search

wayf-dk / janus-ssp

Automatically exported from code.google.com/p/janus-ssp
Other
0 stars 0 forks source link

Another certificate validation error #294

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
I get the following stack trace when using the certificate validation (in the 
Validation tab)

Backtrace:
0 /home/test/janus-dev/www/module.php:180 (N/A)
Caused by: Exception: Expecting 'error NUM at NUM depth', got: ''
Backtrace:
6 /home/test/janus-dev/modules/janus/lib/OpenSsl/Command/Verify.php:388 
(sspmod_janus_OpenSsl_Command_Verify::getParsedResults)
5 /home/test/janus-dev/modules/janus/lib/OpenSsl/Certificate/Validator.php:107 
(sspmod_janus_OpenSsl_Certificate_Validator::_validateWithOpenSsl)
4 /home/test/janus-dev/modules/janus/lib/OpenSsl/Certificate/Validator.php:79 
(sspmod_janus_OpenSsl_Certificate_Validator::validate)
3 /home/test/janus-dev/modules/janus/www/get-entity-certificate.php:84 
(EntityCertificateServer::_checkCertificateValidity)
2 /home/test/janus-dev/modules/janus/www/get-entity-certificate.php:54 
(EntityCertificateServer::serve)
1 /home/test/janus-dev/modules/janus/www/get-entity-certificate.php:11 (require)
0 /home/test/janus-dev/www/module.php:135 (N/A)

Original issue reported on code.google.com by j...@wayf.dk on 2 Nov 2011 at 12:36

GoogleCodeExporter commented 9 years ago 
Some thing in the line of this will solve the problem:

Index: www/resources/scripts/validate.js
===================================================================
--- www/resources/scripts/validate.js   (revision 899)
+++ www/resources/scripts/validate.js   (working copy)
@@ -26,6 +26,8 @@

         // Get the Entity ID from the current element
         var entityId = $.trim(this.innerHTML);
+    
+        entityId = $.trim(entityEl.find('.entity-eid').text());

         $.getJSON(pathPrefix + 'module.php/janus/get-entity-certificate.php?eid=' + encodeURIComponent(entityId), function(data) {
             entityEl.find('.messages-template').tmpl({
@@ -103,4 +105,4 @@
             endpointsEl.prev('img.loading-image').remove();
         });
     });
-});
\ No newline at end of file
+});
Index: templates/editentity.php
===================================================================
--- templates/editentity.php    (revision 899)
+++ templates/editentity.php    (working copy)
@@ -1185,7 +1185,7 @@
 <?php if($this->data['uiguard']->hasPermission('validatemetadata', $wfstate, $this->data['user']->getType())): ?>
 <div id="validate">
     <h2>Metadata Validation</h2>
-    <div id="MetadataValidation" class="<?php echo 
$this->data['entity']->getEntityid() ?>">
+    <div id="MetadataValidation" class="<?php echo 
$this->data['entity']->getEid() ?>">
         <div class="metadata-messages messages">
         </div>
         <script class="metadata-messages-template" type="text/x-jquery-tmpl">
@@ -1248,6 +1248,7 @@
                         <tr>
                             <th>Entity ID</th>
                             <td>
+                            <span class="entity-eid" style="display: 
none;"><?php echo $this->data['entity']->getEid() ?></span>
                                 <a href="<?php echo $this->data['entity']->getEntityid() ?>" class="entity-id">
                                     <?php echo $this->data['entity']->getEntityid() ?>
                                 </a>

Here i use the ein to load the entities instead of the entityID.

This does not solve the same issue in show-entities-validation.php

Original comment by j...@wayf.dk on 2 Nov 2011 at 1:54

GoogleCodeExporter commented 9 years ago 
I've added issue to our task list and will take a look at it asap.

Original comment by vanliero...@gmail.com on 3 Nov 2011 at 10:07

GoogleCodeExporter commented 9 years ago 
The attached patch solves almost all of the problems I have had with the 
validation stuff, except two errors of the type above.

One of the certificates that gives the error is the following:

