[Pki-users] Exception when upgrading to 10.2.0
Peter Beal
rpb5bnc at gmail.com
Mon Feb 16 14:36:41 UTC 2015
Hi,
We have not been able to make any progress on this over the past week to
determine why the response was a null pointer exception. Is there any
suggestion on where we should look to figure out why this works on the
older 10.0.6 and is failing with 10.2.0?
Thanks,
Pete Beal
On 2/5/15 9:28 AM, Peter Beal wrote:
> Hello,
>
> Our project has been integrating our own RA with Dogtag and everything
> has been going perfectly. We made our first internal release to our
> downstream product teams at the end of last year. Unfortunately, all
> our development had been done using Dogtag 10.0.6 on Fedora 19, which
> is pretty old at this point. Our test team installed a Fedora 21
> system and Dogtag 10.2.0 and attempted to run our regression tests.
> What they found was that when our RA attempted to enroll a certificate
> we received an error response instead of a successful response
> containing a certID.
>
> The XML sent to both 10.0.6 and 10.2.0 is:
>
> <?xml version="1.0" encoding="UTF-8"
> standalone="yes"?><CertEnrollmentRequest>
> <profileId>caAutoCiscoRA</profileId> <isRenewal>false</isRenewal>
> <xmlOutput>false</xmlOutput> <Input> <InputAttrs> <InputAttr
> name="cert_request_type">pkcs10</InputAttr> <InputAttr
> name="cert_request">MIIBUzCBvQIBADAUMRIwEAYDVQQDEwkxMjcuMC4wLjEwgZ8wDQYJKoZIhvcNAQEB
> BQADgY0AMIGJAoGBALvXizDymVYx6ic1Dz8dDppziWjfhIr2CkrtGyfGHJa1Loy9
> OkWdS2w3CH/ASNVL3vTeA7dAly6SHgxrXEOtBFLL8KKnDzDg6oqyM4OFmhZBr/gW
> QXlrIbwEWvGOXHuFLSzcuN9B7iqVn7UXQHl6c5QRmi+iZB1dL0MiQ59MG+a7AgMB
> AAGgADANBgkqhkiG9w0BAQsFAAOBgQAiFqKKrAe+ToLFhOhlRwqsuzSUzqeQ16kw
> MM5MZ4gnVZr6PAO0ixk1KUEcSmAppq0hC8NOikXiWzbkRAKpF0AMbF9e3EbKcZWU
> TOpCd6BAjjo0M5ceki6R0RRKRYRGDgJiFJbJttpqKrh4Ngw8iuZ/MyXZd/YcfnRo
> kaB+Gz8gRg==
> </InputAttr> </InputAttrs> </Input></CertEnrollmentRequest>
>
> In the case of 10.0.6, the response was:
>
> <?xml version="1.0" encoding="UTF-8"
> standalone="yes"?><CertRequestInfos><CertRequestInfo><requestType>enrollment</requestType><requestStatus>complete</requestStatus><requestURL>https://dogsled:8444/ca/rest/623660</requestURL><certId>0x98361</certId><certURL>https://dogsled:8444/ca/rest/623457</certURL><certRequestType>pkcs10</certRequestType><operationResult>success</operationResult></CertRequestInfo></CertRequestInfos>
>
>
> In the case of 10.2.0, the response was:
>
> <html><head><title>Apache Tomcat/7.0.52 - Error
> report</title><style><!--H1
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
> H2
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
> H3
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
> BODY
> {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;}
> B
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
> P
> {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
> {color : black;}A.name {color : black;}HR {color :
> #525D76;}--></style> </head><body><h1>HTTP Status 500 -
> java.lang.NullPointerException</h1><HR size="1"
> noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b>
> <u>java.lang.NullPointerException</u></p><p><b>description</b> <u>The
> server encountered an internal error that prevented it from fulfilling
> this request.</u></p><p><b>exception</b>
> <pre>org.jboss.resteasy.spi.UnhandledException:
> java.lang.NullPointerException
> org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76)
> org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212)
> org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:149)
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)
> org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)
> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> sun.
