+++ This bug was initially created as a clone of Bug #986901 +++ Description of problem: pkispawn crashes with NullPointerException if run with the following configuration file: [CA] pki_security_domain_name = IPA pki_enable_proxy = True pki_restart_configured_instance = False pki_backup_keys = True pki_backup_password = XXXXXXXX pki_client_database_dir = /tmp/tmp-8r1i5O pki_client_database_password = XXXXXXXX pki_client_database_purge = False pki_client_pkcs12_password = XXXXXXXX pki_admin_name = admin pki_admin_uid = admin pki_admin_email = root@localhost pki_admin_password = XXXXXXXX pki_admin_nickname = ipa-ca-agent pki_admin_subject_dn = cn=ipa-ca-agent,O=EXAMPLE.COM pki_client_admin_cert_p12 = /root/ca-agent.p12 pki_ds_ldap_port = 389 pki_ds_password = XXXXXXXX pki_ds_base_dn = o=ipaca pki_ds_database = ipaca pki_subsystem_subject_dn = cn=CA Subsystem,O=EXAMPLE.COM pki_ocsp_signing_subject_dn = cn=OCSP Subsystem,O=EXAMPLE.COM pki_ssl_server_subject_dn = cn=ipa.example.com,O=EXAMPLE.COM pki_audit_signing_subject_dn = cn=CA Audit,O=EXAMPLE.COM pki_ca_signing_subject_dn = cn=Certificate Authority,O=EXAMPLE.COM pki_subsystem_nickname = subsystemCert cert-pki-ca pki_ocsp_signing_nickname = ocspSigningCert cert-pki-ca pki_ssl_server_nickname = Server-Cert cert-pki-ca pki_audit_signing_nickname = auditSigningCert cert-pki-ca pki_ca_signing_nickname = caSigningCert cert-pki-ca pki_external = True pki_external_csr_path = /root/ipa.csr Version-Release number of selected component (if applicable): pki-server-10.0.3-1.fc19 How reproducible: Always Steps to Reproduce: 1. Run pkispawn with the above configuration file. Actual results: pkispawn crashes with NullPointerException. stack trace: com.netscape.cms.servlet.csadmin.ConfigurationUtils.getPortFromSecurityDomain(ConfigurationUtils.java:2446) com.netscape.cms.servlet.csadmin.SystemConfigService.configure(SystemConfigService.java:419) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) java.lang.reflect.Method.invoke(Method.java:601) org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:155) org.jboss.resteasy.core.ResourceMethod.invokeOnTarget(ResourceMethod.java:257) org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:222) org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:211) org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:525) org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:502) org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:119) org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:208) org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55) org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:50) javax.servlet.http.HttpServlet.service(HttpServlet.java:728) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) java.lang.reflect.Method.invoke(Method.java:601) org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:277) org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:274) java.security.AccessController.doPrivileged(Native Method) javax.security.auth.Subject.doAsPrivileged(Subject.java:536) org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:309) org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:169) org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:299) org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:57) org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:193) org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189) java.security.AccessController.doPrivileged(Native Method) org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222) org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99) org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1008) org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589) org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310) java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) java.lang.Thread.run(Thread.java:722) Expected results: pkispawn successfuly sets up a certificate server instance. Additional info: This bug is triggered by ipa-server-install with --external-ca, see https://fedorahosted.org/freeipa/ticket/3773 --- Additional comment from Martin Kosek on 2013-07-22 09:25:11 EDT --- Raising severity of the bug. FreeIPA external CA cannot be used with this bug effective, there is no known workaround. --- Additional comment from Endi Sukma Dewata on 2013-07-23 17:09:11 EDT --- The pki_issuing_ca parameter was not set properly by the deployment tool. Fixed in master: * 23ce40f255de2abe3347924b3fd9e0eb2a539551 Fixed in 10.0 branch: * 2c0ef5747ea1d9adbe11bcd9e102ab34b0c5414d --- Additional comment from Jan Cholasta on 2013-07-24 05:58:41 EDT --- This fixes the issue in ipa-server-install, thanks. --- Additional comment from Martin Kosek on 2013-07-25 10:47:18 EDT --- Cloning the bug also for Fedora 18 - I just reproduce the issue there too.
This message is a reminder that Fedora 18 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 18. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '18'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 18's end of life. Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 18 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior to Fedora 18's end of life. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Fedora 18 changed to end-of-life (EOL) status on 2014-01-14. Fedora 18 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.