search

pki-bot / pki-issues-final

0 stars 0 forks source link

SigningUnit.init() ignoring exceptions #1949

Open pki-bot opened 4 years ago

pki-bot commented 4 years ago

This issue was migrated from Pagure Issue #2400. Originally filed by edewata (@edewata) on 2016-07-06 19:30:28:

The SigningUnit class currently catches and ignores all exceptions during initialization except for some exceptions that are specifically handled.

During CA installation the code ignores the following exception:

Property ca.signing.cacertnickname missing value
        at com.netscape.cmscore.base.PropConfigStore.getString(PropConfigStore.java:258)
        at com.netscape.ca.SigningUnit.init(SigningUnit.java:147)
        at com.netscape.ca.CertificateAuthority.initSigUnit(CertificateAuthority.java:1545)
        at com.netscape.ca.CertificateAuthority.init(CertificateAuthority.java:523)
        at com.netscape.cmscore.apps.CMSEngine.reinit(CMSEngine.java:1344)
        at com.netscape.certsrv.apps.CMS.reinit(CMS.java:191)
        at com.netscape.cms.servlet.csadmin.ConfigurationUtils.reInitSubsystem(ConfigurationUtils.java:2287)
        at org.dogtagpki.server.rest.SystemConfigService.initializeDatabase(SystemConfigService.java:780)
        at org.dogtagpki.server.ca.rest.CAInstallerService.initializeDatabase(CAInstallerService.java:98)
        at org.dogtagpki.server.rest.SystemConfigService.configure(SystemConfigService.java:179)
        at org.dogtagpki.server.rest.SystemConfigService.configure(SystemConfigService.java:121)

While this exception is considered "normal" during CA installation (due to improper initialization sequence), the code could also mask a real problem during runtime.

Proposed solution:

  1. The SigningUnit initialization sequence should be fixed such that it doesn't throw an exception during CA installation.
  2. The code in SigningUnit.init() that catches and ignores exceptions should be removed.
pki-bot commented 4 years ago

Comment from edewata (@edewata) at 2016-07-07 18:15:54

See also ticket 1615.

pki-bot commented 4 years ago

Comment from mharmsen (@mharmsen) at 2016-07-07 19:53:57

Per PKI Bug Council of 07/07/2016: 10.4

pki-bot commented 4 years ago

Comment from edewata (@edewata) at 2016-11-08 20:36:44

The code also hides actual runtime error (e.g. missing CA signing certificate). See also https://bugzilla.redhat.com/show_bug.cgi?id=1390319.

pki-bot commented 4 years ago

Comment from edewata (@edewata) at 2017-02-27 14:00:10

Metadata Update from @edewata: