Hi Endi,

Thanks a lot for your response. In the meanwhile I managed to get some code working to get this approval done but somehow when I do this for a number of times it hangs. I then checked with the PKI CLI and the approval call is indeed at times very slow (giving a hang perception but does work after some time) and that's the reason my code breaks with an exception - see below. So I have 2 queries:

- Why Approval calls so slow? Can these be made faster. I am running fedora 32 as VM with 6 GB RAM and 4 vCPUs.

- Is there a way to set the timeout period in the client to ensure the calling application doesn't close the session too soon.

[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - Client certificate: PKI Administrator for localhost.localdomain
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - HTTP request: POST /ca/rest/agent/certrequests/68/approve HTTP/1.1
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - Accept: application/xml
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - Content-Type: application/xml
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - Content-Length: 21606
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - Host: 192.168.56.103:8443
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - Connection: Keep-Alive
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - User-Agent: Apache-HttpClient/4.5.10 (Java/1.8.0_242)
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - Cookie: JSESSIONID=BF20B9C354788A712389E9FBF920651C
pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - HTTP response: HTTP/1.1 400
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - Content-Type: text/html;charset=UTF-8
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - Content-Length: 243
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - Date: Thu, 12 Nov 2020 09:25:04 GMT
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - Connection: close
[pool-3-thread-4] ERROR com.netscape.certsrv.client.PKIConnection - WARNING: SSL alert sent: CLOSE_NOTIFY
com.netscape.certsrv.base.PKIException: Bad Request
at com.netscape.certsrv.client.PKIConnection.handleErrorResponse(PKIConnection.java:469)
at com.netscape.certsrv.client.PKIConnection.getEntity(PKIConnection.java:432)
at com.netscape.certsrv.client.PKIClient.getEntity(PKIClient.java:106)
at com.netscape.certsrv.ca.CACertClient.approveRequest(CACertClient.java:127)

On Thu, Nov 12, 2020 at 5:05 PM <pki-users-owner@redhat.com> wrote:

This mailing list is restricted to members, and your message has been
automatically rejected.

To subscribe, visit: https://www.redhat.com/mailman/listinfo/pki-users

If you think that your messages are being rejected in error, contact
the mailing list owner at pki-users-owner@redhat.com.

---------- Forwarded message ----------
From: "info@codegic" <info@codegic.com>
To: Endi Dewata <edewata@redhat.com>
Cc: pki-users@redhat.com
Bcc:
Date: Thu, 12 Nov 2020 16:59:13 +0500
Subject: Re: [Pki-users] Is Dogtag PKI Rest API documentation up to date?
Hi Endi,

Thanks a lot for your response. In the meanwhile I managed to get some code working to get this approval done but somehow when I do this for a number of times it hangs. I then checked with the PKI CLI and the approval call is indeed at times very slow (giving a hang perception but does work after some time) and that's the reason my code breaks with an exception - see below. So I have 2 queries:

- Why Approval calls so slow? Can these be made faster. I am running fedora 32 as VM with 6 GB RAM and 4 vCPUs.
- Is there a way to set the timeout period in the client to ensure the calling application doesn't close the session too soon.

[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - Client certificate: PKI Administrator for localhost.localdomain
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - HTTP request: POST /ca/rest/agent/certrequests/68/approve HTTP/1.1
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - Accept: application/xml
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - Content-Type: application/xml
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - Content-Length: 21606
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - Host: 192.168.56.103:8443
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - Connection: Keep-Alive
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - User-Agent: Apache-HttpClient/4.5.10 (Java/1.8.0_242)
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - Cookie: JSESSIONID=BF20B9C354788A712389E9FBF920651C
pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - HTTP response: HTTP/1.1 400
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - Content-Type: text/html;charset=UTF-8
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - Content-Length: 243
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - Date: Thu, 12 Nov 2020 09:25:04 GMT
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - Connection: close
[pool-3-thread-4] ERROR com.netscape.certsrv.client.PKIConnection - WARNING: SSL alert sent: CLOSE_NOTIFY
com.netscape.certsrv.base.PKIException: Bad Request
at com.netscape.certsrv.client.PKIConnection.handleErrorResponse(PKIConnection.java:469)
at com.netscape.certsrv.client.PKIConnection.getEntity(PKIConnection.java:432)
at com.netscape.certsrv.client.PKIClient.getEntity(PKIClient.java:106)
at com.netscape.certsrv.ca.CACertClient.approveRequest(CACertClient.java:127)

On Wed, Nov 11, 2020 at 10:39 PM Endi Dewata <edewata@redhat.com> wrote:
Hi Wahaj,

The REST API doc was created manually, so unfortunately it may have become
out of date and we don't have resources right now to update it. For now I'd suggest
to run the pki CLI in --verbose, --message-format, and --output to see the actual
request and responses sent between the server and client and then replicate the
same messages in your application. Hope this helps.

https://github.com/dogtagpki/pki/wiki/PKI-CLI-Options

--
Endi S. Dewata

On Mon, Nov 9, 2020 at 1:52 AM Wahaj K <mwahaj3120@gmail.com> wrote:
Hi,

Saw the documentation at: https://github.com/dogtagpki/pki/wiki/PKI-CA-Revoke-Certificate-REST-API

I am trying this and failing. I get all sort of issues like Content type is not valid, Content Length is not valid etc when I put some content type and content length. I believe as this is HTTP POST and no content required hence I am then skipping both of these but then I get this in the CA logs:

2020-11-09 11:33:00 [https-jsse-nio-8443-exec-24] ERROR: RESTEASY002010: Failed to execute

javax.ws.rs.NotSupportedException: RESTEASY003200: Could not find message body reader for type: class com.netscape.certsrv.cert.CertRevokeRequest of content type: */*

I am using Postman. Get Certs call is working fine.

I get similar errors on the Restful Approve call.

Is the documentation up to date? I am stuck for days :( Would be grateful if you can guide!

Regards,
Wahaj
_______________________________________________
Pki-users mailing list
Pki-users@redhat.com
https://www.redhat.com/mailman/listinfo/pki-users