>
> And the end of the debug log was:
>
> # tail -f /var/log/pki/pki-tomcat/ca/debug
>
> [23/Jan/2015:10:40:55][http-bio-8443-exec-24]: AuthMethodInterceptor:
> CertRequestResource.enrollCert()
> [23/Jan/2015:10:40:55][http-bio-8443-exec-24]: AuthMethodInterceptor:
> mapping: default
> [23/Jan/2015:10:40:55][http-bio-8443-exec-24]: AuthMethodInterceptor:
> required auth methods: [*]
> [23/Jan/2015:10:40:55][http-bio-8443-exec-24]: AuthMethodInterceptor:
> anonymous access allowed
> [23/Jan/2015:10:40:55][http-bio-8443-exec-24]: ACLInterceptor:
> CertRequestResource.enrollCert()
> [23/Jan/2015:10:40:55][http-bio-8443-exec-24]: ACLInterceptor: No ACL
> mapping.
> [23/Jan/2015:10:40:55][http-bio-8443-exec-24]:
> MessageFormatInterceptor: CertRequestResource.enrollCert()
> [23/Jan/2015:10:40:55][http-bio-8443-exec-24]:
> MessageFormatInterceptor: content-type: application/xml
> [23/Jan/2015:10:40:55][http-bio-8443-exec-24]:
> MessageFormatInterceptor: accept: [*/*]
> [23/Jan/2015:10:40:55][http-bio-8443-exec-24]:
> MessageFormatInterceptor: request format: application/xml
> [23/Jan/2015:10:40:55][http-bio-8443-exec-24]:
> MessageFormatInterceptor: response format: application/xml
> [23/Jan/2015:10:40:55][http-bio-8443-exec-24]: according to ccMode,
> authorization for servlet: caProfileSubmit is LDAP based, not XML {1},
> use default authz mgr: {2}.
> [23/Jan/2015:10:40:55][http-bio-8443-exec-24]: Start of CertProcessor
> Input Parameters
> [23/Jan/2015:10:40:55][http-bio-8443-exec-24]: CertProcessor Input
> Parameter isRenewal='false'
> [23/Jan/2015:10:40:55][http-bio-8443-exec-24]: End of CertProcessor
> Input Parameters
> [23/Jan/2015:10:40:55][http-bio-8443-exec-24]: EnrollmentSubmitter:
> isRenewal false
> [23/Jan/2015:10:40:55][http-bio-8443-exec-24]: EnrollmentSubmitter:
> profileId null
> java.lang.NullPointerException
> at java.util.Hashtable.get(Hashtable.java:363)
> at
> com.netscape.cmscore.profile.ProfileSubsystem.getProfile(ProfileSubsystem.java:302)
> at
> com.netscape.cms.servlet.cert.EnrollmentProcessor.processEnrollment(EnrollmentProcessor.java:137)
> at
> com.netscape.cms.servlet.cert.CertRequestDAO.submitRequest(CertRequestDAO.java:178)
> at
> org.dogtagpki.server.ca.rest.CertRequestService.enrollCert(CertRequestService.java:135)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:483)
> at
> org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137)
> at
> org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:280)
> at
> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:234)
> at
> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:221)
> at
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)
> at
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)
> at
> org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)
> at
> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
> at
> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
> at sun.reflect.GeneratedMethodAccessor32.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:483)
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:277)
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:274)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
> at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:309)
> at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:169)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:297)
> at
> org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55)
> at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:191)
> at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:187)
> at java.security.AccessController.doPrivileged(Native Method)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:186)
> at
> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
> at sun.reflect.GeneratedMethodAccessor31.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:483)
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:277)
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:274)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
> at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:309)
> at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:249)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:238)
> at
> org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55)
> at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:191)
> at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:187)
> at java.security.AccessController.doPrivileged(Native Method)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:186)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:221)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
> at
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
> at
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
> at
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> at java.lang.Thread.run(Thread.java:745)
>
>
> Nothing is changed on the RA side between these two runs. Is there
> something that now needs to be done different with 10.2 and above
> versus 10.0?
>
> Thanks very much,
> Pete Beal
>
More information about the Pki-users
mailing list