Failing unit test?
by Adam Young
I ran the unit tests last night on my F16 box and got a failure:
package
com.netscape.security.extensions.GenericASN1ExtensionTest.testConstructorDER
java.lang.NullPointerException
at
netscape.security.util.ObjectIdentifier.encode(ObjectIdentifier.java:221)
at
netscape.security.util.DerOutputStream.putOID(DerOutputStream.java:371)
at netscape.security.x509.Extension.encode(Extension.java:134)
at
netscape.security.extensions.GenericASN1Extension.encode(GenericASN1Extension.java:306)
at
com.netscape.security.extensions.GenericASN1ExtensionTest.testConstructorDER(GenericASN1ExtensionTest.java:69)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at
org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:44)
at
org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:15)
at
org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:41)
at
org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:20)
at
org.junit.runners.BlockJUnit4ClassRunner.runNotIgnored(BlockJUnit4ClassRunner.java:79)
at
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:71)
at
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:49)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:193)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:52)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:191)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:42)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:184)
at org.junit.runners.ParentRunner.run(ParentRunner.java:236)
at
org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50)
at
org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197)
12 years
[PATCH] 51 Removed deprecated Signer.
by Endi Sukma Dewata
The X500Signer has been modified to become an independent class.
It's no longer a subclass of the deprecated Signer class.
Ticket #3
--
Endi S. Dewata
12 years
Repo with the F18 dependencies needed to build Dogtag
by Adam Young
Please make a single directory with the set of RPMs needed for BUilding
Dogtag. We've been doing that for IPA for a while, and it is necessary
for continuing development. I am not at a point where I can install F17
for my primary development machine, but I still try to keep up with PKI
development from time to time. You guys have done a great job in geting
the RPMS into Rawhide, but they should still install on F16 provided
all of the dependencies are provided. I am willing to generate the Repo
the same way that John Dennis does for IPA, but I need the RPMS themselves.
12 years
question on subject patterns
by Rob Crittenden
In IPA we use a profile that automatically issues server certificates.
It uses a pattern to pluck the hostname out of the CSR and sticks that
into a user-configurable subject template.
The pattern is
policyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+
The template by default looks like
policyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$,
OU=pki-ipa, O=IPA
We discovered that if CN is an RDN in the subject template then
certificates get the wrong subject.
For example, if we use CN=Test then the issued subject ends up being
CN=Test, CN=Test.
If we use CN=Test, CN=Coyote, O=Acme the issued subject is
CN=Coyote,CN=Test,CN=Coyote,O=Acme
We are creating the CSR with:
/usr/bin/certutil -d /etc/httpd/alias -R -s
CN=pinto.example.com,OU=Test,CN=Coyote,O=Acme -o
/var/lib/ipa/ipa-iem5hd/tmpcertreq -k rsa -g 2048 -z
/etc/httpd/alias/noise.txt -f /etc/httpd/alias/pwdfile.txt -a
So my questions are:
1. Do we just need to tweak the pattern?
2. Do I need to ban CN as an element of subjects? If it exists anywhere
in the subject template it messes up the replacemnt.
thanks
rob
12 years
