Description: ClassNotFoundException when trying to install and configure scep
Package: pki-10.8.0-0.1
Environment: Fedora 30
Steps to Reproduce:
Configure scep by following the upstream instructions: https://www.dogtagpki.org/wiki/SCEP_Setup
CS.cfg: ... ca.scep.allowedEncryptionAlgorithms=DES,DES3 ca.scep.allowedHashAlgorithms=MD5,SHA1,SHA256,SHA512 ca.scep.enable=true ca.scep.encryptionAlgorithm=DES ca.scep.hashAlgorithm=MD5 ca.scep.nonceSizeLimit=16 ...
Also
$ sscep getca -u http://$HOSTNAME:8080/ca/cgi-bin/pkiclient.exe -c ca.crt
And verify by running
$ openssl x509 -in ca.crt -text
$ /usr/bin/mkrequest -ip 172.16.24.238 Uojs93wkfd0IS
and when trying to test enroll the followng error is generated: (Could not unwrap PKCS10 blob: java.security.cert.CertificateException: Error instantiating class for challenge_password java.lang.ClassNotFoundException):
(Could not unwrap PKCS10 blob: java.security.cert.CertificateException: Error instantiating class for challenge_password java.lang.ClassNotFoundException):
Logs:
# sscep enroll -u http://$HOSTNAME:8080/ca/cgi-bin/pkiclient.exe -c ca.crt -k local.key -r local.csr -l cert.crt -d sscep: starting sscep, version 0.6.1 sscep: new transaction sscep: transaction id: D41D8CD98F00B204E9800998ECF8427E sscep: hostname: ca.lvm.postmet.com sscep: directory: ca/cgi-bin/pkiclient.exe sscep: port: 8080 sscep: Read request with transaction id: 9A6C3918C54DB994E7E951505983A181 sscep: generating selfsigned certificate sscep: SCEP_OPERATION_ENROLL sscep: sending certificate request sscep: creating inner PKCS#7 sscep: inner PKCS#7 in mem BIO sscep: request data dump -----BEGIN CERTIFICATE REQUEST----- MIIBmz..........GDEWMBQGA1UEAwwNMTcyLjE2LjI0LjIzODCBnzANBgkqhkiG 9w0BAQEFAAOBjQAwgYkCgYEAsfeobE3UTqt4Sd9vPnyG+ugzbW9uG1nXlm8Vv39M ACJqfgxU6os8Kh6sElQcjXn5lNiy8L7VAX/Oqyp2SEcb4qAoIMCBMTLN7UzRHIpQ Kr9c6oZIcvUc0mBWpDbv3jcqdTfF1MoIs2/qyAVPg2f5sZ42V1w8IDZ6TM3JZK6/ ckUCAwEAAaBDMBwGCSqGSIb3DQEJBzEPDA1Vb2pzOTN3a2ZkMElTMCMGCSqGSIb3 DQEJDjEWMBQwEgYDVR0RAQH/BAgwBocErBAY7jANBgkqhkiG9w0BAQsFAAOBgQA5 URuLsrH0bKtBqrNiaPT1nMQ+fRAJ6Ckjfj/pQsyXO0Nll7blBdbErOtSzDR5yV91 g6/oin5LPn/RwT1hATfjCniF4UVfotLnFjKQe7icsS82gl2FNT+pG1CjTAqxJqZO oBe+ZWzs4cx7wHerjk5u8baz79XFfkQyCdL6QRVlTA== -----END CERTIFICATE REQUEST----- sscep: data payload size: 415 bytes sscep: hexdump request payload 3082019b3082010402010030183116301406035504030c0d3137322e31362e32342e323 33830819f300d06092a864886f70d010101050003818d0030818902818100b1f7a86c4d