While attempting to configure a CA on RHEL5.2, I forgot to enter an email address in the Administration Panel of the Configuration Wizard. I received the following problem: VelocityServlet: Error processing the template java.lang.NullPointerException at com.netscape.certsrv.util.HttpInput.getEmail(HttpInput.java:267) at com.netscape.cms.servlet.csadmin.AdminPanel.validate(AdminPanel.java:198) at com.netscape.cms.servlet.wizard.WizardServlet.goNextApply(WizardServlet.java:313) at com.netscape.cms.servlet.wizard.WizardServlet.goNext(WizardServlet.java:294) at com.netscape.cms.servlet.wizard.WizardServlet.handleRequest(WizardServlet.java:470) at org.apache.velocity.servlet.VelocityServlet.doRequest(VelocityServlet.java:358) at org.apache.velocity.servlet.VelocityServlet.doPost(VelocityServlet.java:327) at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:542) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685) at java.lang.Thread.run(Thread.java:636) In the file common/src/com/netscape/certsrv/util/HttpInput.java, the NULL pointer exception comes from attempting to parse an empty "name" value: public static String getEmail(HttpServletRequest request, String name) throws IOException { String v = getString(request, name); if (v.indexOf('@') == -1) { throw new IOException("Invalid email " + v); } return v; } Code should be placed in the panel to disallow a user from ever going to the code in the first place.
NOTE: This bug may be invalid, as it may have been caused by a certificate pre-existing in the browser's database, since retrying yielded problems with the Panels skipping the highlighting of the "Import CA Certificate Chain", and the "Administration" panel was completely greyed-out (thus why no email address got entered). One potential problem may be that the system thought that it was a "clone", since the code doesn't appear to get executed for this type of configuration.
This problem can be seen on the following virtual machine: meatpie.dsdev.sjc.redhat.com (RHEL 5.2 + OpenJDK 1.6.0)
The problem results because some change made in common-ui in dogtag were not replicated to the redhat subversion tree. The specific changes can be found in BZ 224765 and BZ 223367.
Created attachment 327202 [details] patch to fix patch with required changes to be ported over. There are no differences between the changes in dogtag and the changes required here. mharmsen, please review.
attachment (id=327202) +mharmsen
[builder@dhcp231-124 pki]$ svn ci -m "Bugzilla BZ 472654" redhat Sending redhat/common-ui/redhat-pki-common-ui.el4sol9.spec Sending redhat/common-ui/redhat-pki-common-ui.spec Sending redhat/common-ui/shared/admin/console/config/adminpanel.vm Sending redhat/common-ui/shared/admin/console/config/databasepanel.vm Transmitting file data .... Committed revision 15377.
Verified (on RHEL 5.3, June-8-build). No code is thrown when a valid email is not given, instead an "invalid email address" error is thrown