Bug 440546 - Console CLI crashes when not prefixed with "https://"
Console CLI crashes when not prefixed with "https://"
Status: CLOSED ERRATA
Product: Dogtag Certificate System
Classification: Community
Component: Console (Show other bugs)
1.0
All Linux
low Severity low
: 1.0
: ---
Assigned To: Andrew Wnuk
Chandrasekar Kannan
:
Depends On:
Blocks: 443788
  Show dependency treegraph
 
Reported: 2008-04-03 18:12 EDT by Bob Lord
Modified: 2015-01-04 18:31 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-07-22 19:28:15 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Proposed fix (4.47 KB, text/plain)
2008-10-13 17:11 EDT, Andrew Wnuk
no flags Details

  None (edit)
Description Bob Lord 2008-04-03 18:12:44 EDT
Description of problem:

The console code does not test the validity of the URL argument.  The URL
argument has to have a prefix of "https://".  If you do not use that prefix, it
will crash like this:

==
[root@lorddesktop crl_perf]# /usr/bin/pkiconsole mydesktop
Exception in thread "main" java.lang.NullPointerException
        at com.netscape.admin.certsrv.Console.main(Console.java:1667)
==

Instead, return a descriptive error message such as:
  Could not contact URL 'mydesktop'. Make sure you remember to prefix
  machine names with 'https://'.

Version-Release number of selected component (if applicable):
1.0.0

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 2 Andrew Wnuk 2008-10-13 17:11:40 EDT
Created attachment 320230 [details]
Proposed fix
Comment 4 Matthew Harmsen 2008-10-13 18:10:36 EDT
attachment (id=320230) +mharmsen

Approved with the following changes:

(1) Insert comments

+        if (protocol == null || protocol.length() == 0 ||
+            ((!protocol.equalsIgnoreCase("https")) &&
(!protocol.equalsIgnoreCase("http"))) ) {

Per our discussions, please place a comment regarding 'http' and other
protocols prior to this command.

+            System.err.println("\nIncorrect protocol"+
+                                 ((protocol != null && protocol.length() >
0)?": "+protocol:".")+
+                               "\nDefault supported protocol is 'https'.\n");
+            waitForKeyPress(); // allow the user to read the msg on Win NT
+            System.exit(1);
+        }


(2) Change order and name of 'drm' to 'kra':

+            System.err.println("\nMissing subsystems: "+sAdminURL+
+                               "\nDefault supported subsystems are 'ca', 'kra'
(DRM), 'ocsp', and 'tks'.\n");

+        if ((!path.equals("ca")) && (!path.equals("kra")) &&
+            (!path.equals("ocsp")) && (!path.equals("tks"))) {
+            System.err.println("\nWarning: Potentially incorrect subsystem:
"+path+
+                               "\n         Default supported subsystems are
'ca', 'kra' (DRM), 'ocsp', and 'tks'.\n");
+        }


(3)  Since ports differ amongst subsystems, and the new default will be port
separation, change the code to reflect this:

+        if (portNumber < 0) {
+            System.err.println("\nWarning: Unspecified port number:
"+sAdminURL+
+                               ".\n");
+        } else {
+            System.err.println("\nWarning: Attempt to connect to unknown port
number: "+sAdminURL+
+                               ".\n");
+        }
Comment 5 Andrew Wnuk 2008-10-13 18:47:44 EDT
svn commit pki/base/console/src/com/netscape/admin/certsrv/Console.java
Sending        pki/base/console/src/com/netscape/admin/certsrv/Console.java
Transmitting file data .
Committed revision 125.
svn commit pki/linux/console/pki-console.spec                                        
Sending        pki/linux/console/pki-console.spec
Transmitting file data .
Committed revision 126.
Comment 6 Jenny Galipeau 2009-06-12 11:35:51 EDT
verified:

[root@qe-blade-11 ~]# pkiconsole qe-blade-11.idm.lab.bos.redhat.com:9445/ca

URL error:  unknown protocol: qe-blade-11.idm.lab.bos.redhat.com

Note You need to log in before you can comment on or make changes to this bug.