d44eab7849df6f3e7c86fae8336d6f6e1b59d7966f15bf7f4c00226a7e0c54ea8b3c2a1 eac12541c8d79f994d8b2f0bed5017fceab2a7648471be2a02820c0813132cded4cd11c 8a502abf5cea864872f51cd26056a436efde372a7537c5d4ca08b36feac8054f8367f9b 19e36575c3c20367a4ccdc964aebf72450203010001a043301c06092a864886f70d0109 07310f0c0d556f6a733933776b6664304953302306092a864886f70d01090e311630143 0120603551d110101ff040830068704ac1018ee300d06092a864886f70d01010b050003 81810039511b8bb2b1f46cab41aab36268f4f59cc43e7d1009e829237e3fe942cc973b4 36597b6e505d6c4aceb52cc3479c95f7583afe88a7e4b3e7fd1c13d610137e30a7885e1 455fa2d2e71632907bb89cb12f36825d85353fa91b50a34c0ab126a64ea017be656cece 1cc7bc077ab8e4e6ef1b6b3efd5c57e443209d2fa4115654c sscep: hexdump payload 415 sscep: successfully encrypted payload sscep: envelope size: 956 bytes sscep: printing PEM fomatted PKCS#7 -----BEGIN PKCS7----- MIIDu..........NAQcDoIIDqTCCA6UCAQAxggHYMIIB1AIBADCBuzCBpTELMAkG A1UEBhMCU0MxGTAXBgNVBAgTEE1haGUsIFNleWNoZWxsZXMxHDAaBgNVBAoTE1Bv c3RNZXQgQ29ycG9yYXRpb24xGTAXBgNVBAsTEFNTTCBrZXkgZGl2aXNpb24xIDAe BgNVBAMTF1Bvc3RNZXQgUm9vdCBDQSBDbGFzcyAxMSAwHgYJKoZIhvcNAQkBFhFh ZG1pbkBwb3N0bWV0LmNvbQIRE0hlg2RXY0h1Y0doMWQ1h8EwDQYJKoZIhvcNAQEB BQAEggEAgHq5KowCLbOAX/E3YRrheGwmQqHHHCf2mPHEAx835nifRSd1pPbU9587 8zOFihn+BY76caLss0eJyjTmh68mksh9Qzgc8sewyPWWgq2ilnE3eZtiiGpjf6Gj e7AN38gY4y6MU0NU04r/E16tcPAuP+/7mmrr+Lh4PYxSn/LkXFy9GOdnGaTmaphv L0qwxb1pS4OO765cumy5IFyJHAn3O5EyNJYuxNPuoXu8azxACKb19SVnEuay0Z2W L0/WCYMNpN6kdX/1KceTlg6Gu8oxqVwBvHUewLvn91Lyy8d+EgPMJOPTXRnZSC49 U4AUes2yA9Idbt4ZLNNIktdsK6MhgjCCAcIGCSqGSIb3DQEHATARBgUrDgMCBwQI +d5X8SPX45KAggGg1CRRmVhAwHcj2zE7uScsfMUzyDiuw3c7fdy3W653pYswYVel CpqQbK6chMv6ya1OCi3G1dMY3+M1sa21nc30tpAeF1MonFD9YSTuvTJVYHo5gAob mjnhNsYL+7H0VGWiRzmDNG+HzgUzQbrdk5vFd/4Wbc5UMTy++7PdXO8e+e300FTl iM96uijNS6QoZruM8vp2eNn1IymLwFv8xfwibJnzAz0SYXpbRJK9I+39g5rGA1/s uTRAa7W2Bc4lp71ROdsHBH3aJDYkzcrffd9nGy+b5icnRZa2S6TJTOEQkWpQos5k YQMi8+/3Chb8IBeH8HQ6/23PjjqIFVAHxj+pPlpiN4psx/10i9WAHzMBfUnodpPE +yqKLTFmo037A/LNEH4NorN9E/yPDsHVp3gwjMG60cLO9ipQHCMMjpCxQF4jwaTC 5W0fZd8uVZyayBXR0qLKBAhhtz6Y6k3zcXUBNjqKO1tyCUemndxLbuMPBMB1JZ7c Km7TipKk+LCMNBwVbLFIPCGQUchzGnJD+fzaQKLTca9fKieLpca8Ui/Ur8o= -----END PKCS7----- sscep: creating outer PKCS#7 sscep: signature added successfully sscep: adding signed attributes sscep: adding string attribute transId sscep: adding string attribute messageType sscep: adding octet attribute senderNonce sscep: PKCS#7 data written successfully sscep: printing PEM fomatted PKCS#7 -----BEGIN PKCS7----- MIIHc..........NAQcCoIIHYjCCB14CAQExDjAMBggqhkiG9w0CBQUAMIIDzwYJ KoZIhvcNAQcBoIIDwASCA7wwggO4BgkqhkiG9w0BBwOgggOpMIIDpQIBADGCAdgw ggHUAgEAMIG7MIGlMQswCQYDVQQGEwJTQzEZMBcGA1UECBMQTWFoZSwgU2V5Y2hl bGxlczEcMBoGA1UEChMTUG9zdE1ldCBDb3Jwb3JhdGlvbjEZMBcGA1UECxMQU1NM IGtleSBkaXZpc2lvbjEgMB4GA1UEAxMXUG9zdE1ldCBSb290IENBIENsYXNzIDEx IDAeBgkqhkiG9w0BCQEWEWFkbWluQHBvc3RtZXQuY29tAhETSGWDZFdjSHVjR2gx ZDWHwTANBgkqhkiG9w0BAQEFAASCAQCAerkqjAIts4Bf8TdhGuF4bCZCocccJ/aY 8cQDHzfmeJ9FJ3Wk9tT3nzvzM4WKGf4FjvpxouyzR4nKNOaHryaSyH1DOBzyx7DI 9ZaCraKWcTd5m2KIamN/oaN7sA3fyBjjLoxTQ1TTiv8TXq1w8C4/7/uaauv4uHg9 jFKf8uRcXL0Y52cZpOZqmG8vSrDFvWlLg47vrly6bLkgXIkcCfc7kTI0li7E0+6h e7xrPEAIpvX1JWcS5rLRnZYvT9YJgw2k3qR1f/Upx5OWDoa7yjGpXAG8dR7Au+f3 UvLLx34SA8wk49NdGdlILj1TgBR6zbID0h1u3hks00iS12wroyGCMIIBwgYJKoZI hvcNAQcBMBEGBSsOAwIHBAj53lfxI9fjkoCCAaDUJFGZWEDAdyPbMTu5Jyx8xTPI OK7Ddzt93LdbrnelizBhV6UKmpBsrpyEy/rJrU4KLcbV0xjf4zWxrbWdzfS2kB4X UyicUP1hJO69MlVgejmAChuaOeE2xgv7sfRUZaJHOYM0b4fOBTNBut2Tm8V3/hZt zlQxPL77s91c7x757fTQVOWIz3q6KM1LpChmu4zy+nZ42fUjKYvAW/zF/CJsmfMD PRJheltEkr0j7f2DmsYDX+y5NEBrtbYFziWnvVE52wcEfdokNiTNyt9932cbL5vm JydFlrZLpMlM4RCRalCizmRhAyLz7/cKFvwgF4fwdDr/bc+OOogVUAfGP6k+WmI3 imzH/XSL1YAfMwF9Seh2k8T7KootMWajTfsD8s0Qfg2is30T/I8OwdWneDCMwbrR ws72KlAcIwyOkLFAXiPBpMLlbR9l3y5VnJrIFdHSosoECGG3PpjqTfNxdQE2Ooo7 W3IJR6ad3Etu4w8EwHUlntwqbtOKkqT4sIw0HBVssUg8IZBRyHMackP5/NpAotNx r18qJ4ulxrxSL9SvyqCCAccwggHDMIIBLKADAgECAiA5QTZDMzkxOEM1NERCOTk0 RTdFOTUxNTA1OTgzQTE4MTANBgkqhkiG9w0BAQQFADAYMRYwFAYDVQQDDA0xNzIu MTYuMjQuMjM4MB4XDTE5MDkwOTA3MTIzMloXDTE5MDkxNTA5MTIzMlowGDEWMBQG A1UEAwwNMTcyLjE2LjI0LjIzODCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA sfeobE3UTqt4Sd9vPnyG+ugzbW9uG1nXlm8Vv39MACJqfgxU6os8Kh6sElQcjXn5 lNiy8L7VAX/Oqyp2SEcb4qAoIMCBMTLN7UzRHIpQKr9c6oZIcvUc0mBWpDbv3jcq dTfF1MoIs2/qyAVPg2f5sZ42V1w8IDZ6TM3JZK6/ckUCAwEAATANBgkqhkiG9w0B AQQFAAOBgQATop2OWQJzY3Axds0+9PGPAc0xGtlUQ462teCwgkm6bbrBr7eYhQeL gsT07aesE+37wrtOfmXBucDrdextS6OxW3g5KzC8Gp1yPXHglt8nUUESy9ooF490 TZDBIIQ5yBbMk+AYy0IOWQURlNcc8RJ5LmJXnbq4G/etkLGGyELXxDGCAakwggGl AgEBMDwwGDEWMBQGA1UEAwwNMTcyLjE2LjI0LjIzOAIgOUE2QzM5MThDNTREQjk5 NEU3RTk1MTUwNTk4M0ExODEwDAYIKoZIhvcNAgUFAKCBwTASBgpghkgBhvhFAQkC MQQTAjE5MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8X DTE5MDkwOTA3MTIzMlowHwYJKoZIhvcNAQkEMRIEEMhY6izfmIjbrJo0kGbUbbQw IAYKYIZIAYb4RQEJBTESBBDpm5bmNyqQpJbJXX9leZwfMDAGCmCGSAGG+EUBCQcx IhMgOUE2QzM5MThDNTREQjk5NEU3RTk1MTUwNTk4M0ExODEwDQYJKoZIhvcNAQEB