Bug 440546 - Console CLI crashes when not prefixed with "https://"
Summary: Console CLI crashes when not prefixed with "https://"
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Dogtag Certificate System
Classification: Retired
Component: Console
Version: 1.0
Hardware: All
OS: Linux
low
low
Target Milestone: 1.0
Assignee: Andrew Wnuk
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: 443788
TreeView+ depends on / blocked
 
Reported: 2008-04-03 22:12 UTC by Bob Lord
Modified: 2015-01-04 23:31 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-07-22 23:28:15 UTC
Embargoed:


Attachments (Terms of Use)
Proposed fix (4.47 KB, text/plain)
2008-10-13 21:11 UTC, Andrew Wnuk
no flags Details

Description Bob Lord 2008-04-03 22:12:44 UTC
Description of problem:

The console code does not test the validity of the URL argument.  The URL
argument has to have a prefix of "https://".  If you do not use that prefix, it
will crash like this:

==
[root@lorddesktop crl_perf]# /usr/bin/pkiconsole mydesktop
Exception in thread "main" java.lang.NullPointerException
        at com.netscape.admin.certsrv.Console.main(Console.java:1667)
==

Instead, return a descriptive error message such as:
  Could not contact URL 'mydesktop'. Make sure you remember to prefix
  machine names with 'https://'.

Version-Release number of selected component (if applicable):
1.0.0

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 2 Andrew Wnuk 2008-10-13 21:11:40 UTC
Created attachment 320230 [details]
Proposed fix

Comment 4 Matthew Harmsen 2008-10-13 22:10:36 UTC
attachment (id=320230) +mharmsen

Approved with the following changes:

(1) Insert comments

+        if (protocol == null || protocol.length() == 0 ||
+            ((!protocol.equalsIgnoreCase("https")) &&
(!protocol.equalsIgnoreCase("http"))) ) {

Per our discussions, please place a comment regarding 'http' and other
protocols prior to this command.

+            System.err.println("\nIncorrect protocol"+
+                                 ((protocol != null && protocol.length() >
0)?": "+protocol:".")+
+                               "\nDefault supported protocol is 'https'.\n");
+            waitForKeyPress(); // allow the user to read the msg on Win NT
+            System.exit(1);
+        }


(2) Change order and name of 'drm' to 'kra':

+            System.err.println("\nMissing subsystems: "+sAdminURL+
+                               "\nDefault supported subsystems are 'ca', 'kra'
(DRM), 'ocsp', and 'tks'.\n");

+        if ((!path.equals("ca")) && (!path.equals("kra")) &&
+            (!path.equals("ocsp")) && (!path.equals("tks"))) {
+            System.err.println("\nWarning: Potentially incorrect subsystem:
"+path+
+                               "\n         Default supported subsystems are
'ca', 'kra' (DRM), 'ocsp', and 'tks'.\n");
+        }


(3)  Since ports differ amongst subsystems, and the new default will be port
separation, change the code to reflect this:

+        if (portNumber < 0) {
+            System.err.println("\nWarning: Unspecified port number:
"+sAdminURL+
+                               ".\n");
+        } else {
+            System.err.println("\nWarning: Attempt to connect to unknown port
number: "+sAdminURL+
+                               ".\n");
+        }

Comment 5 Andrew Wnuk 2008-10-13 22:47:44 UTC
svn commit pki/base/console/src/com/netscape/admin/certsrv/Console.java
Sending        pki/base/console/src/com/netscape/admin/certsrv/Console.java
Transmitting file data .
Committed revision 125.
svn commit pki/linux/console/pki-console.spec                                        
Sending        pki/linux/console/pki-console.spec
Transmitting file data .
Committed revision 126.

Comment 6 Jenny Severance 2009-06-12 15:35:51 UTC
verified:

[root@qe-blade-11 ~]# pkiconsole qe-blade-11.idm.lab.bos.redhat.com:9445/ca

URL error:  unknown protocol: qe-blade-11.idm.lab.bos.redhat.com


Note You need to log in before you can comment on or make changes to this bug.