code in nsTokenUserKeySubjectNameDefault.java was broken at some point causing the attribute values retrieved from ldap not to be populated to the request so any of the variables in profile wont work (e.g. $request.email$)
Created attachment 333389 [details] fix to fill out request from ldap retrieved attributes for profiles I also took the opportunity to remove/replace all the ugly tabs which I had introduced in the past. awnuk please review.
attachment (id=333389) +awnuk
svn committed pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java r251
I tried as below - In the CA pkiconsole -> Certificate Manager -> Certificate Profiles added a new profile using "User certificate Enrollment Profile" and edit that profile by adding a policy with Default - nsTokenUserKeySubjectNameDefault Constraint - No Constraint here when I click "ok" it does not proceed further and an exception was thrown as below... Any pointers?? ==================================================== [user1@tel53 ~]$ pkiconsole https://tel53.pnq.redhat.com:9445/ca Exception occurred during event dispatching: java.lang.NullPointerException at com.netscape.admin.certsrv.config.ProfilePolicyNewDialog.showDialog(ProfilePolicyNewDialog.java:562) at com.netscape.admin.certsrv.config.ProfilePolicySelectionDialog.actionPerformed(ProfilePolicySelectionDialog.java:219) at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2012) at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2335) at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:404) at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259) at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:253) at java.awt.Component.processMouseEvent(Component.java:6101) at javax.swing.JComponent.processMouseEvent(JComponent.java:3276) at java.awt.Component.processEvent(Component.java:5866) at java.awt.Container.processEvent(Container.java:2105) at java.awt.Component.dispatchEventImpl(Component.java:4462) at java.awt.Container.dispatchEventImpl(Container.java:2163) at java.awt.Component.dispatchEvent(Component.java:4288) at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4461) at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4125) at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4055) at java.awt.Container.dispatchEventImpl(Container.java:2149) at java.awt.Window.dispatchEventImpl(Window.java:2478) at java.awt.Component.dispatchEvent(Component.java:4288) at java.awt.EventQueue.dispatchEvent(EventQueue.java:604) at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:275) at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:200) at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:194) at java.awt.Dialog$1.run(Dialog.java:1072) at java.awt.Dialog$3.run(Dialog.java:1126) at java.security.AccessController.doPrivileged(Native Method) at java.awt.Dialog.show(Dialog.java:1124) at com.netscape.admin.certsrv.config.ProfilePolicySelectionDialog.showDialog(ProfilePolicySelectionDialog.java:165) at com.netscape.admin.certsrv.config.ProfileEditDialog.actionPerformed(ProfileEditDialog.java:463) at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2012) at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2335) at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:404) at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259) at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:253) at java.awt.Component.processMouseEvent(Component.java:6101) at javax.swing.JComponent.processMouseEvent(JComponent.java:3276) at java.awt.Component.processEvent(Component.java:5866) at java.awt.Container.processEvent(Container.java:2105) at java.awt.Component.dispatchEventImpl(Component.java:4462) at java.awt.Container.dispatchEventImpl(Container.java:2163) at java.awt.Component.dispatchEvent(Component.java:4288) at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4461) at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4125) at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4055) at java.awt.Container.dispatchEventImpl(Container.java:2149) at java.awt.Window.dispatchEventImpl(Window.java:2478) at java.awt.Component.dispatchEvent(Component.java:4288) at java.awt.EventQueue.dispatchEvent(EventQueue.java:604) at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:275) at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:200) at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:194) at java.awt.Dialog$1.run(Dialog.java:1072) at java.awt.Dialog$3.run(Dialog.java:1126) at java.security.AccessController.doPrivileged(Native Method) at java.awt.Dialog.show(Dialog.java:1124) at com.netscape.admin.certsrv.config.ProfileEditDialog.showDialog(ProfileEditDialog.java:752) at com.netscape.admin.certsrv.config.CMSPluginInstanceTab.actionPerformed(CMSPluginInstanceTab.java:151) at com.netscape.admin.certsrv.config.ProfileInstanceTab.actionPerformed(ProfileInstanceTab.java:118) at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2012) at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2335) at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:404) at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259) at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:253) at java.awt.Component.processMouseEvent(Component.java:6101) at javax.swing.JComponent.processMouseEvent(JComponent.java:3276) at java.awt.Component.processEvent(Component.java:5866) at java.awt.Container.processEvent(Container.java:2105) at java.awt.Component.dispatchEventImpl(Component.java:4462) at java.awt.Container.dispatchEventImpl(Container.java:2163) at java.awt.Component.dispatchEvent(Component.java:4288) at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4461) at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4125) at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4055) at java.awt.Container.dispatchEventImpl(Container.java:2149) at java.awt.Window.dispatchEventImpl(Window.java:2478) at java.awt.Component.dispatchEvent(Component.java:4288) at java.awt.EventQueue.dispatchEvent(EventQueue.java:604) at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:275) at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:200) at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:190) at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:185) at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:177) at java.awt.EventDispatchThread.run(EventDispatchThread.java:138) ============================================
I did the below -created a user in the directory(uid=wsmith,ou=People,dc=pnq,dc=redhat,dc=com) along with Email(wsmith) -used tpsclient to enroll a token for the user. -And tried to view the just enrolled cert for user(wsmith) in the CA agent pages. <snip of the Extensions field of user wsmith) Non Repudiation Identifier: Subject Alternative Name - 2.5.29.17 Critical: no Value: RFC822Name: $request.mail$ -here should it populate the email for the user from the ldap database?? ============================================== Certificate: Data: Version: v3 Serial Number: 0x2D Signature Algorithm: SHA1withRSA - 1.2.840.113549.1.1.5 Issuer: CN=Certificate Authority,O=PnqRedhat Domain Validity: Not Before: Friday, July 3, 2009 12:42:33 AM IST Asia/Kolkata Not After: Monday, April 25, 2011 7:58:18 PM IST Asia/Kolkata Subject: UID=wsmith,O=Token Key User Subject Public Key Info: Algorithm: RSA - 1.2.840.113549.1.1.1 Public Key: Exponent: 65537 Public Key Modulus: (1024 bits) : BE:71:3F:41:BD:4A:B5:EF:DE:F3:B5:58:AC:A9:7E:A3: E2:4E:4C:C2:75:95:F9:9F:5A:40:B1:DA:6C:C4:AF:F4: 58:08:5F:EB:8D:9C:20:F9:8C:7F:AB:2B:87:37:6F:66: AA:1D:DB:B4:A5:3A:EC:86:F9:76:69:14:A3:CD:7B:D6: 7D:4B:AA:0D:18:38:93:EA:3B:FD:A2:C5:5C:F4:39:F0: 79:15:BB:AF:09:7C:65:64:FD:5D:DE:55:D6:CB:69:7A: C8:DA:9D:DB:36:6A:BB:3F:72:DF:60:81:0C:BC:9A:91: 86:5F:AE:D0:DD:54:0F:57:7F:82:FC:90:CE:6C:0F:59 Extensions: Identifier: Key Usage: - 2.5.29.15 Critical: yes Key Usage: Digital Signature Non Repudiation Identifier: Subject Alternative Name - 2.5.29.17 Critical: no Value: RFC822Name: $request.mail$ Identifier: Subject Key Identifier - 2.5.29.14 Critical: no Key Identifier: 2E:BE:BC:A3:56:4D:C7:32:A3:FA:89:13:28:F0:24:CB: 2E:03:49:EB Identifier: Authority Key Identifier - 2.5.29.35 Critical: no Key Identifier: 1E:B7:62:17:70:03:DD:8C:FA:84:E0:50:BB:00:E3:D6: AC:AE:AE:FB Identifier: Basic Constraints - 2.5.29.19 Critical: no Is CA: no Path Length Constraint: UNLIMITED Signature: Algorithm: SHA1withRSA - 1.2.840.113549.1.1.5 =========================================================== enroll.test uesd with tpsclient ============================================ [root@madrid tpsclient-test]# cat enroll.test op=var_set name=ra_host value=madrid.pnq.redhat.com op=var_set name=ra_port value=7888 op=var_set name=ra_uri value=/nk_service op=token_set cuid=00000000000000000001 msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0 op=token_set auth_key=404142434445464748494a4b4c4d4e4f op=token_set mac_key=404142434445464748494a4b4c4d4e4f op=token_set kek_key=404142434445464748494a4b4c4d4e4f op=ra_enroll uid=wsmith pwd=netscape new_pin=netscape num_threads=1 op=exit ================================
I assume you enabled ldap in the profile? Please attach your profile for me to view.
thanks christina...my fault.tweaking the cfg file appropriately pulled the email attribute from the ldap. Verified. ======== Certificate: Data: Version: v3 Serial Number: 0x2F Signature Algorithm: SHA1withRSA - 1.2.840.113549.1.1.5 Issuer: CN=Certificate Authority,O=PnqRedhat Domain Validity: Not Before: Friday, July 3, 2009 2:14:42 AM IST Asia/Kolkata Not After: Monday, April 25, 2011 7:58:18 PM IST Asia/Kolkata Subject: UID=ncage,O=Token Key User Subject Public Key Info: Algorithm: RSA - 1.2.840.113549.1.1.1 Public Key: Exponent: 65537 Public Key Modulus: (1024 bits) : F2:7E:DE:CB:B6:D8:F2:D0:68:BC:66:12:F7:68:95:84: E3:9B:83:07:4C:32:50:7A:8A:BF:59:06:F4:89:90:6C: D3:0E:04:F2:33:93:30:DD:73:17:39:E6:1F:F8:DC:B6: 83:6B:CB:C2:13:BE:E6:8E:9B:9B:8C:8E:E8:79:3E:5C: 93:F1:AE:9D:32:00:6A:0A:1A:30:27:64:D5:9F:B2:5D: 91:83:3D:48:23:A2:8C:C9:E7:80:AC:F0:2E:D9:06:59: 52:A0:43:53:FC:BF:63:57:4B:FF:98:77:3B:EB:9A:69: 5D:4F:48:1D:45:D2:0E:D1:03:D4:DF:65:DD:28:71:E5 Extensions: Identifier: Key Usage: - 2.5.29.15 Critical: yes Key Usage: Digital Signature Non Repudiation Identifier: Subject Alternative Name - 2.5.29.17 Critical: no Value: RFC822Name: ncage Identifier: Subject Key Identifier - 2.5.29.14 Critical: no Key Identifier: 0F:C5:5A:50:24:F8:7F:94:6E:8B:C5:16:92:7B:B8:84: ============================ <snip of caTokenUserEncryptionKeyEnrollment.cfg> policyset.set1.p1.default.params.ldap.enable=true policyset.set1.p1.default.params.ldap.searchName=uid policyset.set1.p1.default.params.ldapStringAttributes=uid,mail policyset.set1.p1.default.params.ldap.basedn=ou=people,dc=pnq,dc=redhat,dc=com policyset.set1.p1.default.params.ldap.maxConns=4 policyset.set1.p1.default.params.ldap.minConns=1 policyset.set1.p1.default.params.ldap.ldapconn.Version=2 policyset.set1.p1.default.params.ldap.ldapconn.host=localhost policyset.set1.p1.default.params.ldap.ldapconn.port=389 policyset.set1.p1.default.params.ldap.ldapconn.secureConn=false policyset.set1.p2.constraint.class_id=noConstraintImpl ===================