Description of problem: Seen in IPA where you can request specific certificates based only on serial number: $ ipa cert-get 99 ipa: ERROR: Certificate operation cannot be completed: EXCEPTION (LDAP operation failure - cn=99,ou=certificateRepository, ou=ca, o=ipaca netscape.ldap.LDAPException: error result (32); matchedDN = ou=certificaterepository,ou=ca,o=ipaca) This LDAP exception should be mapped to a dogtag-specific error message indicating unknown serial number. Version-Release number of selected component (if applicable): pki-ca-1.3.0-6.fc12.noarch
*** Bug 553121 has been marked as a duplicate of this bug. ***
Created attachment 409320 [details] proposed fix
attachment (id=409320) +mharmsen REMINDER: fix spec file + include new file
svn add pki/base/common/src/com/netscape/certsrv/dbs/EDBRecordNotFoundException.java A pki/base/common/src/com/netscape/certsrv/dbs/EDBRecordNotFoundException.java svn commit pki/base/common/src/com/netscape/certsrv/dbs/EDBRecordNotFoundException.java Adding pki/base/common/src/com/netscape/certsrv/dbs/EDBRecordNotFoundException.java Transmitting file data . Committed revision 1084. svn commit pki/dogtag/common/pki-common.spec Sending pki/dogtag/common/pki-common.spec Transmitting file data . Committed revision 1085. svn commit pki/base/common/src/com/netscape/cmscore/dbs/DBSSession.java Sending pki/base/common/src/com/netscape/cmscore/dbs/DBSSession.java Transmitting file data . Committed revision 1086. svn commit pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java Sending pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java Transmitting file data . Committed revision 1087. svn commit pki/base/common/src/LogMessages_en.properties Sending pki/base/common/src/LogMessages_en.properties Transmitting file data . Committed revision 1088. svn commit pki/base/common/src/UserMessages_en.properties Sending pki/base/common/src/UserMessages_en.properties Transmitting file data . Committed revision 1089.
*** Bug 489380 has been marked as a duplicate of this bug. ***
Tested this by sending agent and ee interface requests with a non-existing serial number. Example: Agent interface: https://<host-name>:9443/ca/agent/ca/displayBySerial?op=displayBySerial&serialNumber=0xFFDDEE EE interface: http://<host-name>:9180/ca/ee/ca/displayBySerial?op=displayBySerial&serialNumber=0xFFDDEE Server responds with a valid error message "Certificate serial number 0xffddee not found". Marking the bug verified.