MIIFxDCCBKygAwIBAgIERbh5ADANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJESzEMMAoGA1UEChMD
VERDMRQwEgYDVQQDEwtUREMgT0NFUyBDQTAeFw0xMTAyMTExMjE2MTFaFw0xMzAyMTExMjQ2MTFaMIGb
MQswCQYDVQQGEwJESzE0MDIGA1UEChMrUm9za2lsZGUgVW5pdmVyc2l0ZXRzY2VudGVyIC8vIENWUjoy
OTA1NzU1OTFWMCUGA1UEBRMeQ1ZSOjI5MDU3NTU5LVVJRDoxMTcwOTIyMDkzNDcyMC0GA1UEAxMmUm9z
a2lsZGUgVW5pdmVyc2l0ZXRzY2VudGVyIC0gaGVscGRlc2swgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBALcYiLk7jbqSoL/axd1qWyufWjToeEE1jWUEYdUVlz4X9tXx74uzc4C9N06RorCx81sDSZMhBRIo
o7bDEJ6LzgjlZU/Iju6tRbmSgAIOptfoqPIe2usy9bphoPfaBcaHgqRhfa76KlPDkSA4jrlflmFTAQNC
Q6MWmUt4KeALtW2hAgMBAAGjggL7MIIC9zAOBgNVHQ8BAf8EBAMCA7gwKwYDVR0QBCQwIoAPMjAxMTAy
MTExMjE2MTFagQ8yMDEzMDIxMTEyNDYxMVowggE3BgNVHSAEggEuMIIBKjCCASYGCiqBUIEpAQEBAwMw
ggEWMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmNlcnRpZmlrYXQuZGsvcmVwb3NpdG9yeTCB4gYIKwYB
BQUHAgIwgdUwChYDVERDMAMCAQEagcZGb3IgYW52ZW5kZWxzZSBhZiBjZXJ0aWZpa2F0ZXQgZ+ZsZGVy
IE9DRVMgdmlsa+VyLCBDUFMgb2cgT0NFUyBDUCwgZGVyIGthbiBoZW50ZXMgZnJhIHd3dy5jZXJ0aWZp
a2F0LmRrL3JlcG9zaXRvcnkuIEJlbeZyaywgYXQgVERDIGVmdGVyIHZpbGvlcmVuZSBoYXIgZXQgYmVn
cuZuc2V0IGFuc3ZhciBpZnQuIHByb2Zlc3Npb25lbGxlIHBhcnRlci4wQQYIKwYBBQUHAQEENTAzMDEG
CCsGAQUFBzABhiVodHRwOi8vb2NzcC5jZXJ0aWZpa2F0LmRrL29jc3Avc3RhdHVzMDEGA1UdJQQqMCgG
CCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEMBoGA1UdEQQTMBGBD2hlbHBkZXNr
QHJ1Yy5kazCBhAYDVR0fBH0wezBLoEmgR6RFMEMxCzAJBgNVBAYTAkRLMQwwCgYDVQQKEwNUREMxFDAS
BgNVBAMTC1REQyBPQ0VTIENBMRAwDgYDVQQDEwdDUkw1NjcwMCygKqAohiZodHRwOi8vY3JsLm9jZXMu
Y2VydGlmaWthdC5kay9vY2VzLmNybDAfBgNVHSMEGDAWgBRgtYXsVmR+EhknZx1QFUtzrjv5EjAdBgNV
HQ4EFgQUKCsybTwzzIu/QCTpTKcnw1trefEwCQYDVR0TBAIwADAZBgkqhkiG9n0HQQAEDDAKGwRWNy4x
AwIDqDANBgkqhkiG9w0BAQUFAAOCAQEAqKH6nyP98DiI7X5JaDx0vlzDUj9y1n9dQHahHXRp9zLBMvfd
XU2y4nw9qt4aIhl+XVUgQRxqdV//UtwfW7MJvCqS7gwnEdDqCx1C11X0jwGUk/gKbsgXSZFJ+YQeQ3dV
BGxQC1dU+OYUBjKUzq4EaRsavxhYHcADv3fC52utJBAUCsldNLpwTQpenP3f9i1uffBl4spGfsTjtHZ/
JU17HbQD1VzTWB1lwO1jJ+3W98MDFKkQ+B+A/MCZRXnFinAUNi8DmQ8gkSXuHlimx+VS7jnqF9jUrMYK
anbCR70oJYg/5tN5K4n0ouTnFKO7z3Q3PQIi+SsB30lhwcuTYOb7oA== 
/DZHIZFj9U5h8ZClFUO9THSg3oMAx/zaTNiVdAYDw8UyMwGX1SR4vR6tfOeORkp3zb2ivHJ3IujGxa2b
a5Gzu622xSxq0+XbmHik/QKO2eaarLQcPYg0mDTqqkUV71iC+Jh37MODTgOQqMvDFwDsw1ZXgTKuRda7
eTw5x8CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCbu5qO0Ik7jHZclFqxarVHJUl0BDfdq+RX/Ygytuh3a
LnYMICLCktxL5iOyaFewB97fNfd486v1g9ncwGUEgNUOu/vCwjo4SwaDY98smnEbWMI3WjpWb3B8FWcB
/9naGI0jrCjSMMBynkRE37lydIwh9AyzBcJnZPGYfo8Q/nBHA==

Original comment by j...@wayf.dk on 4 Nov 2011 at 9:55

Attachments:

GoogleCodeExporter commented 9 years ago 
Sorry wrong patch appended

Original comment by j...@wayf.dk on 7 Nov 2011 at 9:44

Attachments:

GoogleCodeExporter commented 9 years ago 
Tnx for the certificate, I'm looking into this right now.

Original comment by vanliero...@gmail.com on 7 Nov 2011 at 4:41

GoogleCodeExporter commented 9 years ago 
I found out that the the proc_open() call in 
sspmod_janus_Shell_Command_Abstract::execute() does not return any data when 
certificate is invalid which causes the error you get. I will keep you posted

Original comment by vanliero...@gmail.com on 8 Nov 2011 at 10:56

GoogleCodeExporter commented 9 years ago 
Quite a busy day today (we've met 2 of your colleagues also) but I found the 
root of the error. Does have something to do with detached (called via 
proc_open instead of directly from commandline) processes sometimes do not 
return error info. This seems fixable. I will commit a fix tomorrow.

Original comment by vanliero...@gmail.com on 8 Nov 2011 at 4:23

GoogleCodeExporter commented 9 years ago 
I've just committed r934 which fixes the fact that wrong certificates break the 
validation.

Original comment by vanliero...@gmail.com on 9 Nov 2011 at 2:12

GoogleCodeExporter commented 9 years ago 
Merged fixes to trunk in r943

Original comment by vanliero...@gmail.com on 17 Nov 2011 at 9:15

GoogleCodeExporter commented 9 years ago

Original comment by j...@wayf.dk on 24 Nov 2011 at 2:00