8:28 a.m.
Hello,
Our project has been integrating our own RA with Dogtag and everything
has been going perfectly. We made our first internal release to our
downstream product teams at the end of last year. Unfortunately, all our
development had been done using Dogtag 10.0.6 on Fedora 19, which is
pretty old at this point. Our test team installed a Fedora 21 system
and Dogtag 10.2.0 and attempted to run our regression tests. What they
found was that when our RA attempted to enroll a certificate we received
an error response instead of a successful response containing a certID.
The XML sent to both 10.0.6 and 10.2.0 is:
<?xml version="1.0" encoding="UTF-8"
standalone="yes"?><CertEnrollmentRequest>
<profileId>caAutoCiscoRA</profileId>
<isRenewal>false</isRenewal> <xmlOutput>false</xmlOutput>
<Input> <InputAttrs> <InputAttr
name="cert_request_type">pkcs10</InputAttr> <InputAttr
name="cert_request">MIIBUzCBvQIBADAUMRIwEAYDVQQDEwkxMjcuMC4wLjEwgZ8wDQYJKoZIhvcNAQEB
BQADgY0AMIGJAoGBALvXizDymVYx6ic1Dz8dDppziWjfhIr2CkrtGyfGHJa1Loy9
OkWdS2w3CH/ASNVL3vTeA7dAly6SHgxrXEOtBFLL8KKnDzDg6oqyM4OFmhZBr/gW
QXlrIbwEWvGOXHuFLSzcuN9B7iqVn7UXQHl6c5QRmi+iZB1dL0MiQ59MG+a7AgMB
AAGgADANBgkqhkiG9w0BAQsFAAOBgQAiFqKKrAe+ToLFhOhlRwqsuzSUzqeQ16kw
MM5MZ4gnVZr6PAO0ixk1KUEcSmAppq0hC8NOikXiWzbkRAKpF0AMbF9e3EbKcZWU
TOpCd6BAjjo0M5ceki6R0RRKRYRGDgJiFJbJttpqKrh4Ngw8iuZ/MyXZd/YcfnRo
kaB+Gz8gRg==
</InputAttr> </InputAttrs>
</Input></CertEnrollmentRequest>
In the case of 10.0.6, the response was:
<?xml version="1.0" encoding="UTF-8"
standalone="yes"?><CertRequestInfos><CertRequestInfo><requestType>enrollment</requestType><requestStatus>complete</requestStatus><requestURL>https://dogsled:8444/ca/rest/623660</requestURL><certId>0x98361</certId><certURL>https://dogsled:8444/ca/rest/623457</certURL><certRequestType>pkcs10</certRequestType><operationResult>success</operationResult></CertRequestInfo></CertRequestInfos>
In the case of 10.2.0, the response was:
<html><head><title>Apache Tomcat/7.0.52 - Error
report</title><style><!--H1
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
H2
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
H3
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color
: black;}A.name {color : black;}HR {color : #525D76;}--></style>
</head><body><h1>HTTP Status 500 -
java.lang.NullPointerException</h1><HR size="1"
noshade="noshade"><p><b>type</b> Exception
report</p><p><b>message</b>
<u>java.lang.NullPointerException</u></p><p><b>description</b>
<u>The server encountered an internal error that prevented it from fulfilling this
request.</u></p><p><b>exception</b>
<pre>org.jboss.resteasy.spi.UnhandledException: java.lang.NullPointerException
org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76)
org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212)
org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:149)
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.
And the end of the debug log was:
# tail -f /var/log/pki/pki-tomcat/ca/debug
[23/Jan/2015:10:40:55][http-bio-8443-exec-24]: AuthMethodInterceptor:
CertRequestResource.enrollCert()
[23/Jan/2015:10:40:55][http-bio-8443-exec-24]: AuthMethodInterceptor: mapping: default
[23/Jan/2015:10:40:55][http-bio-8443-exec-24]: AuthMethodInterceptor: required auth
methods: [*]
[23/Jan/2015:10:40:55][http-bio-8443-exec-24]: AuthMethodInterceptor: anonymous access
allowed
[23/Jan/2015:10:40:55][http-bio-8443-exec-24]: ACLInterceptor:
CertRequestResource.enrollCert()
[23/Jan/2015:10:40:55][http-bio-8443-exec-24]: ACLInterceptor: No ACL mapping.
[23/Jan/2015:10:40:55][http-bio-8443-exec-24]: MessageFormatInterceptor:
CertRequestResource.enrollCert()
[23/Jan/2015:10:40:55][http-bio-8443-exec-24]: MessageFormatInterceptor: content-type:
application/xml
[23/Jan/2015:10:40:55][http-bio-8443-exec-24]: MessageFormatInterceptor: accept: [*/*]
[23/Jan/2015:10:40:55][http-bio-8443-exec-24]: MessageFormatInterceptor: request format:
application/xml
[23/Jan/2015:10:40:55][http-bio-8443-exec-24]: MessageFormatInterceptor: response format:
application/xml
[23/Jan/2015:10:40:55][http-bio-8443-exec-24]: according to ccMode, authorization for
servlet: caProfileSubmit is LDAP based, not XML {1}, use default authz mgr: {2}.
[23/Jan/2015:10:40:55][http-bio-8443-exec-24]: Start of CertProcessor Input Parameters
[23/Jan/2015:10:40:55][http-bio-8443-exec-24]: CertProcessor Input Parameter
isRenewal='false'
[23/Jan/2015:10:40:55][http-bio-8443-exec-24]: End of CertProcessor Input Parameters
[23/Jan/2015:10:40:55][http-bio-8443-exec-24]: EnrollmentSubmitter: isRenewal false
[23/Jan/2015:10:40:55][http-bio-8443-exec-24]: EnrollmentSubmitter: profileId null
java.lang.NullPointerException
at java.util.Hashtable.get(Hashtable.java:363)
at
com.netscape.cmscore.profile.ProfileSubsystem.getProfile(ProfileSubsystem.java:302)
at
com.netscape.cms.servlet.cert.EnrollmentProcessor.processEnrollment(EnrollmentProcessor.java:137)
at
com.netscape.cms.servlet.cert.CertRequestDAO.submitRequest(CertRequestDAO.java:178)
at
org.dogtagpki.server.ca.rest.CertRequestService.enrollCert(CertRequestService.java:135)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:280)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:234)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:221)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)
at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at sun.reflect.GeneratedMethodAccessor32.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:277)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:274)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:309)
at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:169)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:297)
at
org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55)
at
org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:191)
at
org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:187)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:186)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at sun.reflect.GeneratedMethodAccessor31.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:277)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:274)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:309)
at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:249)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:238)
at
org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55)
at
org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:191)
at
org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:187)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:186)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:221)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Nothing is changed on the RA side between these two runs. Is there
something that now needs to be done different with 10.2 and above versus
10.0?
Thanks very much,
Pete Beal