[PATCH] 656 Added automatic Tomcat migration.
by Endi Sukma Dewata
The pki-core.spec has been modified to execute pki-server migrate
when the package is installed. This way when upgrading from F22 to
F23 all PKI instances will be migrated automatically to Tomcat 8.
The pki-server migrate command has been modified such that if there
is no specific Tomcat version specified it will use the current
Tomcat version.
The top attribute in the CLI class was not functioning properly,
so it has been replaced with get_top_module() method.
The getopt() invocations in pki-server subcommands have been
replaced with gnu_getopt() to allow intermixing options and
arguments.
https://fedorahosted.org/pki/ticket/1310
--
Endi S. Dewata
9 years, 1 month
Cannot revoke user certificate becouse of nonce
by Marcin Mierzejewski
I try to revoke certificate from code I got exception with info about nonce.
public void revokeAndApprove(int certificateId) {
CertId certId = new CertId(certificateId);
long nonce = new Random().nextLong();
CertRevokeRequest revokeRequest = new CertRevokeRequest();
revokeRequest.setReason(RevocationReason.KEY_COMPROMISE);
revokeRequest.setComments("user request revoke");
revokeRequest.setNonce(nonce);
*CertRequestInfo revokeInfo = certClient.revokeCert(certId,
revokeRequest);// here comes an exception*
CertReviewResponse reviewData = certClient
.reviewRequest(revokeInfo.getRequestId());
reviewData.setNonce(""+nonce);
log(reviewData.toString());
reviewData.setRequestNotes("revoke approved");
certClient.approveRequest(reviewData.getRequestId(), reviewData);
}
when I use this I get exception on line(certClient.revokeCert(...))
>
>
com.netscape.certsrv.base.BadRequestException: Nonce for cert-revoke 64
does not exist.
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
at
com.netscape.certsrv.client.PKIConnection.getEntity(PKIConnection.java:436)
at com.netscape.certsrv.client.PKIClient.getEntity(PKIClient.java:112)
at com.netscape.certsrv.cert.CertClient.revokeCert(CertClient.java:75)
at com.company.CAManager.revokeAndApprove(CAManager.java:186)
and few other options I'v tried
1. Long nonce = transportCert.getNonce(); // null
>
> 2. Long nonce = certClient.getCert(certId).getNonce() //also a null
>
>
puting null to setNonce, or not setting it at all give me:
com.netscape.certsrv.base.BadRequestException: Missing nonce.
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
> at
> com.netscape.certsrv.client.PKIConnection.getEntity(PKIConnection.java:436)
> at com.netscape.certsrv.client.PKIClient.getEntity(PKIClient.java:112)
> at com.netscape.certsrv.cert.CertClient.revokeCert(CertClient.java:75)
> at com.company.CAManager.revokeAndApprove(CAManager.java:187)
> at com.company.Main.main(Main.java:21)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:497)
> at com.intellij.rt.execution.application.AppMain.main(AppMain.java:140)
>
I check browser form from enduser entity and nonce value looks like
this:"certId:someLongRandomNumber"
Am I not understanding usage of nonce or something in my code is wrong?
9 years, 1 month
[PATCH] 655 Replaced legacy HttpClient.
by Endi Sukma Dewata
The ConfigurationUtils and CertUtil have been modified to use
PKIConnection which uses Apache HttpClient instead of the legacy
custom HttpClient. The POST request content is now created using
MultivaluedMap.
The PKIConnection has been modified to provide a get() method to
send an HTTP GET request. The post() method was modified to accept
a path parameter.
https://fedorahosted.org/pki/ticket/342
--
Endi S. Dewata
9 years, 1 month