Bug 1980368 - "kra-audit-show --output file.xml" cli store invalid output in file
Summary: "kra-audit-show --output file.xml" cli store invalid output in file
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: pki-core
Version: 33
Hardware: x86_64
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Endi Sukma Dewata
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-07-08 13:47 UTC by Deepak Punia
Modified: 2021-07-14 14:11 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-07-14 14:11:33 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Deepak Punia 2021-07-08 13:47:12 UTC 
Description of problem: "kra-audit-show --output file.xml" cli store invalid output in file.

# cat /etc/redhat-release 
Fedora release 33 (Thirty Three)

# rpm -qi pki-kra
Name        : pki-kra
Version     : 11.0.0
Release     : 0.1.alpha1.20210708095252UTC.16e89c9e.fc33
Architecture: noarch
Install Date: Thursday 08 July 2021 02:10:41 PM
Group       : Unspecified
Size        : 636412
License     : GPLv2 and LGPLv2
Signature   : RSA/SHA1, Thursday 08 July 2021 12:00:44 PM, Key ID 94cf0b2d20de059c
Source RPM  : pki-11.0.0-0.1.alpha1.20210708095252UTC.16e89c9e.fc33.src.rpm
Build Date  : Thursday 08 July 2021 11:56:28 AM
Build Host  : ip-172-30-4-76.ec2.internal
Vendor      : Fedora Copr - group @pki
URL         : https://www.dogtagpki.org
Summary     : PKI KRA Package


How reproducible:
Always

Steps to Reproduce:
1. Install CA and KRA subsystem and run below command. change KRA port number accordingly.

2.
# pki -p 21443 -d nssdb/ -c SECret.123 -n "PKI KRA Administrator for Example.Org" kra-audit-show --output kra_audit.xml 
---------------------------------------------
Stored audit configuration into kra_audit.xml
---------------------------------------------

# cat kra_audit.xml 
com.netscape.certsrv.logging.AuditConfig@9598c59a

Actual results:
kra-audit-show --output file.xml cli return invalid output,  

Expected results: 
Output should be in file in xml format.

Additional info: 
Below is the debug logs :

