Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-29727

Gracefuly handle the exception while listing CA on replica when private keys not exchanged

    • None
    • None
    • rhel-sst-idm-cs
    • ssg_idm
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • None
    • None
    • None

      What were you trying to do that didn't work?

      we have an automated test for issue https://github.com/dogtagpki/pki/issues/4669  where we are trying to simulate failure of exchange of private keys between server and replica. scenario goes like this:

      1. Setup a freeipa server and a replica
      2. Stop ipa-custodia service on replica
      3. Create a LWCA on the replica
      4. Verify LWCA is recognized on the server
      5. Run `ipa ca-show <LWCA>` on replica and verify that LWCA is not listed and error into `ipa: ERROR: The certificate for lwca1 is not available on this server.`

      Please provide the package NVR for which bug is seen:

       idm-pki-ca-11.5.0-1.el9.noarch

      ipa-server-4.11.0-9.el9_4.x86_64

      How reproducible:

      always

      Steps to reproduce

      1. Setup a freeipa server and a replica
      2. Stop ipa-custodia service on replica
      3. Create a LWCA on the replica
      4. Verify LWCA is recognized on the server
      5. Run `ipa ca-show <LWCA>` on replica

      Expected results

      ipa: ERROR: The certificate for lwca1 is not available on this server.

      Actual results

      ipa: ERROR: Request failed with status 500: Non-2xx response from CA REST API: 500.

       

      relevant pki/debug log:

      org.jboss.resteasy.spi.UnhandledException: java.lang.NullPointerException: Cannot invoke "com.netscape.ca.CASigningUnit.getCert()" because "this.mSigningUnit" is null 

              Unassigned Unassigned
              rhn-support-myusuf Rizwan Shaikh
              RHCS Maintenance RHCS Maintenance
              IdM CS QE IdM CS QE
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: