[Pki-users] Is Dogtag PKI Rest API documentation up to date?
Wahaj K
mwahaj3120 at gmail.com
Thu Nov 12 12:34:00 UTC 2020
Hi Endi,
Thanks a lot for your response. In the meanwhile I managed to get some code
working to get this approval done but somehow when I do this for a number
of times it hangs. I then checked with the PKI CLI and the approval call is
indeed at times very slow (giving a hang perception but does work after
some time) and that's the reason my code breaks with an exception - see
below. So I have 2 queries:
- Why Approval calls so slow? Can these be made faster. I am running fedora
32 as VM with 6 GB RAM and 4 vCPUs.
- Is there a way to set the timeout period in the client to ensure the
calling application doesn't close the session too soon.
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - Client
certificate: PKI Administrator for localhost.localdomain
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - HTTP
request: POST /ca/rest/agent/certrequests/68/approve HTTP/1.1
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
Accept: application/xml
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
Content-Type: application/xml
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
Content-Length: 21606
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - Host:
192.168.56.103:8443
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
Connection: Keep-Alive
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
User-Agent: Apache-HttpClient/4.5.10 (Java/1.8.0_242)
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
Cookie: JSESSIONID=BF20B9C354788A712389E9FBF920651C
pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - HTTP
response: HTTP/1.1 400
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
Content-Type: text/html;charset=UTF-8
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
Content-Length: 243
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - Date:
Thu, 12 Nov 2020 09:25:04 GMT
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
Connection: close
*[pool-3-thread-4] ERROR com.netscape.certsrv.client.PKIConnection -
WARNING: SSL alert sent: CLOSE_NOTIFY*
com.netscape.certsrv.base.PKIException: Bad Request
at
com.netscape.certsrv.client.PKIConnection.handleErrorResponse(PKIConnection.java:469)
at
com.netscape.certsrv.client.PKIConnection.getEntity(PKIConnection.java:432)
at com.netscape.certsrv.client.PKIClient.getEntity(PKIClient.java:106)
at
com.netscape.certsrv.ca.CACertClient.approveRequest(CACertClient.java:127)
On Thu, Nov 12, 2020 at 5:05 PM <pki-users-owner at redhat.com> wrote:
> This mailing list is restricted to members, and your message has been
> automatically rejected.
>
> To subscribe, visit: https://www.redhat.com/mailman/listinfo/pki-users
>
>
> If you think that your messages are being rejected in error, contact
> the mailing list owner at pki-users-owner at redhat.com.
>
>
>
>
>
> ---------- Forwarded message ----------
> From: "info at codegic" <info at codegic.com>
> To: Endi Dewata <edewata at redhat.com>
> Cc: pki-users at redhat.com
> Bcc:
> Date: Thu, 12 Nov 2020 16:59:13 +0500
> Subject: Re: [Pki-users] Is Dogtag PKI Rest API documentation up to date?
> Hi Endi,
>
> Thanks a lot for your response. In the meanwhile I managed to get some
> code working to get this approval done but somehow when I do this for a
> number of times it hangs. I then checked with the PKI CLI and the approval
> call is indeed at times very slow (giving a hang perception but does work
> after some time) and that's the reason my code breaks with an exception -
> see below. So I have 2 queries:
>
> - Why Approval calls so slow? Can these be made faster. I am running
> fedora 32 as VM with 6 GB RAM and 4 vCPUs.
> - Is there a way to set the timeout period in the client to ensure the
> calling application doesn't close the session too soon.
>
> [pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - Client
> certificate: PKI Administrator for localhost.localdomain
> [pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - HTTP
> request: POST /ca/rest/agent/certrequests/68/approve HTTP/1.1
> [pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
> Accept: application/xml
> [pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
> Content-Type: application/xml
> [pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
> Content-Length: 21606
> [pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - Host:
> 192.168.56.103:8443
> [pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
> Connection: Keep-Alive
> [pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
> User-Agent: Apache-HttpClient/4.5.10 (Java/1.8.0_242)
> [pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
> Cookie: JSESSIONID=BF20B9C354788A712389E9FBF920651C
> pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - HTTP
> response: HTTP/1.1 400
> [pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
> Content-Type: text/html;charset=UTF-8
> [pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
> Content-Length: 243
> [pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - Date:
> Thu, 12 Nov 2020 09:25:04 GMT
> [pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
> Connection: close
> *[pool-3-thread-4] ERROR com.netscape.certsrv.client.PKIConnection -
> WARNING: SSL alert sent: CLOSE_NOTIFY*
> com.netscape.certsrv.base.PKIException: Bad Request
> at
> com.netscape.certsrv.client.PKIConnection.handleErrorResponse(PKIConnection.java:469)
> at
> com.netscape.certsrv.client.PKIConnection.getEntity(PKIConnection.java:432)
> at com.netscape.certsrv.client.PKIClient.getEntity(PKIClient.java:106)
> at
> com.netscape.certsrv.ca.CACertClient.approveRequest(CACertClient.java:127)
>
> On Wed, Nov 11, 2020 at 10:39 PM Endi Dewata <edewata at redhat.com> wrote:
>
>> Hi Wahaj,
>>
>> The REST API doc was created manually, so unfortunately it may have become
>> out of date and we don't have resources right now to update it. For now
>> I'd suggest
>> to run the pki CLI in --verbose, --message-format, and --output to see
>> the actual
>> request and responses sent between the server and client and then
>> replicate the
>> same messages in your application. Hope this helps.
>>
>> https://github.com/dogtagpki/pki/wiki/PKI-CLI-Options
>>
>> --
>> Endi S. Dewata
>>
>>
>> On Mon, Nov 9, 2020 at 1:52 AM Wahaj K <mwahaj3120 at gmail.com> wrote:
>>
>>> Hi,
>>>
>>> Saw the documentation at:
>>> https://github.com/dogtagpki/pki/wiki/PKI-CA-Revoke-Certificate-REST-API
>>>
>>> I am trying this and failing. I get all sort of issues like Content type
>>> is not valid, Content Length is not valid etc when I put some content type
>>> and content length. I believe as this is HTTP POST and no content required
>>> hence I am then skipping both of these but then I get this in the CA logs:
>>>
>>> 2020-11-09 11:33:00 [https-jsse-nio-8443-exec-24] ERROR: RESTEASY002010:
>>> Failed to execute
>>>
>>> javax.ws.rs.NotSupportedException: RESTEASY003200: Could not find
>>> message body reader for type: class
>>> com.netscape.certsrv.cert.CertRevokeRequest of content type: */*
>>>
>>> I am using Postman. Get Certs call is working fine.
>>>
>>> [image: image.png]
>>>
>>> I get similar errors on the Restful Approve call.
>>>
>>> Is the documentation up to date? I am stuck for days :( *Would be
>>> grateful if you can guide!*
>>>
>>> Regards,
>>> Wahaj
>>> _______________________________________________
>>> Pki-users mailing list
>>> Pki-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/pki-users
>>
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20201112/e4647852/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 69446 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-users/attachments/20201112/e4647852/attachment.png>
More information about the Pki-users
mailing list