BQAEgYBThSGDFq9BdXNiOmDxxgw03eEEpxHKTn5jwdHnHxR5nLq2IKmVicyAdyuu Ax/ohg2CAU8+g+k914OzYWMh611mmKu5UyliRmq5LofTgXxzF3duW6aeRkMWxpDb zMp1TGXlKryeo1uPpZ5xZ0GGPqbkhsFlgCc2mhn35B7M2bD4jg== -----END PKCS7----- sscep: applying base64 encoding sscep: base64 encoded payload size: 2588 bytes sscep: scep msg: GET /ca/cgi- bin/pkiclient.exe?operation=PKIOperation&message=MIIHc..........NAQcCoI IHYjCCB14CAQExDjAMBggqhkiG9w0CBQUAMIIDzwYJ%0AKoZIhvcNAQcBoIIDwASCA7wwgg O4BgkqhkiG9w0BBwOgggOpMIIDpQIBADGCAdgw%0AggHUAgEAMIG7MIGlMQswCQYDVQQGEw JTQzEZMBcGA1UECBMQTWFoZSwgU2V5Y2hl%0AbGxlczEcMBoGA1UEChMTUG9zdE1ldCBDb3 Jwb3JhdGlvbjEZMBcGA1UECxMQU1NM%0AIGtleSBkaXZpc2lvbjEgMB4GA1UEAxMXUG9zdE 1ldCBSb290IENBIENsYXNzIDEx%0AIDAeBgkqhkiG9w0BCQEWEWFkbWluQHBvc3RtZXQuY2 9tAhETSGWDZFdjSHVjR2gx%0AZDWHwTANBgkqhkiG9w0BAQEFAASCAQCAerkqjAIts4Bf8T dhGuF4bCZCocccJ/aY%0A8cQDHzfmeJ9FJ3Wk9tT3nzvzM4WKGf4FjvpxouyzR4nKNOaHry aSyH1DOBzyx7DI%0A9ZaCraKWcTd5m2KIamN/oaN7sA3fyBjjLoxTQ1TTiv8TXq1w8C4/7/ uaauv4uHg9%0AjFKf8uRcXL0Y52cZpOZqmG8vSrDFvWlLg47vrly6bLkgXIkcCfc7kTI0li 7E0%2B6h%0Ae7xrPEAIpvX1JWcS5rLRnZYvT9YJgw2k3qR1f/Upx5OWDoa7yjGpXAG8dR7A u%2Bf3%0AUvLLx34SA8wk49NdGdlILj1TgBR6zbID0h1u3hks00iS12wroyGCMIIBwgYJKo ZI%0AhvcNAQcBMBEGBSsOAwIHBAj53lfxI9fjkoCCAaDUJFGZWEDAdyPbMTu5Jyx8xTPI%0 AOK7Ddzt93LdbrnelizBhV6UKmpBsrpyEy/rJrU4KLcbV0xjf4zWxrbWdzfS2kB4X%0AUyi cUP1hJO69MlVgejmAChuaOeE2xgv7sfRUZaJHOYM0b4fOBTNBut2Tm8V3/hZt%0AzlQxPL7 7s91c7x757fTQVOWIz3q6KM1LpChmu4zy%2BnZ42fUjKYvAW/zF/CJsmfMD%0APRJheltEk r0j7f2DmsYDX%2By5NEBrtbYFziWnvVE52wcEfdokNiTNyt9932cbL5vm%0AJydFlrZLpMl M4RCRalCizmRhAyLz7/cKFvwgF4fwdDr/bc%2BOOogVUAfGP6k%2BWmI3%0AimzH/XSL1YA fMwF9Seh2k8T7KootMWajTfsD8s0Qfg2is30T/I8OwdWneDCMwbrR%0Aws72KlAcIwyOkLF AXiPBpMLlbR9l3y5VnJrIFdHSosoECGG3PpjqTfNxdQE2Ooo7%0AW3IJR6ad3Etu4w8EwHU lntwqbtOKkqT4sIw0HBVssUg8IZBRyHMackP5/NpAotNx%0Ar18qJ4ulxrxSL9SvyqCCAcc wggHDMIIBLKADAgECAiA5QTZDMzkxOEM1NERCOTk0%0ARTdFOTUxNTA1OTgzQTE4MTANBgk qhkiG9w0BAQQFADAYMRYwFAYDVQQDDA0xNzIu%0AMTYuMjQuMjM4MB4XDTE5MDkwOTA3MTI zMloXDTE5MDkxNTA5MTIzMlowGDEWMBQG%0AA1UEAwwNMTcyLjE2LjI0LjIzODCBnzANBgk qhkiG9w0BAQEFAAOBjQAwgYkCgYEA%0AsfeobE3UTqt4Sd9vPnyG%2BugzbW9uG1nXlm8Vv 39MACJqfgxU6os8Kh6sElQcjXn5%0AlNiy8L7VAX/Oqyp2SEcb4qAoIMCBMTLN7UzRHIpQK r9c6oZIcvUc0mBWpDbv3jcq%0AdTfF1MoIs2/qyAVPg2f5sZ42V1w8IDZ6TM3JZK6/ckUCA wEAATANBgkqhkiG9w0B%0AAQQFAAOBgQATop2OWQJzY3Axds0%2B9PGPAc0xGtlUQ462teC wgkm6bbrBr7eYhQeL%0AgsT07aesE%2B37wrtOfmXBucDrdextS6OxW3g5KzC8Gp1yPXHgl t8nUUESy9ooF490%0ATZDBIIQ5yBbMk%2BAYy0IOWQURlNcc8RJ5LmJXnbq4G/etkLGGyEL