Pin reset operation using tpsclient fails
Steps to Reproduce:
tpsclient pin reset request is as follows op=var_set name=ra_host value=ibm-x3650m4-02-vm-04.lab.eng.bos.redhat.com op=var_set name=ra_port value=31849 op=var_set name=ra_uri value=/tps/tps op=token_set cuid=10000000000000000001 msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0 op=token_set auth_key=404142434445464748494a4b4c4d4e4f op=token_set mac_key=404142434445464748494a4b4c4d4e4f op=token_set kek_key=404142434445464748494a4b4c4d4e4f op=ra_reset_pin uid=idmuser1 pwd=redhat new_pin=redhat num_threads=1 extensions=tokenType=userKey op=exit
Actual results:
pin reset fails
Expected results:
pin reset should be successful
Additional info:
TPS debug log has the following messages: [12/Jun/2015:11:29:55][http-bio-31849-exec-19]: TPSEnrollProcessor.isTokenRecordPresent: 10%00%00%00%00%00%00%00%00%01% [12/Jun/2015:11:29:55][http-bio-31849-exec-19]: LDAPDatabase: getRecord("10000000000000000001") [12/Jun/2015:11:29:55][http-bio-31849-exec-19]: In LdapBoundConnFactory::getConn() [12/Jun/2015:11:29:55][http-bio-31849-exec-19]: masterConn is connected: true [12/Jun/2015:11:29:55][http-bio-31849-exec-19]: getConn: conn is connected true [12/Jun/2015:11:29:55][http-bio-31849-exec-19]: getConn: mNumConns now 2 [12/Jun/2015:11:29:55][http-bio-31849-exec-19]: LDAPDatabase: reading ou=Tokens,dc=pki-tps1 [12/Jun/2015:11:29:55][http-bio-31849-exec-19]: returnConn: mNumConns now 3 [12/Jun/2015:11:29:55][http-bio-31849-exec-19]: TPSEnrollProcessor.enroll: found token... [12/Jun/2015:11:29:55][http-bio-31849-exec-19]: TPSPinResetProcessor.resetPin(): Token status: ACTIVE [12/Jun/2015:11:29:55][http-bio-31849-exec-19]: TPSProcessor.getResolverInstanceName: entering for operaiton : pinReset [12/Jun/2015:11:29:55][http-bio-31849-exec-19]: TPSProcessor.getResolverInstanceName: config: op.pinReset.mappingResolver [12/Jun/2015:11:29:55][http-bio-31849-exec-19]: TPSProcessor.getResolverInstanceName: returning: pinResetProfileMappingResolver [12/Jun/2015:11:29:55][http-bio-31849-exec-19]: TPSProcessor.createFilterMappingParams: after new MappingFilterParams [12/Jun/2015:11:29:55][http-bio-31849-exec-19]: TPSProcessor.createFilterMappingParams: MappingFilterParams set [12/Jun/2015:11:29:55][http-bio-31849-exec-19]: TPSPinResetProcessor.resetPin(): resolved tokenType: null [12/Jun/2015:11:29:55][http-bio-31849-exec-19]: TPSProcessor.checkProfileStateOK() [12/Jun/2015:11:29:55][http-bio-31849-exec-19]: TPSProcessor.checkAndAuthenticateUser: getting config: op.pinReset.null.auth.enable [12/Jun/2015:11:29:55][http-bio-31849-exec-19]: checkAndAuthenticateUser: opPrefox: op.pinReset [12/Jun/2015:11:29:55][http-bio-31849-exec-19]: TPSProcessor.getAuthentication [12/Jun/2015:11:29:55][http-bio-31849-exec-19]: TPSProcessor.checkAndAuthenticateUser:: authentication exception thrown: java.lang.NullPointerException [12/Jun/2015:11:29:55][http-bio-31849-exec-19]: LDAPDatabase: addRecord("20150612112955489000.4e") [12/Jun/2015:11:29:55][http-bio-31849-exec-19]: In LdapBoundConnFactory::getConn() [12/Jun/2015:11:29:55][http-bio-31849-exec-19]: masterConn is connected: true [12/Jun/2015:11:29:55][http-bio-31849-exec-19]: getConn: conn is connected true [12/Jun/2015:11:29:55][http-bio-31849-exec-19]: getConn: mNumConns now 2 [12/Jun/2015:11:29:55][http-bio-31849-exec-19]: LDAPDatabase: adding cn=20150612112955489000.4e,ou=Activities,dc=pki-tps1 [12/Jun/2015:11:29:55][http-bio-31849-exec-19]: returnConn: mNumConns now 3 [12/Jun/2015:11:29:55][http-bio-31849-exec-19]: TPSSession.process: Message processing failed: TPS error user authentication failed:java.lang.NullPointerException [12/Jun/2015:11:29:55][http-bio-31849-exec-19]: TPSMessage.write: Writing: s=43&msg_type=13&operation=3&result=1&message=14 [12/Jun/2015:11:29:55][http-bio-31849-exec-19]: TPSSession.process: leaving: result: 1 status: STATUS_ERROR_LOGIN
Per CS/DS meeting of 06/15/2015: 10.2.6
Patch submitted for very simple fix.
Checkin:
commit ac979100dfa45ff3d194349fdec093aa076815f8 Author: Jack Magne jmagne@localhost.localdomain Date: Fri Jun 26 15:31:46 2015 -0700
Fix Pin Reset tokenType resolution. Ticket #1423 Pin reset operation using tpsclient fails. Recently we had added a new way to resolve the profile. That new method was not used in the PinReset Processor. This fix addresses that and allows the Pin Reset operation to complete.
Metadata Update from @mharmsen: - Issue assigned to jmagne - Issue set to the milestone: 10.2.6
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1983
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.