Hello Ralf, welcome to OpenXPKI - nice to hear you like it.
I guess you get a 500 server error back? At least I do - in that case you find the error message in the apache error log. The short story: Certificate.dn returns a hash but you need a string, use "Certificate.dn(context.cert_identifier,'CN')" to get the common name back. In the end it should not crash but - congrats - you found a bug ;) The root cause explained: * Certificate.dn returns a hash * The "_map..:[% .. %]" notation internally calls a template parser that returns a string * Perl converts the hash into a string "HASH(0x1234)" * The server has not problem in sending that to the client - so all is fine Why this causes a problem took me while to find out...when returning the data back to the user, we analyse if a value is a serialized array/hash and our old serialization protocol used "HASH" as a marker. So what happens here is that the serializer thinks this is a hash encoded in the legacy format and crashed on deserializing it as the used filter was sloppy. Oliver Am 18.10.2018 um 07:01 schrieb [email protected]: > Hi, > > I am just starting evaluating openxpki for a project. > > I am using openxpki on Debian Jessie using the packages and am > strugglinc with the PEM download. I read the conversation between > Andreas Krieger and Oliver Welter. Apparently Andreas got it to work by > modifying the template plugin Template/Plugin/Certificate.pm > > To get a feeling for the process, I tried to first include the dn in the > output of the rpc SearchCertificate. I just started modifying the > rpc/default.conf file and including dn in the output of the > SearchCertificate, since dn is already mentioned in > the template plugin: > > [SearchCertificate] > workflow = certificate_search > param = common_name > output = cert_identifier, notbefore, notafter, status, dn > > I also changed config.d/realm/ca-one/workflow/def/certificate_search.yaml > > get_certificate_data: > class: OpenXPKI::Server::Workflow::Activity::Tools::SetContext > param: > _map_notbefore: "[% USE Certificate %][% > Certificate.notbefore(context.cert_identifier) %]" > _map_notafter: "[% USE Certificate %][% > Certificate.notafter(context.cert_identifier) %]" > _map_status: "[% USE Certificate %][% > Certificate.status(context.cert_identifier) %]" > _map_dn: "[% USE Certificate %][% > Certificate.dn(context.cert_identifier) %]" > > > While I got the following output without these changes: > $ curl --data "method=SearchCertificate" --data "common_name=test" > http://localhost:8080/rpc > {"result":{"data":{"notbefore":"2018-10-17T16:35:46","notafter":"2019-04-17T16:35:46","cert_identifier":"rbaixzzFogGSt9WIR68A8gzbAXM","status":"ISSUED"},"state":"SUCCESS","id":0,"pid":1170}}3 > > unfortunately I now get nothing and the logfiles do show the processing: > ==> /var/log/openxpki/rpc.log <== > 2018/10/18 04:58:43 DEBUG:757 Config for service rpc loaded > 2018/10/18 04:58:43 INFO:757 RPC handler initialized > 2018/10/18 04:58:43 DEBUG:757 Autodetect config file for service rpc: .conf > 2018/10/18 04:58:43 DEBUG:757 No config file found, falling back to default > 2018/10/18 04:58:43 DEBUG:757 RPC unauthenticated (plain http) > 2018/10/18 04:58:43 DEBUG:757 Initialize client > 2018/10/18 04:58:43 DEBUG:757 Started volatile session with id: > tNRIg98WTDCi11ITTK8SAw== > 2018/10/18 04:58:43 DEBUG:757 Selecting auth stack _System > 2018/10/18 04:58:44 DEBUG:757 Workflow created (ID: 0), State: SUCCESS > 2018/10/18 04:58:44 INFO:757 RPC request was processed properly > (Workflow: 0, State: SUCCESS > 2018/10/18 04:58:44 DEBUG:757 Keys cert_identifier, notbefore, notafter, > status, dn > > ==> /var/log/openxpki/workflows.log <== > 2018/10/18 04:58:43 0 Execute action certsearch_initialize on workflow #0 > 2018/10/18 04:58:44 0 Execute action certsearch_pop_identifier on > workflow #0 > 2018/10/18 04:58:44 0 Execute action certsearch_get_certificate_data on > workflow #0 > > > > Is anything else required to modify the workflow? > > Kind regards, > > Ralf > -- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
