search

dogtagpki / pki

The Dogtag Certificate System is an enterprise-class Certificate Authority (CA) which supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management.
https://www.dogtagpki.org
GNU General Public License v2.0
358 stars 134 forks source link

Python Client Approval Fails #4598

Open Coolgum15 opened 10 months ago

Coolgum15 commented 10 months ago

Was following Python code example here when encountering issue: https://github.com/dogtagpki/pki/wiki/PKI-Certificate-Client-in-Python#enrolling-a-server-certificate-using-the-certclient

Description of problem:

Python function review_request and approve_request (pki/base/common/python/pki/cert.py) fail even with hard-coded request ids

Version

Name        : dogtag-pki
Version     : 11.3.1
Release     : 1.fc38
Architecture: x86_64
Install Date: Tue 24 Oct 2023 12:29:02 PM EDT
Group       : Unspecified
Size        : 113
License     : GPL-2.0-only and LGPL-2.0-only
Signature   : RSA/SHA256, Tue 07 Feb 2023 07:11:14 PM EST, Key ID 809a8d7ceb10b464
Source RPM  : dogtag-pki-11.3.1-1.fc38.src.rpm
Build Date  : Tue 07 Feb 2023 04:40:11 PM EST
Build Host  : buildhw-x86-16.iad2.fedoraproject.org
Packager    : Fedora Project
Vendor      : Fedora Project
URL         : https://www.dogtagpki.org
Bug URL     : https://bugz.fedoraproject.org/dogtag-pki
Summary     : Dogtag PKI Package

How reproducible:

Running example provided here: https://github.com/dogtagpki/pki/wiki/PKI-Certificate-Client-in-Python#enrolling-a-server-certificate-using-the-certclient Additionally, this code snippet also fails

from pki.client import PKIConnection
from pki.cert import CertClient

scheme = 'https'
host = '[HOSTNAME]'
port = '8443'
connection = PKIConnection(scheme, host, port)
connection.set_authentication_cert("[PATH]")

client = CertClient(connection)

#An existing Certificate Request on the server
resp = client.review_request('23')
client.approve_request('23', resp)

Actual results

Traceback (most recent call last):
  File "/home/[USER]/MFA/create_cert.py", line 59, in <module>
    resp = client.review_request('23')
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/pki/__init__.py", line 431, in handler
    return fn_call(inst, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/pki/cert.py", line 814, in review_request
    return CertReviewResponse.from_json(r.json())
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/pki/cert.py", line 592, in from_json
    profile.ProfilePolicySet.from_json(policy_set))
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/pki/profile.py", line 661, in from_json
    policy_set.policies.append(ProfilePolicy.from_json(policy))
                               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/pki/profile.py", line 631, in from_json
    policy.policy_id = attr_list['id']
                       ~~~~~~~~~^^^^^^
KeyError: 'id'

Expected Results

Returned CertReviewResponse

Coolgum15 commented 10 months ago

Just built 11.4.3 and I get the same error.

Coolgum15 commented 10 months ago

The workaround that I found to this is just commenting out the line `policy.policy_id = attr_list['id']" This is a band-aid solution for those (like me) who only need the cert approved and don't care about returned variables.