Bug 492952 - IE does not provide backwards compatibility in recognizing its enrollment objects
IE does not provide backwards compatibility in recognizing its enrollment obj...
Status: CLOSED ERRATA
Product: Dogtag Certificate System
Classification: Community
Component: HTML Forms (Show other bugs)
1.1
All Linux
high Severity medium
: ---
: ---
Assigned To: Andrew Wnuk
Chandrasekar Kannan
:
Depends On:
Blocks: 443788
  Show dependency treegraph
 
Reported: 2009-03-30 17:10 EDT by Andrew Wnuk
Modified: 2015-01-05 20:16 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-07-22 19:33:59 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
proposed fix (2.33 KB, patch)
2009-03-30 17:23 EDT, Andrew Wnuk
no flags Details | Diff

  None (edit)
Description Andrew Wnuk 2009-03-30 17:10:41 EDT
IE does provide backwards compatibility in recognizing its enrollment objects.
Comment 1 Andrew Wnuk 2009-03-30 17:23:29 EDT
Created attachment 337246 [details]
proposed fix
Comment 3 Matthew Harmsen 2009-03-30 17:27:27 EDT
attachment (id=337246) +mharmsen
Comment 5 Andrew Wnuk 2009-03-30 17:53:37 EDT
svn commit pki/dogtag/ca-ui/dogtag-pki-ca-ui.spec
Sending        pki/dogtag/ca-ui/dogtag-pki-ca-ui.spec
Transmitting file data .
Committed revision 352.

svn commit pki/dogtag/ca-ui/shared/webapps/ca/ee/ca/ProfileSelect.template
Sending        pki/dogtag/ca-ui/shared/webapps/ca/ee/ca/ProfileSelect.template
Transmitting file data .
Committed revision 353.
Comment 9 Kashyap Chamarthy 2009-07-04 15:52:39 EDT
XP SP2

IE 7(XP SP2)

Base Cryptographic Provider v1.0(1024) -OK(successfully imported cert into IE)
Base Cryptographic Provider v1.0(2048) - Fails to submit the request with Error -80090009
            - CA debug log says "java.lang.NullPointerException


Strong Cryptographic Provider(1024) -OK (successfully imported cert into IE)
Strong Cryptographic Provider(2048) -OK (successfully imported cert into IE)


--------------------------------------------------
IE 8(XP SP2)

Base Cryptographic Provider v1.0(1024) - OK (successfully imported cert into IE)
Base Cryptographic Provider v1.0(2048) - Fails with Error -80090009
            - CA debug log says "java.lang.NullPointerException


Strong Cryptographic Provider(1024) - OK(successfully imported cert into IE)
Strong Cryptographic Provider(2048) - OK(successfully imported cert into IE)

------------------
Re-opening since it failed with 2048(Strong Cryptographic Provider)
Comment 10 Kashyap Chamarthy 2009-07-04 15:54:35 EDT
for ie7-2048 key, MS Base Crypto 1.0

Error-80090009

pki-ca debug log when tried with Base Cryptographic Provider v1.0(2048)
-----------------------------------------------------------------------
[root@el3pki pki-ca]# tail -f /var/log/pki-ca/debug 
[04/Jul/2009:23:37:11][http-9444-Processor23]: DirAclAuthz: authorization passed
[04/Jul/2009:23:37:11][http-9444-Processor23]: SignedAuditEventFactory: create() message=[AuditEvent=AUTHZ_SUCCESS][SubjectID=$Unidentified$][Outcome=Success][aclResource=certServer.ee.profile][Op=read] authorization success

[04/Jul/2009:23:37:11][http-9444-Processor23]: SignedAuditEventFactory: create() message=[AuditEvent=ROLE_ASSUME][SubjectID=$Unidentified$][Outcome=Success][Role=<null>] assume privileged role

[04/Jul/2009:23:37:11][http-9444-Processor23]: ProfileSelectServlet: SubId=profile
[04/Jul/2009:23:37:11][http-9444-Processor23]: ProfileSelectServlet: profileId=caUserCert
[04/Jul/2009:23:37:11][http-9444-Processor23]: Property policyset.userCertSet.2.constraint.params.notBeforeGracePeriod missing value
[04/Jul/2009:23:37:11][http-9444-Processor23]: ProfileSelectServlet: keyArchivalEnabled is true
[04/Jul/2009:23:37:11][http-9444-Processor23]: CMSServlet: curDate=Sat Jul 04 23:37:11 IST 2009 id=caProfileSelect time=23
[04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet:service() uri = /ca/ee/ca/profileSubmit
[04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='cert_request' value=''
[04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='sn_e' value='wuser3@test.com'
[04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='cert_request_type' value='pkcs10'
[04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='sn_ou' value=''
[04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='requestor_phone' value=''
[04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='sn_c' value=''
[04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='sn_cn' value='wuser3'
[04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='sn_ou3' value=''
[04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='sn_ou2' value=''
[04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='sn_ou1' value=''
[04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='requestor_name' value=''
[04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='sn_uid' value='wuser3'
[04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='Send' value='Submit'
[04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='profileId' value='caUserCert'
[04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='requestor_email' value=''
[04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='keyLength' value='2048'
[04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='cryptprovider' value='1'
[04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='renewal' value='false'
[04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='sn_o' value=''
[04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='xmlOutput' value='false'
[04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet: caProfileSubmit start to service.
[04/Jul/2009:23:37:57][http-9444-Processor23]: xmlOutput false
[04/Jul/2009:23:37:57][http-9444-Processor23]: Start of ProfileSubmitServlet Input Parameters
[04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter cert_request=''
[04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter sn_e='wuser3@test.com'
[04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter cert_request_type='pkcs10'
[04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter sn_ou=''
[04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter requestor_phone=''
[04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter sn_c=''
[04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter sn_cn='wuser3'
[04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter sn_ou3=''
[04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter sn_ou2=''
[04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter sn_ou1=''
[04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter requestor_name=''
[04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter sn_uid='wuser3'
[04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter Send='Submit'
[04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter profileId='caUserCert'
[04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter requestor_email=''
[04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter keyLength='2048'
[04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter cryptprovider='1'
[04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter renewal='false'
[04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter sn_o=''
[04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter xmlOutput='false'
[04/Jul/2009:23:37:57][http-9444-Processor23]: End of ProfileSubmitServlet Input Parameters
[04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet: start serving
[04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet: SubId=profile
[04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet: isRenewal false
[04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet: profileId caUserCert
[04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet: authenticator not found
[04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmistServlet: set Inputs into profile Context
[04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet: set sslClientCertProvider
[04/Jul/2009:23:37:57][http-9444-Processor23]: xx Start parsePKCS10 
[04/Jul/2009:23:37:57][http-9444-Processor23]: EnrollProfile: parsePKCS10: signature verification enabled
[04/Jul/2009:23:37:57][http-9444-Processor23]: EnrollProfile: parsePKCS10 setting thread token
[04/Jul/2009:23:37:57][http-9444-Processor23]: EnrollProfile: parsePKCS10 java.lang.NullPointerException
[04/Jul/2009:23:37:57][http-9444-Processor23]: EnrollProfile: parsePKCS10 restoring thread token
Invalid Request
        at com.netscape.cms.profile.common.EnrollProfile.parsePKCS10(EnrollProfile.java:913)
        at com.netscape.cms.profile.common.EnrollProfile.createRequests(EnrollProfile.java:102)
        at com.netscape.cms.servlet.profile.ProfileSubmitServlet.process(ProfileSubmitServlet.java:995)
        at com.netscape.cms.servlet.base.CMSServlet.service(CMSServlet.java:500)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at com.netscape.cms.servlet.filter.EERequestFilter.doFilter(EERequestFilter.java:124)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
        at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:542)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
        at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
        at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
        at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
        at java.lang.Thread.run(Thread.java:636)
[04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet: createRequests Invalid Request
[04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet: curDate=Sat Jul 04 23:37:57 IST 2009 id=caProfileSubmit time=3
------------------------------------------------------
Comment 11 Chandrasekar Kannan 2009-07-04 19:58:36 EDT
high for investigation ..
Comment 21 Chandrasekar Kannan 2009-07-11 02:52:04 EDT
Requesting 2048 RSA key with 'Base Cryptographic Provider v1.0'
using caUserCert profile pops error message box
 "The error '80090009' occurred.
  Your credentials could not generated."

I see this the 1st time. If the re-use the same page to do another time, 
I see a invalid submission to the CA. Tested on windows 2003 / IE7

Note You need to log in before you can comment on or make changes to this bug.