[Pki-devel] [PATCH] 816 Added exception wrapper for invalid LDAP attribute syntax.
The LDAPExceptionConverter has been modified to wrap LDAPException
for invalid attribute syntax with BadRequestException.
https://fedorahosted.org/pki/ticket/833
Pushed to master (10.4) under one-liner/trivial rule.
--
Endi S. Dewata
>From 41de99bf80d3e9689e0ceb1baf4a2b701ea77168 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Fri, 12 Aug 2016 23:06:24 +0200
Subject: [PATCH] Added exception wrapper for invalid LDAP attribute syntax.
The LDAPExceptionConverter has been modified to wrap LDAPException
for invalid attribute syntax with BadRequestException.
https://fedorahosted.org/pki/ticket/833
---
.../src/com/netscape/certsrv/ldap/LDAPExceptionConverter.java | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/base/common/src/com/netscape/certsrv/ldap/LDAPExceptionConverter.java b/base/common/src/com/netscape/certsrv/ldap/LDAPExceptionConverter.java
index 88b126351d54551b3481ee6f9742db033aa29557..51a1109f2b3790841e24ba853be34aceb90f4bee 100644
--- a/base/common/src/com/netscape/certsrv/ldap/LDAPExceptionConverter.java
+++ b/base/common/src/com/netscape/certsrv/ldap/LDAPExceptionConverter.java
@@ -17,13 +17,13 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.certsrv.ldap;
-import netscape.ldap.LDAPException;
-
import com.netscape.certsrv.base.BadRequestException;
import com.netscape.certsrv.base.ConflictingOperationException;
import com.netscape.certsrv.base.PKIException;
import com.netscape.certsrv.base.ResourceNotFoundException;
+import netscape.ldap.LDAPException;
+
/**
* @author Endi S. Dewata
*/
@@ -39,6 +39,8 @@ public class LDAPExceptionConverter {
return new ResourceNotFoundException("No such attribute.", e);
case LDAPException.INVALID_DN_SYNTAX:
return new BadRequestException("Invalid DN syntax.", e);
+case LDAPException.INVALID_ATTRIBUTE_SYNTAX:
+return new BadRequestException("Invalid attribute syntax.", e);
case LDAPException.ENTRY_ALREADY_EXISTS:
return new ConflictingOperationException("Entry already exists.", e);
default:
--
2.5.5
___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
[Pki-devel] Updated External EPEL CentOS 7 COPR builds are now available . . .
An updated external EPEL CentOS 7 COPR repo is now available which contains the latest Dogtag 10.3.3-5, tomcatjss, and jss builds: * https://copr.fedorainfracloud.org/coprs/g/pki/10.3.3/repo/epel-7/group_pki-10.3.3-epel-7.repo [group_pki-10.3.3] name=Copr repo for 10.3.3 owned by @pki baseurl=https://copr-be.cloud.fedoraproject.org/results/@pki/10.3.3/epel-7-$basearch/ skip_if_unavailable=True gpgcheck=1 gpgkey=https://copr-be.cloud.fedoraproject.org/results/@pki/10.3.3/pubkey.gpg enabled=1 enabled_metadata=1 -- Matt ___ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel
[Pki-devel] [PATCH] 815 Added cert validation error message in selftest log.
To help troubleshooting the selftest log has been modified to
include the cert validation error message returned by JSS.
https://fedorahosted.org/pki/ticket/2436
Pushed to master (10.4) under one-liner/trivial rule.
--
Endi S. Dewata
>From 0fd31368d871c513c9833ca02bc08d15a48d6aa5 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Fri, 12 Aug 2016 04:42:25 +0200
Subject: [PATCH] Added cert validation error message in selftest log.
To help troubleshooting the selftest log has been modified to
include the cert validation error message returned by JSS.
https://fedorahosted.org/pki/ticket/2436
---
.../src/com/netscape/cms/selftests/common/SystemCertsVerification.java | 2 +-
base/server/cmsbundle/src/LogMessages.properties| 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java b/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java
index e4fc1cbe2554180762dbdd331ab08de2cf9052bb..cc52f832b1e00c9419290b8cd10efb3c5529d26c 100644
--- a/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java
+++ b/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java
@@ -200,7 +200,7 @@ public class SystemCertsVerification
} catch (Exception e) {
String logMessage = CMS.getLogMessage(
"SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_FAILURE",
-getSelfTestName());
+getSelfTestName(), e.getMessage());
mSelfTestSubsystem.log(logger, logMessage);
throw e;
}
diff --git a/base/server/cmsbundle/src/LogMessages.properties b/base/server/cmsbundle/src/LogMessages.properties
index 12c580a7d2a268b89f813c21ec218a0064db6869..0bcbcc543107376ae008c7a311b9f3c7b25c3361 100644
--- a/base/server/cmsbundle/src/LogMessages.properties
+++ b/base/server/cmsbundle/src/LogMessages.properties
@@ -2766,7 +2766,7 @@ SELFTESTS_PARAMETER_WAS_NULL={0}: a self test parameter was null
SELFTESTS_MISSING_NAME={0}: the self test property name {1} does not exist
SELFTESTS_MISSING_VALUES={0}: the self test property name {1} contained no value(s)
SELFTESTS_INVALID_VALUES={0}: the self test property name {1} contained invalid value(s)
-SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_FAILURE={0}: system certs verification failure
+SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_FAILURE={0}: system certs verification failure: {1}
SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_SUCCESS={0}: system certs verification success
SELFTESTS_CA_IS_NOT_PRESENT={0}: CA is NOT present
SELFTESTS_CA_IS_NOT_INITIALIZED={0}: CA is NOT yet initialized
--
2.5.5
___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
Re: [Pki-devel] [PATCH] To fix 1358462 - pki pkcs12-cert-del shows a successfully deleted message when a wrong nickname is provided
Hello Endi ,
Here is the fix with test cases that i tested.
Thanks
Geetika
On 08/12/2016 08:50 AM, Geetika Kapoor wrote:
> Yes Endi your right .. Fix should be more generic .. I will fix it in core
> method and will send for review.
>
> Thanks
> Geetika
> - Original Message -
> From: Endi Sukma Dewata
> To: Geetika Kapoor , pki-devel@redhat.com
> Sent: Thu, 11 Aug 2016 21:25:03 -0400 (EDT)
> Subject: Re: [Pki-devel] [PATCH] To fix 1358462 - pki pkcs12-cert-del shows a
> successfully deleted message when a wrong nickname is provided
>
> On 8/11/2016 4:56 AM, Geetika Kapoor wrote:
>> Hi,
>>
>> This patch fix BZ 1358462 - pki pkcs12-cert-del shows a successfully
>> deleted message when a wrong nickname is provided.
>> If we provide wrong cert nickname it gives "Certificate Nickname
>> subsystemCert cert-topology-02-CA doesn't exist" and also if cert
>> nickname doesn't exist it won't share the number of entries present.
>> If cert nickname match then only it shows how many entries exist.
>>
>> Thanks
>> Geetika
> Hi Geetika,
>
> Similar to what I mentioned to Abhijeet, I added your patch to this
> ticket to make sure it's not forgotten:
> https://fedorahosted.org/pki/ticket/2414
>
> I looked at the patch briefly, I think instead of fixing it in
> PKCS12CertRemoveCLI, it probably should be fixed in the
> PKCS12.removeCertInfoByNickname(). Basically if the cert to be deleted
> doesn't exist the method should throw an exception. The CLI then should
> catch the exception and display the error. This way the error checking
> will be done consistently regardless who calls the method.
>
> If you're going to revise the patch please attach it to this ticket.
>
> Thanks.
>
>From 09fc6e6feb86c104469724ec5a4c0da80904651e Mon Sep 17 00:00:00 2001
From: Geetika Kapoor
Date: Fri, 12 Aug 2016 05:35:58 -0400
Subject: [PATCH] Fix for BZ 1358462
Signed-off-by: Geetika Kapoor
---
base/util/src/netscape/security/pkcs/PKCS12.java | 14 ++
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/base/util/src/netscape/security/pkcs/PKCS12.java b/base/util/src/netscape/security/pkcs/PKCS12.java
index 6c7880aa8039e3f568285fe55adc0adb15ebeb22..c8699a3015bbb982d0e235b9d50f5cded63a41d0 100644
--- a/base/util/src/netscape/security/pkcs/PKCS12.java
+++ b/base/util/src/netscape/security/pkcs/PKCS12.java
@@ -196,10 +196,16 @@ public class PKCS12 {
Collection result = getCertInfosByNickname(nickname);
-for (PKCS12CertInfo certInfo : result) {
-// remove cert and key
-certInfosByID.remove(certInfo.getID());
-keyInfosByID.remove(certInfo.getID());
+if (!result.isEmpty()){
+for (PKCS12CertInfo certInfo : result) {
+// remove cert and key
+ certInfosByID.remove(certInfo.getID());
+ keyInfosByID.remove(certInfo.getID());
+}
+ }
+else{
+System.out.println("Warning : Certificate Nickname" + " " + nickname + " " + "doesn't exist");
+System.exit(-1);
}
}
}
--
1.8.3.1
Test cases:
--
1. Find the certs.
[root@pki1 ~]# pki pkcs12-cert-find --pkcs12-file /tmp/test_BZ/ca.p12
--pkcs12-password-file /tmp/test_BZ/password.txt
---
5 entries found
---
Certificate ID: 8f10550112e84d196c20368492579914900732bc
Serial Number: 0x2
Nickname: ocspSigningCert cert-topology-02-CA CA
Subject DN: CN=CA OCSP Signing Certificate,O=topology-02_Foobarmaster.org
Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org
Trust Flags: u,u,u
Has Key: true
Certificate ID: 3bb6074fa6efe3d0b0e785b0366ccaacc4ca75c8
Serial Number: 0x1
Nickname: caSigningCert cert-topology-02-CA CA
Subject DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org
Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org
Trust Flags: CTu,Cu,Cu
Has Key: true
Certificate ID: 1f32ec27dbb05aa0a305011d0114513b7fd17c6b
Serial Number: 0x4
Nickname: subsystemCert cert-topology-02-CA
Subject DN: CN=Subsystem Certificate,O=topology-02_Foobarmaster.org
Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org
Trust Flags: u,u,u
Has Key: true
Certificate ID: 9bf832618b627f34ba17ed2664f5b50e4e0c9e7a
Serial Number: 0x3
Nickname: Server-Cert cert-topology-02-CA
Subject DN: CN=pki1.example.com,O=topology-02_Foobarmaster.org
Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org
Trust Flags: u,u,u
Has Key: true
Certificate ID: 2d0929b8e6e827b1f7fdf37f915b5a5b0662d42b
Serial Number: 0x5
Nickname: auditSigningCert cert-topology-02-CA CA
Subject DN: CN=CA Audit Signing Certificate,O=topology-02_Foobarmaster.org
Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org
Trust Flags: u,u,Pu
Has Key: true
2. Try to remove a cert which doesn't exist.
[root@pki1 ~]# pki pkcs12-cert-del "test" --pkcs12-file /tmp/test_BZ/ca.p12
