:17:C6:ED:A6:15:BC:42:
9B:2A:C1:EC:A7:5A:3F:95:E1:B1:B2:91:9A:B1:6C:10:
8F:76:DA:C2:56:42:49:BB:00:A3:BD:BB:43:61:1A:14:
E5:EC:A9:B2:FD:44:39:28:13:10:41:D4:26:A9:65:D7:
DF:8D:2A:ED:7A:D3:AA:0C:EE:1A:22:57:58:9E:6B:4E:
ED:9F:80:98:A4:4C:D4:A5:CA:54:52:31:97:2A:35:2E:
90:BD:6E:A0:ED:81:85:27:B1:28:0D:CC:15:2C:0A:D3
Extensions:
Identifier: Authority Key Identifier - 2.5.29.35
Critical: no
Key Identifier:
CB:91:F7:8D:2E:61:81:A0:44:99:DE:94:BE:AD:B8:8C:
14:E7:2B:18
Identifier: Basic Constraints - 2.5.29.19
Critical: yes
Is CA: yes
Path Length Constraint: UNLIMITED
Identifier: Key Usage: - 2.5.29.15
Critical: yes
Key Usage:
Digital Signature
Non Repudiation
Key CertSign
Crl Sign
Identifier: Subject Key Identifier - 2.5.29.14
Critical: no
Key Identifier:
CB:91:F7:8D:2E:61:81:A0:44:99:DE:94:BE:AD:B8:8C:
14:E7:2B:18
Identifier: 1.3.6.1.5.5.7.1.1
Critical: no
Value:
30:33:30:31:06:08:2B:06:01:05:05:07:30:01:86:25:
68:74:74:70:3A:2F:2F:70:6B:69:31:2E:65:78:61:6D:
70:6C:65:2E:63:6F:6D:3A:32:30:30:38:30:2F:63:61:
2F:6F:63:73:70
Signature:
Algorithm: SHA512withRSA - 1.2.840.113549.1.1.13
Signature:
1E:6B:0E:BE:39:7B:43:DF:5C:90:15:F2:EF:81:B4:5E:
B8:7B:EE:0D:4A:F5:8E:CD:AC:2E:C2:2C:B8:AA:DF:5D:
FB:4A:B0:7E:3B:FD:7C:DE:A9:29:27:E3:E2:6A:1F:CE:
2B:24:DB:0B:C6:FB:03:AD:14:A4:1C:AE:C4:F9:2B:83:
0A:A2:F1:CE:C9:43:EB:B0:A2:BA:B6:0F:CE:27:F2:F2:
22:4B:59:25:6A:2E:F1:E1:DA:FD:48:04:53:7F:44:FD:
29:ED:D7:20:DF:D8:0D:34:DA:62:EF:4A:2A:DD:67:27:
8C:D9:04:C7:F3:33:6A:B8:E4:4F:5F:32:53:27:C3:1D:
DD:1F:41:5A:F6:EB:EF:3C:89:FC:10:75:46:FB:D2:47:
3D:FA:50:4F:48:74:71:3F:A6:9C:FC:36:67:35:FE:8D:
5B:6D:0C:21:16:46:0E:E8:1E:42:54:30:9A:78:DF:0F:
EF:31:3F:B6:E1:6B:0D:69:3E:1E:3D:90:8D:B3:AF:01:
9F:E0:3B:90:8A:DF:84:AA:8A:72:56:AA:18:C5:E1:5A:
22:0C:68:F6:FA:9B:FF:FF:93:BE:6F:7B:4F:92:0C:13:
62:15:86:D2:4D:FD:DF:D7:09:E0:6E:E5:4B:01:6F:9A:
40:99:C0:CB:DD:FD:92:EF:59:F1:73:E8:74:68:F3:42
FingerPrint
MD2:
53:70:A7:6D:ED:3B:C0:E1:F0:71:FB:3D:8B:0D:53:3C
MD5:
E1:19:55:D1:DB:54:62:2A:90:53:E2:3A:47:2E:82:E9
SHA-1:
48:ED:35:0B:CE:4F:65:F3:50:F7:F6:67:71:A1:89:04:
F0:7E:69:AA
SHA-256:
D8:F6:72:46:16:4E:8C:9B:14:AA:22:54:09:31:0A:6E:
FD:9A:93:AE:AB:9A:D5:F4:00:58:D1:9E:E4:71:96:25
SHA-512:
90:17:47:30:40:B2:D1:62:F7:5B:8C:AE:F5:0E:C2:E4:
6A:15:F9:40:01:7E:65:11:21:8B:4A:B5:E2:5C:90:0B:
A1:C0:37:CF:D4:AE:B2:A2:FA:69:C2:13:21:8A:7F:5E:
DE:5E:B8:63:C0:E1:54:1E:46:94:1D:13:C3:6B:E6:C2
Number of controls is 1
Control #0: CMCStatusInfoV2
OID: {1 3 6 1 5 5 7 7 25}
BodyList: 1
Status: SUCCESS
CMC Full Response.
PKCS#7 now stored in file: /tmp/cmc_response_pkcs7.crt
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:1644 |