Bug 986901 - pkispawn NullPointerException
Summary: pkispawn NullPointerException
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: pki-core
Version: 19
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
Assignee: Matthew Harmsen
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 988416
TreeView+ depends on / blocked
 
Reported: 2013-07-22 11:40 UTC by Jan Cholasta
Modified: 2013-07-26 19:23 UTC (History)
7 users (show)

Fixed In Version:
Clone Of:
: 988416 (view as bug list)
Environment:
Last Closed: 2013-07-26 19:23:57 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Jan Cholasta 2013-07-22 11:40:08 UTC 
Description of problem:

pkispawn crashes with NullPointerException if run with the following configuration file:

[CA]
pki_security_domain_name = IPA
pki_enable_proxy = True
pki_restart_configured_instance = False
pki_backup_keys = True
pki_backup_password = XXXXXXXX
pki_client_database_dir = /tmp/tmp-8r1i5O
pki_client_database_password = XXXXXXXX
pki_client_database_purge = False
pki_client_pkcs12_password = XXXXXXXX
pki_admin_name = admin
pki_admin_uid = admin
pki_admin_email = root@localhost
pki_admin_password = XXXXXXXX
pki_admin_nickname = ipa-ca-agent
pki_admin_subject_dn = cn=ipa-ca-agent,O=EXAMPLE.COM
pki_client_admin_cert_p12 = /root/ca-agent.p12
pki_ds_ldap_port = 389
pki_ds_password = XXXXXXXX
pki_ds_base_dn = o=ipaca
pki_ds_database = ipaca
pki_subsystem_subject_dn = cn=CA Subsystem,O=EXAMPLE.COM
pki_ocsp_signing_subject_dn = cn=OCSP Subsystem,O=EXAMPLE.COM
pki_ssl_server_subject_dn = cn=ipa.example.com,O=EXAMPLE.COM
pki_audit_signing_subject_dn = cn=CA Audit,O=EXAMPLE.COM
pki_ca_signing_subject_dn = cn=Certificate Authority,O=EXAMPLE.COM
pki_subsystem_nickname = subsystemCert cert-pki-ca
pki_ocsp_signing_nickname = ocspSigningCert cert-pki-ca
pki_ssl_server_nickname = Server-Cert cert-pki-ca
pki_audit_signing_nickname = auditSigningCert cert-pki-ca
pki_ca_signing_nickname = caSigningCert cert-pki-ca
pki_external = True
pki_external_csr_path = /root/ipa.csr


Version-Release number of selected component (if applicable):

pki-server-10.0.3-1.fc19


How reproducible:

Always


Steps to Reproduce:
1. Run pkispawn with the above configuration file.


Actual results:

pkispawn crashes with NullPointerException.

stack trace:

com.netscape.cms.servlet.csadmin.ConfigurationUtils.getPortFromSecurityDomain(ConfigurationUtils.java:2446)
com.netscape.cms.servlet.csadmin.SystemConfigService.configure(SystemConfigService.java:419)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method.invoke(Method.java:601)
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:155)
org.jboss.resteasy.core.ResourceMethod.invokeOnTarget(ResourceMethod.java:257)
org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:222)
org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:211)
org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:525)
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:502)
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:119)
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:208)
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55)
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:50)
javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method.invoke(Method.java:601)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:277)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:274)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:536)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:309)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:169)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:299)
org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:57)
org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:193)
org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
java.security.AccessController.doPrivileged(Native Method)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1008)
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
java.lang.Thread.run(Thread.java:722)


Expected results:

pkispawn successfuly sets up a certificate server instance.


Additional info:

This bug is triggered by ipa-server-install with --external-ca, see https://fedorahosted.org/freeipa/ticket/3773
Comment 1 Martin Kosek 2013-07-22 13:25:11 UTC 
Raising severity of the bug. FreeIPA external CA cannot be used with this bug effective, there is no known workaround.
Comment 2 Endi Sukma Dewata 2013-07-23 21:09:11 UTC 
The pki_issuing_ca parameter was not set properly by the deployment tool.

Fixed in master:
* 23ce40f255de2abe3347924b3fd9e0eb2a539551

Fixed in 10.0 branch:
* 2c0ef5747ea1d9adbe11bcd9e102ab34b0c5414d
Comment 3 Jan Cholasta 2013-07-24 09:58:41 UTC 
This fixes the issue in ipa-server-install, thanks.
Comment 4 Martin Kosek 2013-07-25 14:47:18 UTC 
Cloning the bug also for Fedora 18 - I just reproduce the issue there too.
Comment 5 Martin Kosek 2013-07-26 10:55:28 UTC 
I see this bug is still in MODIFIED even though it seems to be fixed by pki-ca-10.0.4-1.fc19.noarch...
Note You need to log in before you can comment on or make changes to this bug.