[Pki-devel] [PATCH] 816 Added exception wrapper for invalid LDAP attribute syntax.
The LDAPExceptionConverter has been modified to wrap LDAPException for invalid attribute syntax with BadRequestException. https://fedorahosted.org/pki/ticket/833 Pushed to master (10.4) under one-liner/trivial rule. -- Endi S. Dewata >From 41de99bf80d3e9689e0ceb1baf4a2b701ea77168 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Fri, 12 Aug 2016 23:06:24 +0200 Subject: [PATCH] Added exception wrapper for invalid LDAP attribute syntax. The LDAPExceptionConverter has been modified to wrap LDAPException for invalid attribute syntax with BadRequestException. https://fedorahosted.org/pki/ticket/833 --- .../src/com/netscape/certsrv/ldap/LDAPExceptionConverter.java | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/base/common/src/com/netscape/certsrv/ldap/LDAPExceptionConverter.java b/base/common/src/com/netscape/certsrv/ldap/LDAPExceptionConverter.java index 88b126351d54551b3481ee6f9742db033aa29557..51a1109f2b3790841e24ba853be34aceb90f4bee 100644 --- a/base/common/src/com/netscape/certsrv/ldap/LDAPExceptionConverter.java +++ b/base/common/src/com/netscape/certsrv/ldap/LDAPExceptionConverter.java @@ -17,13 +17,13 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.ldap; -import netscape.ldap.LDAPException; - import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.ConflictingOperationException; import com.netscape.certsrv.base.PKIException; import com.netscape.certsrv.base.ResourceNotFoundException; +import netscape.ldap.LDAPException; + /** * @author Endi S. Dewata */ @@ -39,6 +39,8 @@ public class LDAPExceptionConverter { return new ResourceNotFoundException("No such attribute.", e); case LDAPException.INVALID_DN_SYNTAX: return new BadRequestException("Invalid DN syntax.", e); +case LDAPException.INVALID_ATTRIBUTE_SYNTAX: +return new BadRequestException("Invalid attribute syntax.", e); case LDAPException.ENTRY_ALREADY_EXISTS: return new ConflictingOperationException("Entry already exists.", e); default: -- 2.5.5 ___ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel
[Pki-devel] Updated External EPEL CentOS 7 COPR builds are now available . . .
An updated external EPEL CentOS 7 COPR repo is now available which contains the latest Dogtag 10.3.3-5, tomcatjss, and jss builds: * https://copr.fedorainfracloud.org/coprs/g/pki/10.3.3/repo/epel-7/group_pki-10.3.3-epel-7.repo [group_pki-10.3.3] name=Copr repo for 10.3.3 owned by @pki baseurl=https://copr-be.cloud.fedoraproject.org/results/@pki/10.3.3/epel-7-$basearch/ skip_if_unavailable=True gpgcheck=1 gpgkey=https://copr-be.cloud.fedoraproject.org/results/@pki/10.3.3/pubkey.gpg enabled=1 enabled_metadata=1 -- Matt ___ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel
[Pki-devel] [PATCH] 815 Added cert validation error message in selftest log.
To help troubleshooting the selftest log has been modified to include the cert validation error message returned by JSS. https://fedorahosted.org/pki/ticket/2436 Pushed to master (10.4) under one-liner/trivial rule. -- Endi S. Dewata >From 0fd31368d871c513c9833ca02bc08d15a48d6aa5 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Fri, 12 Aug 2016 04:42:25 +0200 Subject: [PATCH] Added cert validation error message in selftest log. To help troubleshooting the selftest log has been modified to include the cert validation error message returned by JSS. https://fedorahosted.org/pki/ticket/2436 --- .../src/com/netscape/cms/selftests/common/SystemCertsVerification.java | 2 +- base/server/cmsbundle/src/LogMessages.properties| 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java b/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java index e4fc1cbe2554180762dbdd331ab08de2cf9052bb..cc52f832b1e00c9419290b8cd10efb3c5529d26c 100644 --- a/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java +++ b/base/server/cms/src/com/netscape/cms/selftests/common/SystemCertsVerification.java @@ -200,7 +200,7 @@ public class SystemCertsVerification } catch (Exception e) { String logMessage = CMS.getLogMessage( "SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_FAILURE", -getSelfTestName()); +getSelfTestName(), e.getMessage()); mSelfTestSubsystem.log(logger, logMessage); throw e; } diff --git a/base/server/cmsbundle/src/LogMessages.properties b/base/server/cmsbundle/src/LogMessages.properties index 12c580a7d2a268b89f813c21ec218a0064db6869..0bcbcc543107376ae008c7a311b9f3c7b25c3361 100644 --- a/base/server/cmsbundle/src/LogMessages.properties +++ b/base/server/cmsbundle/src/LogMessages.properties @@ -2766,7 +2766,7 @@ SELFTESTS_PARAMETER_WAS_NULL={0}: a self test parameter was null SELFTESTS_MISSING_NAME={0}: the self test property name {1} does not exist SELFTESTS_MISSING_VALUES={0}: the self test property name {1} contained no value(s) SELFTESTS_INVALID_VALUES={0}: the self test property name {1} contained invalid value(s) -SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_FAILURE={0}: system certs verification failure +SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_FAILURE={0}: system certs verification failure: {1} SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_SUCCESS={0}: system certs verification success SELFTESTS_CA_IS_NOT_PRESENT={0}: CA is NOT present SELFTESTS_CA_IS_NOT_INITIALIZED={0}: CA is NOT yet initialized -- 2.5.5 ___ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel
Re: [Pki-devel] [PATCH] To fix 1358462 - pki pkcs12-cert-del shows a successfully deleted message when a wrong nickname is provided
Hello Endi , Here is the fix with test cases that i tested. Thanks Geetika On 08/12/2016 08:50 AM, Geetika Kapoor wrote: > Yes Endi your right .. Fix should be more generic .. I will fix it in core > method and will send for review. > > Thanks > Geetika > - Original Message - > From: Endi Sukma Dewata > To: Geetika Kapoor , pki-devel@redhat.com > Sent: Thu, 11 Aug 2016 21:25:03 -0400 (EDT) > Subject: Re: [Pki-devel] [PATCH] To fix 1358462 - pki pkcs12-cert-del shows a > successfully deleted message when a wrong nickname is provided > > On 8/11/2016 4:56 AM, Geetika Kapoor wrote: >> Hi, >> >> This patch fix BZ 1358462 - pki pkcs12-cert-del shows a successfully >> deleted message when a wrong nickname is provided. >> If we provide wrong cert nickname it gives "Certificate Nickname >> subsystemCert cert-topology-02-CA doesn't exist" and also if cert >> nickname doesn't exist it won't share the number of entries present. >> If cert nickname match then only it shows how many entries exist. >> >> Thanks >> Geetika > Hi Geetika, > > Similar to what I mentioned to Abhijeet, I added your patch to this > ticket to make sure it's not forgotten: > https://fedorahosted.org/pki/ticket/2414 > > I looked at the patch briefly, I think instead of fixing it in > PKCS12CertRemoveCLI, it probably should be fixed in the > PKCS12.removeCertInfoByNickname(). Basically if the cert to be deleted > doesn't exist the method should throw an exception. The CLI then should > catch the exception and display the error. This way the error checking > will be done consistently regardless who calls the method. > > If you're going to revise the patch please attach it to this ticket. > > Thanks. > >From 09fc6e6feb86c104469724ec5a4c0da80904651e Mon Sep 17 00:00:00 2001 From: Geetika Kapoor Date: Fri, 12 Aug 2016 05:35:58 -0400 Subject: [PATCH] Fix for BZ 1358462 Signed-off-by: Geetika Kapoor --- base/util/src/netscape/security/pkcs/PKCS12.java | 14 ++ 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/base/util/src/netscape/security/pkcs/PKCS12.java b/base/util/src/netscape/security/pkcs/PKCS12.java index 6c7880aa8039e3f568285fe55adc0adb15ebeb22..c8699a3015bbb982d0e235b9d50f5cded63a41d0 100644 --- a/base/util/src/netscape/security/pkcs/PKCS12.java +++ b/base/util/src/netscape/security/pkcs/PKCS12.java @@ -196,10 +196,16 @@ public class PKCS12 { Collection result = getCertInfosByNickname(nickname); -for (PKCS12CertInfo certInfo : result) { -// remove cert and key -certInfosByID.remove(certInfo.getID()); -keyInfosByID.remove(certInfo.getID()); +if (!result.isEmpty()){ +for (PKCS12CertInfo certInfo : result) { +// remove cert and key + certInfosByID.remove(certInfo.getID()); + keyInfosByID.remove(certInfo.getID()); +} + } +else{ +System.out.println("Warning : Certificate Nickname" + " " + nickname + " " + "doesn't exist"); +System.exit(-1); } } } -- 1.8.3.1 Test cases: -- 1. Find the certs. [root@pki1 ~]# pki pkcs12-cert-find --pkcs12-file /tmp/test_BZ/ca.p12 --pkcs12-password-file /tmp/test_BZ/password.txt --- 5 entries found --- Certificate ID: 8f10550112e84d196c20368492579914900732bc Serial Number: 0x2 Nickname: ocspSigningCert cert-topology-02-CA CA Subject DN: CN=CA OCSP Signing Certificate,O=topology-02_Foobarmaster.org Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org Trust Flags: u,u,u Has Key: true Certificate ID: 3bb6074fa6efe3d0b0e785b0366ccaacc4ca75c8 Serial Number: 0x1 Nickname: caSigningCert cert-topology-02-CA CA Subject DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org Trust Flags: CTu,Cu,Cu Has Key: true Certificate ID: 1f32ec27dbb05aa0a305011d0114513b7fd17c6b Serial Number: 0x4 Nickname: subsystemCert cert-topology-02-CA Subject DN: CN=Subsystem Certificate,O=topology-02_Foobarmaster.org Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org Trust Flags: u,u,u Has Key: true Certificate ID: 9bf832618b627f34ba17ed2664f5b50e4e0c9e7a Serial Number: 0x3 Nickname: Server-Cert cert-topology-02-CA Subject DN: CN=pki1.example.com,O=topology-02_Foobarmaster.org Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org Trust Flags: u,u,u Has Key: true Certificate ID: 2d0929b8e6e827b1f7fdf37f915b5a5b0662d42b Serial Number: 0x5 Nickname: auditSigningCert cert-topology-02-CA CA Subject DN: CN=CA Audit Signing Certificate,O=topology-02_Foobarmaster.org Issuer DN: CN=CA Signing Certificate,O=topology-02_Foobarmaster.org Trust Flags: u,u,Pu Has Key: true 2. Try to remove a cert which doesn't exist. [root@pki1 ~]# pki pkcs12-cert-del "test" --pkcs12-file /tmp/test_BZ/ca.p12