Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

SWIFT: POC Conversion

Sync from "Extern...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: None
Affects Version/s: rhel-10.1
Component/s: pki
Labels:
None

Regression:
No
Reset contact to default:

Assignee, Qa Contact, Doc Contact, AssignedTeam, Watchers, Developer
Severity:
None

AssignedTeam:
rhel-idm-cs

Story Points:
None
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
None

Preliminary Testing:
None
Test Coverage:
None

ProdDocsReview-CCS:
Unspecified
ProdDocsReview-Dev:
Unspecified
ProdDocsReview-QE:
Unspecified

Experience:

PX Impact Score:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

What were you trying to do that didn't work?

No host and port validation on ca-kraconnector-add CLI commands

What is the impact of this issue to you?

Medium

Please provide the package NVR for which the bug is seen:

idm-pki-tools-11.7.0-0.1.beta1.el9.x86_64
pki-resteasy-servlet-initializer-3.0.26-19.el9.noarch
idm-pki-server-11.7.0-0.1.beta1.el9.noarch
idm-pki-ca-11.7.0-0.1.beta1.el9.noarch
idm-pki-kra-11.7.0-0.1.beta1.el9.noarch

How reproducible is this bug?:

Always

Steps to reproduce

Install CA and KRA Subsystems

[root@pki1 ~]#* pkispawn -s KRA -f /tmp/test_dir/kra.cfg*

Verify that there is a connector created
[root@pki1 ~]# pki -d /opt/pki/certdb/ -p 20443 -c SECret.123 -u caadmin -w SECret.123 ca-kraconnector-show

Host: pki1.example.com:21443
Enabled: true
Local: false
Timeout: 30
URI: /kra/agent/kra/connector
Transport Cert:

MIID3jCCAsagAwIBAgIRANrSO6tvqfVbVeG0Kp8g7EUwDQYJKoZIhvcNAQENBQAw
YTElMCMGA1UECgwcdG9wb2xvZ3ktMDJfRm9vYmFybWFzdGVyLm9yZzEXMBUGA1UE
CwwOdG9wb2xvZ3ktMDItQ0ExHzAdBgNVBAMMFkNBIFNpZ25pbmcgQ2VydGlmaWNh
dGUwHhcNMjUwNzI5MjAyNDQ1WhcNMjcwNzE5MjAyNDQ1WjBlMSUwIwYDVQQKDBx0
b3BvbG9neS0wMl9Gb29iYXJtYXN0ZXIub3JnMRgwFgYDVQQLDA90b3BvbG9neS0w
Mi1LUkExIjAgBgNVBAMMGURSTSBUcmFuc3BvcnQgQ2VydGlmaWNhdGUwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3E8NBZdkoh7FsVhqxt1kFlyBLgv1n
8uQuP9q/Mwo/rT83WG+gyVSpzhci+h6l/tjlL69LFZEMVWGlf2oSw0q2+OfXT5iu
27K6tOhFSvQcg1bV/cHMQMw1MdMlkDbIztkqdoS7CFtzVZLQWy7H5FDgwzwN/9Zs
DCa5SdqKFzCvU20HhPqbfL/biJjMCqXp6oSvfvcfO6y2IArrfr80fncHVwteh0jP
2BJJ6OHiDFmD7pYMvKLhDY7jGMUEynedEt5V/2qELwzYGogl4GXt2aA7HGeUojq1
pmwJbqSOh4NIbTlrdwUa1C1qqfHI4kxNSZsxxfzLVFSyRj5vO/tOQQchAgMBAAGj
gYwwgYkwHwYDVR0jBBgwFoAUdsc/rtfeSSuVHmZvMuM2nVuH36owQQYIKwYBBQUH
AQEENTAzMDEGCCsGAQUFBzABhiVodHRwOi8vcGtpMS5leGFtcGxlLmNvbToyMDA4
MC9jYS9vY3NwMA4GA1UdDwEB/wQEAwIE8DATBgNVHSUEDDAKBggrBgEFBQcDAjAN
BgkqhkiG9w0BAQ0FAAOCAQEAmUAH0UO7s88lvDVKkhCLNOWWyFhpXRvVdDbkYQv+
hmhuv2LbObtx9R2LtJEhXlyM9U6JJAjH1NcGoP0uB3rUtD+QprCbfl1lIaYM2uEz
hJSrgPHbyUmIwSfP8dUcIY9bWNmJMq6A+jrvA5WxZdEtkKUTQOGjv8DugiCslAQ8
6Kt+KqKMcZQkMN7nTYg/7toXLz5coQ0KABOG7LxIyfGISoYachl+RYGeEF0Fhs99
ssSl5Vq+K/ssqre0GpmfifSuDPsHK1hDb5x67PU71bFl2s2/wyysIPuLV6DOEv3w
mknNcmjPYidLIoRZ+6JKKE+T3DOkO+bZr7VRmR+xuAj7CA==

Try to add a connector with bogus port and hostname

[root@pki1 ~]# pki -d /opt/pki/certdb/ -p 20443 -c SECret.123 -u caadmin -w SECret.123 ca-kraconnector-add --host pki-invalid.example.com --port abc8443xyz
---------------------------------------------------
Added KRA host "pki-invalid.example.com:abc8443xyz"
---------------------------------------------------

Expected results

Expected some input validation

Actual results

The input isaccepted without any type of validation

clones

RHEL-106428 No host and port validation on ca-kraconnector-add CLI commands

Assignee:: RHCS Maintenance

Reporter:: Gilbert Kimetto

Developer:: RHCS Maintenance

QA Contact:: IdM CS QE

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2025/09/04 12:54 PM

Updated:: 2025/09/24 3:26 PM

Stale Date:: 2026/07/28

Details

Description

What were you trying to do that didn't work?

What is the impact of this issue to you?

Please provide the package NVR for which the bug is seen:

How reproducible is this bug?:

Steps to reproduce

Expected results

Actual results

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

Hide