Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 487592

Summary: nsTokenUserKeySubjectNameDefault does not fill in attributes retrieved from ldap
Product: [Retired] Dogtag Certificate System Reporter: Christina Fu <cfu>
Component: ProfileAssignee: Christina Fu <cfu>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: medium Docs Contact:
Priority: high    
Version: unspecifiedCC: awnuk, benl
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-07-22 23:32:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 443788    
Attachments:
Description Flags
fix to fill out request from ldap retrieved attributes for profiles none

Description Christina Fu 2009-02-26 21:28:23 UTC 
code in nsTokenUserKeySubjectNameDefault.java was broken at some point causing the attribute values retrieved from ldap not to be populated to the request so any of the variables in profile wont work (e.g. $request.email$)
Comment 1 Christina Fu 2009-02-26 21:31:52 UTC 
Created attachment 333389 [details]
fix to fill out request from ldap retrieved attributes for profiles

I also took the opportunity to remove/replace all the ugly tabs which I had introduced in the past.

awnuk please review.
Comment 2 Andrew Wnuk 2009-02-26 21:39:46 UTC 
attachment (id=333389) +awnuk
Comment 3 Christina Fu 2009-02-27 00:25:48 UTC 
svn committed
pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java
r251
Comment 4 Kashyap Chamarthy 2009-07-02 17:19:19 UTC 
I tried as below

- In the CA pkiconsole -> Certificate Manager -> Certificate Profiles
added a new profile using "User certificate Enrollment Profile" and edit that profile by adding a policy with 
 Default - nsTokenUserKeySubjectNameDefault
 Constraint - No Constraint

here when I click "ok" it does not proceed further and an exception was thrown as below...

Any pointers??
====================================================
[user1@tel53 ~]$ pkiconsole https://tel53.pnq.redhat.com:9445/ca
Exception occurred during event dispatching:
java.lang.NullPointerException
        at com.netscape.admin.certsrv.config.ProfilePolicyNewDialog.showDialog(ProfilePolicyNewDialog.java:562)
        at com.netscape.admin.certsrv.config.ProfilePolicySelectionDialog.actionPerformed(ProfilePolicySelectionDialog.java:219)
        at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2012)
        at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2335)
        at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:404)
        at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259)
        at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:253)
        at java.awt.Component.processMouseEvent(Component.java:6101)
        at javax.swing.JComponent.processMouseEvent(JComponent.java:3276)
        at java.awt.Component.processEvent(Component.java:5866)
        at java.awt.Container.processEvent(Container.java:2105)
        at java.awt.Component.dispatchEventImpl(Component.java:4462)
        at java.awt.Container.dispatchEventImpl(Container.java:2163)
        at java.awt.Component.dispatchEvent(Component.java:4288)
        at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4461)
        at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4125)
        at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4055)
        at java.awt.Container.dispatchEventImpl(Container.java:2149)
        at java.awt.Window.dispatchEventImpl(Window.java:2478)
        at java.awt.Component.dispatchEvent(Component.java:4288)
        at java.awt.EventQueue.dispatchEvent(EventQueue.java:604)
        at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:275)
        at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:200)
        at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:194)
        at java.awt.Dialog$1.run(Dialog.java:1072)
        at java.awt.Dialog$3.run(Dialog.java:1126)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.awt.Dialog.show(Dialog.java:1124)
        at com.netscape.admin.certsrv.config.ProfilePolicySelectionDialog.showDialog(ProfilePolicySelectionDialog.java:165)
        at com.netscape.admin.certsrv.config.ProfileEditDialog.actionPerformed(ProfileEditDialog.java:463)
        at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2012)
        at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2335)
        at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:404)
        at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259)
        at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:253)
        at java.awt.Component.processMouseEvent(Component.java:6101)
        at javax.swing.JComponent.processMouseEvent(JComponent.java:3276)
        at java.awt.Component.processEvent(Component.java:5866)
        at java.awt.Container.processEvent(Container.java:2105)
        at java.awt.Component.dispatchEventImpl(Component.java:4462)
        at java.awt.Container.dispatchEventImpl(Container.java:2163)
        at java.awt.Component.dispatchEvent(Component.java:4288)
        at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4461)
        at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4125)
        at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4055)
        at java.awt.Container.dispatchEventImpl(Container.java:2149)
        at java.awt.Window.dispatchEventImpl(Window.java:2478)
        at java.awt.Component.dispatchEvent(Component.java:4288)
        at java.awt.EventQueue.dispatchEvent(EventQueue.java:604)
        at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:275)
        at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:200)
        at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:194)
        at java.awt.Dialog$1.run(Dialog.java:1072)
        at java.awt.Dialog$3.run(Dialog.java:1126)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.awt.Dialog.show(Dialog.java:1124)
        at com.netscape.admin.certsrv.config.ProfileEditDialog.showDialog(ProfileEditDialog.java:752)
        at com.netscape.admin.certsrv.config.CMSPluginInstanceTab.actionPerformed(CMSPluginInstanceTab.java:151)
        at com.netscape.admin.certsrv.config.ProfileInstanceTab.actionPerformed(ProfileInstanceTab.java:118)
        at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2012)
        at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2335)
        at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:404)
        at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259)
        at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:253)
        at java.awt.Component.processMouseEvent(Component.java:6101)
        at javax.swing.JComponent.processMouseEvent(JComponent.java:3276)
        at java.awt.Component.processEvent(Component.java:5866)
        at java.awt.Container.processEvent(Container.java:2105)
        at java.awt.Component.dispatchEventImpl(Component.java:4462)
        at java.awt.Container.dispatchEventImpl(Container.java:2163)
        at java.awt.Component.dispatchEvent(Component.java:4288)
        at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4461)
        at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4125)
        at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4055)
        at java.awt.Container.dispatchEventImpl(Container.java:2149)
        at java.awt.Window.dispatchEventImpl(Window.java:2478)
        at java.awt.Component.dispatchEvent(Component.java:4288)
        at java.awt.EventQueue.dispatchEvent(EventQueue.java:604)
        at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:275)
        at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:200)
        at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:190)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:185)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:177)
        at java.awt.EventDispatchThread.run(EventDispatchThread.java:138)

============================================
Comment 7 Kashyap Chamarthy 2009-07-02 19:33:43 UTC 
I did the below

-created a user in the directory(uid=wsmith,ou=People,dc=pnq,dc=redhat,dc=com) along with Email(wsmith)
-used tpsclient to enroll a token for the user.

-And tried to view the just enrolled cert for user(wsmith) in the CA agent pages.

<snip of the Extensions field of user wsmith)

          Non Repudiation 
                Identifier: Subject Alternative Name - 2.5.29.17
                    Critical: no 
                    Value: 
                        RFC822Name: $request.mail$

-here should it populate the email for the user from the ldap database??

==============================================
 Certificate: 
        Data: 
            Version:  v3
            Serial Number: 0x2D
            Signature Algorithm: SHA1withRSA - 1.2.840.113549.1.1.5
            Issuer: CN=Certificate Authority,O=PnqRedhat Domain
            Validity: 
                Not Before: Friday, July 3, 2009 12:42:33 AM IST Asia/Kolkata
                Not  After: Monday, April 25, 2011 7:58:18 PM IST Asia/Kolkata
            Subject: UID=wsmith,O=Token Key User
            Subject Public Key Info: 
                Algorithm: RSA - 1.2.840.113549.1.1.1
                Public Key: 
                    Exponent: 65537
                    Public Key Modulus: (1024 bits) :
                        BE:71:3F:41:BD:4A:B5:EF:DE:F3:B5:58:AC:A9:7E:A3:
                        E2:4E:4C:C2:75:95:F9:9F:5A:40:B1:DA:6C:C4:AF:F4:
                        58:08:5F:EB:8D:9C:20:F9:8C:7F:AB:2B:87:37:6F:66:
                        AA:1D:DB:B4:A5:3A:EC:86:F9:76:69:14:A3:CD:7B:D6:
                        7D:4B:AA:0D:18:38:93:EA:3B:FD:A2:C5:5C:F4:39:F0:
                        79:15:BB:AF:09:7C:65:64:FD:5D:DE:55:D6:CB:69:7A:
                        C8:DA:9D:DB:36:6A:BB:3F:72:DF:60:81:0C:BC:9A:91:
                        86:5F:AE:D0:DD:54:0F:57:7F:82:FC:90:CE:6C:0F:59
            Extensions: 
                Identifier: Key Usage: - 2.5.29.15
                    Critical: yes 
                    Key Usage: 
                        Digital Signature 
                        Non Repudiation 
                Identifier: Subject Alternative Name - 2.5.29.17
                    Critical: no 
                    Value: 
                        RFC822Name: $request.mail$
                Identifier: Subject Key Identifier - 2.5.29.14
                    Critical: no 
                    Key Identifier: 
                        2E:BE:BC:A3:56:4D:C7:32:A3:FA:89:13:28:F0:24:CB:
                        2E:03:49:EB
                Identifier: Authority Key Identifier - 2.5.29.35
                    Critical: no 
                    Key Identifier: 
                        1E:B7:62:17:70:03:DD:8C:FA:84:E0:50:BB:00:E3:D6:
                        AC:AE:AE:FB
                Identifier: Basic Constraints - 2.5.29.19
                    Critical: no 
                    Is CA: no 
                    Path Length Constraint: UNLIMITED
        Signature: 
            Algorithm: SHA1withRSA - 1.2.840.113549.1.1.5
===========================================================