2021-07-08 15:11:38 [https-jsse-nio-21443-exec-3] FINE: evaluated expression: group="Data Recovery Manager Agents" to be true
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-3] INFO: AAclAuthz: Granting read permission for certServer.log.configuration
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-3] FINE: DirAclAuthz: authorization passed
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-3] FINE: ACLInterceptor: access granted
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-3] FINE: SignedAuditLogger: event AUTHZ
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-3] FINEST: Getting pidDir=/var/run/pki/tomcat
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-3] FINEST: Getting pidDir=/var/run/pki/tomcat
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-3] FINEST: Getting pidDir=/var/run/pki/tomcat
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-3] FINEST: Getting pidDir=/var/run/pki/tomcat
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-3] FINE: MessageFormatInterceptor: AuditResource.getAuditConfig()
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-3] FINE: MessageFormatInterceptor: accept: [application/json]
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-3] FINE: MessageFormatInterceptor: response format: application/json
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-3] FINE: AuditService.getAuditConfig()
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-3] FINEST: Getting log.instance.SignedAudit.enable=true
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-3] FINEST: Getting log.instance.SignedAudit.logSigning=true
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-3] FINEST: Getting log.instance.SignedAudit.flushInterval=5
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-3] FINEST: Getting log.instance.SignedAudit.flushInterval=5
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-3] FINEST: Getting log.instance.SignedAudit.bufferSize=512
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-3] FINEST: Getting log.instance.SignedAudit.bufferSize=512
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-3] FINEST: Getting log.instance.SignedAudit.events=ACCESS_SESSION_ESTABLISH,ACCESS_SESSION_TERMINATED,ASYMKEY_GENERATION_REQUEST,ASYMKEY_GENERATION_REQUEST_PROCESSED,AUDIT_LOG_SIGNING,AUDIT_LOG_STARTUP,AUTH,AUTHZ,CLIENT_ACCESS_SESSION_ESTABLISH,CLIENT_ACCESS_SESSION_TERMINATED,CONFIG_ACL,CONFIG_AUTH,CONFIG_DRM,CONFIG_ENCRYPTION,CONFIG_ROLE,CONFIG_SERIAL_NUMBER,CONFIG_SIGNED_AUDIT,CONFIG_TRUSTED_PUBLIC_KEY,KEY_GEN_ASYMMETRIC,LOG_PATH_CHANGE,RANDOM_GENERATION,ROLE_ASSUME,SCHEDULE_CRL_GENERATION,SECURITY_DATA_ARCHIVAL_REQUEST,SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED,SECURITY_DATA_RECOVERY_REQUEST,SECURITY_DATA_RECOVERY_REQUEST_PROCESSED,SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE,SELFTESTS_EXECUTION,SERVER_SIDE_KEYGEN_REQUEST,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED,SYMKEY_GENERATION_REQUEST,SYMKEY_GENERATION_REQUEST_PROCESSED
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-3] FINEST: Getting log.instance.SignedAudit.events=ACCESS_SESSION_ESTABLISH,ACCESS_SESSION_TERMINATED,ASYMKEY_GENERATION_REQUEST,ASYMKEY_GENERATION_REQUEST_PROCESSED,AUDIT_LOG_SIGNING,AUDIT_LOG_STARTUP,AUTH,AUTHZ,CLIENT_ACCESS_SESSION_ESTABLISH,CLIENT_ACCESS_SESSION_TERMINATED,CONFIG_ACL,CONFIG_AUTH,CONFIG_DRM,CONFIG_ENCRYPTION,CONFIG_ROLE,CONFIG_SERIAL_NUMBER,CONFIG_SIGNED_AUDIT,CONFIG_TRUSTED_PUBLIC_KEY,KEY_GEN_ASYMMETRIC,LOG_PATH_CHANGE,RANDOM_GENERATION,ROLE_ASSUME,SCHEDULE_CRL_GENERATION,SECURITY_DATA_ARCHIVAL_REQUEST,SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED,SECURITY_DATA_RECOVERY_REQUEST,SECURITY_DATA_RECOVERY_REQUEST_PROCESSED,SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE,SELFTESTS_EXECUTION,SERVER_SIDE_KEYGEN_REQUEST,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED,SYMKEY_GENERATION_REQUEST,SYMKEY_GENERATION_REQUEST_PROCESSED
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-3] FINEST: Property log.instance.SignedAudit.mandatory.events not found
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-3] FINEST: Getting log.instance.SignedAudit.mandatory.events=
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-4] FINE: SessionContextInterceptor: AccountService.logout()
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-4] FINE: SessionContextInterceptor: principal: kraadmin
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-4] FINE: AuthMethodInterceptor: AccountService.logout()
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-4] FINE: AuthMethodInterceptor: mapping: account
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-4] FINE: AuthMethodInterceptor: required auth methods: []
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-4] FINE: AuthMethodInterceptor: authentication manager: certUserDBAuthMgr
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-4] FINE: AuthMethodInterceptor: access granted
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-4] FINE: ACLInterceptor: AccountService.logout()
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-4] FINE: ACLInterceptor: principal: kraadmin
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-4] FINE: ACLInterceptor: will use authz manager DirAclAuthz
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-4] FINE: ACLInterceptor: mapping: account.logout
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-4] FINE: ACLInterceptor: ACL: certServer.kra.account,logout
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-4] FINE: AAclAuthz.checkPermission(certServer.kra.account, logout)
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-4] FINEST: Getting authz.evaluateOrder=deny,allow
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-4] FINEST: Getting authz.evaluateOrder=deny,allow
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-4] FINE: checkAllowEntries(): expressions: user="anybody"
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-4] FINE: evaluating expressions: user="anybody"
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-4] FINE: evaluated expression: user="anybody" to be true
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-4] INFO: AAclAuthz: Granting logout permission for certServer.kra.account
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-4] FINE: DirAclAuthz: authorization passed
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-4] FINE: ACLInterceptor: access granted
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-4] FINE: SignedAuditLogger: event AUTHZ
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-4] FINEST: Getting pidDir=/var/run/pki/tomcat
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-4] FINEST: Getting pidDir=/var/run/pki/tomcat
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-4] FINE: MessageFormatInterceptor: AccountService.logout()
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-4] FINE: MessageFormatInterceptor: accept: [*/*]
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-4] FINE: MessageFormatInterceptor: response format: application/xml
2021-07-08 15:11:38 [https-jsse-nio-21443-exec-4] INFO: Destroying session 3661D5C31B8EDFECA06866455E3ACAEC
Comment 1 Endi Sukma Dewata 2021-07-08 16:43:02 UTC 
In PKI 11 the output of this command is being changed from XML into JSON,
but there's a bug in the current code. It's being fixed in this PR:
https://github.com/dogtagpki/pki/pull/3644
Note You need to log in before you can comment on or make changes to this bug.