OCSP installation (and possibly KRA as well) with external certs fails on F28+.
Steps to reproduce: 1. Install CA (http://www.dogtagpki.org/wiki/Installing_CA) 2. Run OCSP installation step 1 (http://www.dogtagpki.org/wiki/Installing_KRA_with_External_Certificates) 3. Use CA to issue OCSP certs 4. Run OCSP installation step 2
Actual result: Installation will fail with the following message:
pkispawn : DEBUG ....... Error Type: TypeError pkispawn : DEBUG ....... Error Message: Object of type 'bytes' is not JSON serializable pkispawn : DEBUG ....... File "/usr/lib/python3.6/site-packages/pki/server/pkispawn.py", line 534, in main scriptlet.spawn(deployer) File "/usr/lib/python3.6/site-packages/pki/server/deployment/scriptlets/configuration.py", line 1064, in spawn json.dumps(data, cls=pki.encoder.CustomTypeEncoder)) File "/usr/lib64/python3.6/json/__init__.py", line 238, in dumps **kw).encode(obj) File "/usr/lib64/python3.6/json/encoder.py", line 199, in encode chunks = self.iterencode(o, _one_shot=True) File "/usr/lib64/python3.6/json/encoder.py", line 257, in iterencode return _iterencode(o, 0) File "/usr/lib/python3.6/site-packages/pki/encoder.py", line 92, in default return json.JSONEncoder.default(self, o) File "/usr/lib64/python3.6/json/encoder.py", line 180, in default o.__class__.__name__) Installation failed: Object of type 'bytes' is not JSON serializable
Expected result: Installation should complete successfully.
Apparently the pki.system.ConfigurationRequest object cannot be serialized into JSON because it contains bytes:
{'token': 'Internal Key Storage Token', 'isClone': 'false', 'secureConn': 'false', 'importAdminCert': 'true', 'generateServerCert': 'true', 'pin': 'D8of0wWDpUtOb9F9guy6', 'subsystemName': 'OCSP vm-171-084.abc.idm.lab.eng.brq.redhat.com 8443', 'external': True, 'standAlone': False, 'securityDomainType': 'existingdomain', 'securityDomainUri': 'https://vm-171-040.abc.idm.lab.eng.brq.redhat.com:8443', 'securityDomainUser': 'caadmin', 'securityDomainPassword': 'Secret.123', 'dsHost': 'vm-171-084.abc.idm.lab.eng.brq.redhat.com', 'dsPort': '389', 'baseDN': 'dc=ocsp,dc=pki,dc=example,dc=com', 'bindDN': 'cn=Directory Manager', 'database': 'ocsp', 'bindpwd': 'Secret.123', 'createNewDB': 'true', 'removeData': 'true', 'sharedDB': 'true', 'sharedDBUserDN': 'uid=pkidbuser,ou=people,o=pki-tomcat-CA', 'backupKeys': 'false', 'adminEmail': 'ocspadmin@example.com', 'adminName': 'ocspadmin', 'adminPassword': 'Secret.123', 'adminProfileID': 'caAdminCert', 'adminUID': 'ocspadmin', 'adminSubjectDN': 'cn=PKI Administrator,e=ocspadmin@example.com,ou=pki-tomcat,o=EXAMPLE', 'adminCert': b'-----BEGIN CERTIFICATE-----\nMIIDjTCCAnWgAwIBAgIBCzANBgkqhkiG9w0BAQsFADBIMRAwDgYDVQQKDAdFWEFN\r\nUExFMRMwEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENl\r\ncnRpZmljYXRlMB4XDTE4MDgxNzE3MTMyNloXDTE5MDIxMzE4MTMyNlowGzEZMBcG\r\nCgmSJomT8ixkAQEMCW9jc3BhZG1pbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC\r\nAQoCggEBAL5P35X7CacPC69yNkCi+++F02jPqJ0RhC1ozmJAj4H9g9J5kpRd1sEC\r\nCR6+mESS2YtRNvOVdiYYL0LKzDPcu4uGepP0UO0XG3pTlI+UvqJKuaufdKvbasGB\r\nrUCECvB2RWoLkb2khlNlec3Mj6QdO9McFxrFHRJCcu9JtM2H/5moSXcz6f5IWpnU\r\nVAuP660sFOZhDyauoDiB0YyGaLN+AdRZR3ZnrU5OsqnQuLDHfXjfO0gjpB7KZKb9\r\n1zzRCc17Lwg0YMP3qPUAMktLFdeIRfXjtc+NSZgMyRsCW7HXX0gmLslOBLboh6KN\r\nAEAu1qXjpwcAcZp84cVG3JNPPWAa41sCAwEAAaOBrjCBqzAfBgNVHSMEGDAWgBR5\r\n4mrMYfOf99lK5XqeQMpMMigXjjBZBggrBgEFBQcBAQRNMEswSQYIKwYBBQUHMAGG\r\nPWh0dHA6Ly92bS0xNzEtMDQwLmFiYy5pZG0ubGFiLmVuZy5icnEucmVkaGF0LmNv\r\nbTo4MDgwL2NhL29jc3AwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUF\r\nBwMCBggrBgEFBQcDBDANBgkqhkiG9w0BAQsFAAOCAQEANjEFau+pTHQkfVBUiTrh\r\nWFfmTkKOqNsGmO9I1trEKAOFfjC9BUSSPAYlxAd9siKQZAeEf6M6lnw/plsox1RI\r\n8AobxxhHSfltlO9kq59LN2g1jwlM2vM0fmmUPmS5aL3b3329e2XE5WAaTehZQtdD\r\nOpyrCQEfKGcqsIP0ykz4Q3NHsqNlJ6jwtLvwVnaed8LHTgQwbKfhPOXpFEtNCL5V\r\nm9/XWCVl6A95xGbaho6QxOlTM0wpIp2OFAWM81JOGBMrfY7H9nHB+ZmKXMJnZGtV\r\nrZ//FSArnGwhiS6NEc8Gqx6kUr7atIxfb6remAtMr5pC1xRHz1nLau6dSIDB0rmI\r\n9w==\n-----END CERTIFICATE-----\n', 'replicationPassword': '', 'issuingCA': 'https://vm-171-040.abc.idm.lab.eng.brq.redhat.com:8443', 'systemCertsImported': False, 'generateSubsystemCert': 'true', 'systemCerts': [<pki.system.SystemCertData object at 0x7f7f135028d0>, <pki.system.SystemCertData object at 0x7f7f14d4eba8>, <pki.system.SystemCertData object at 0x7f7f10db7ef0>, <pki.system.SystemCertData object at 0x7f7f10db7198>]}
Metadata Update from @edewata: - Custom field component adjusted to None - Custom field feature adjusted to None - Custom field origin adjusted to None - Custom field proposedmilestone adjusted to None - Custom field proposedpriority adjusted to None - Custom field reviewer adjusted to None - Custom field type adjusted to None - Custom field version adjusted to None
Metadata Update from @edewata: - Custom field cc adjusted to cheimes
Metadata Update from @edewata: - Custom field cc adjusted to @cheimes (was: cheimes)
Fixed in master:
Metadata Update from @edewata: - Issue assigned to edewata
Metadata Update from @edewata: - Issue close_status updated to: fixed - Issue set to the milestone: 10.6.7 - Issue status updated to: Closed (was: Open)
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/3170
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.