enroll.test uesd with tpsclient
============================================
[root@madrid tpsclient-test]# cat enroll.test 
op=var_set name=ra_host value=madrid.pnq.redhat.com
op=var_set name=ra_port value=7888
op=var_set name=ra_uri value=/nk_service
op=token_set cuid=00000000000000000001 msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0
op=token_set auth_key=404142434445464748494a4b4c4d4e4f
op=token_set mac_key=404142434445464748494a4b4c4d4e4f
op=token_set kek_key=404142434445464748494a4b4c4d4e4f
op=ra_enroll uid=wsmith pwd=netscape new_pin=netscape num_threads=1
op=exit
================================
Comment 8 Christina Fu 2009-07-02 20:36:09 UTC 
I assume you enabled ldap in the profile?  Please attach your profile for me to view.
Comment 9 Kashyap Chamarthy 2009-07-03 05:58:14 UTC 
thanks christina...my fault.tweaking the cfg file appropriately pulled the email attribute from the ldap. Verified.

========
Certificate: 
        Data: 
            Version:  v3
            Serial Number: 0x2F
            Signature Algorithm: SHA1withRSA - 1.2.840.113549.1.1.5
            Issuer: CN=Certificate Authority,O=PnqRedhat Domain
            Validity: 
                Not Before: Friday, July 3, 2009 2:14:42 AM IST Asia/Kolkata
                Not  After: Monday, April 25, 2011 7:58:18 PM IST Asia/Kolkata
            Subject: UID=ncage,O=Token Key User
            Subject Public Key Info: 
                Algorithm: RSA - 1.2.840.113549.1.1.1
                Public Key: 
                    Exponent: 65537
                    Public Key Modulus: (1024 bits) :
                        F2:7E:DE:CB:B6:D8:F2:D0:68:BC:66:12:F7:68:95:84:
                        E3:9B:83:07:4C:32:50:7A:8A:BF:59:06:F4:89:90:6C:
                        D3:0E:04:F2:33:93:30:DD:73:17:39:E6:1F:F8:DC:B6:
                        83:6B:CB:C2:13:BE:E6:8E:9B:9B:8C:8E:E8:79:3E:5C:
                        93:F1:AE:9D:32:00:6A:0A:1A:30:27:64:D5:9F:B2:5D:
                        91:83:3D:48:23:A2:8C:C9:E7:80:AC:F0:2E:D9:06:59:
                        52:A0:43:53:FC:BF:63:57:4B:FF:98:77:3B:EB:9A:69:
                        5D:4F:48:1D:45:D2:0E:D1:03:D4:DF:65:DD:28:71:E5
            Extensions: 
                Identifier: Key Usage: - 2.5.29.15
                    Critical: yes 
                    Key Usage: 
                        Digital Signature 
                        Non Repudiation 
                Identifier: Subject Alternative Name - 2.5.29.17
                    Critical: no 
                    Value: 
                        RFC822Name: ncage
                Identifier: Subject Key Identifier - 2.5.29.14
                    Critical: no 
                    Key Identifier: 
                        0F:C5:5A:50:24:F8:7F:94:6E:8B:C5:16:92:7B:B8:84:

============================
<snip of caTokenUserEncryptionKeyEnrollment.cfg>

policyset.set1.p1.default.params.ldap.enable=true
policyset.set1.p1.default.params.ldap.searchName=uid
policyset.set1.p1.default.params.ldapStringAttributes=uid,mail
policyset.set1.p1.default.params.ldap.basedn=ou=people,dc=pnq,dc=redhat,dc=com
policyset.set1.p1.default.params.ldap.maxConns=4
policyset.set1.p1.default.params.ldap.minConns=1
policyset.set1.p1.default.params.ldap.ldapconn.Version=2
policyset.set1.p1.default.params.ldap.ldapconn.host=localhost
policyset.set1.p1.default.params.ldap.ldapconn.port=389
policyset.set1.p1.default.params.ldap.ldapconn.secureConn=false
policyset.set1.p2.constraint.class_id=noConstraintImpl
===================