XxDGCAakwggGl%0AAgEBMDwwGDEWMBQGA1UEAwwNMTcyLjE2LjI0LjIzOAIgOUE2QzM5MTh DNTREQjk5%0ANEU3RTk1MTUwNTk4M0ExODEwDAYIKoZIhvcNAgUFAKCBwTASBgpghkgBhvh FAQkC%0AMQQTAjE5MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8 X%0ADTE5MDkwOTA3MTIzMlowHwYJKoZIhvcNAQkEMRIEEMhY6izfmIjbrJo0kGbUbbQw%0A IAYKYIZIAYb4RQEJBTESBBDpm5bmNyqQpJbJXX9leZwfMDAGCmCGSAGG%2BEUBCQcx%0AIh MgOUE2QzM5MThDNTREQjk5NEU3RTk1MTUwNTk4M0ExODEwDQYJKoZIhvcNAQEB%0ABQAEgY BThSGDFq9BdXNiOmDxxgw03eEEpxHKTn5jwdHnHxR5nLq2IKmVicyAdyuu%0AAx/ohg2CAU 8%2Bg%2Bk914OzYWMh611mmKu5UyliRmq5LofTgXxzF3duW6aeRkMWxpDb%0AzMp1TGXlKr yeo1uPpZ5xZ0GGPqbkhsFlgCc2mhn35B7M2bD4jg%3D%3D%0A HTTP/1.0 sscep: server returned status code 500 sscep: mime_err: HTTP/1.1 500 Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 3234 Date: Mon, 09 Sep 2019 07:12:32 GMT Connection: close <!doctype html><html lang="en"><head><title>HTTP Status 500 ā Internal Server Error</title><style type="text/css">h1 {font- family:Tahoma,Arial,sans-serif;color:white;background- color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans- serif;color:white;background-color:#525D76;font-size:16px;} h3 {font- family:Tahoma,Arial,sans-serif;color:white;background- color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans- serif;color:black;background-color:white;} b {font- family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font- size:12px;} a {color:black;} a.name {color:black;} .line {height:1px;background- color:#525D76;border:none;}</style></head><body><h1>HTTP Status 500 ā Internal Server Error</h1><hr class="line" /><p><b>Type</b> Exception Report</p><p><b>Message</b> Couldn't handle CEP request (PKCSReq) - Could not unwrap PKCS10 blob: java.security.cert.CertificateException: Error instantiating class for challenge_password java.lang.ClassNotFoundException: com.netscape.cms.servlet.cert.scep.ChallengePassword</p><p><b>Descripti on</b> The server encountered an unexpected condition that prevented it from fulfilling the request.</p><p><b>Exception</b></p><pre>javax.servlet.ServletException: Couldn't handle CEP request (PKCSReq) - Could not unwrap PKCS10 blob: java.security.cert.CertificateException: Error instantiating class for challenge_password java.lang.ClassNotFoundException: com.netscape.cms.servlet.cert.scep.ChallengePassword com.netscape.cms.servlet.cert.scep.CRSEnrollment.service(CRSEnr ollment.java:397) javax.servlet.http.HttpServlet.service(HttpServlet.java:741) sun.reflect.GeneratedMethodAccessor48.invoke(Unknown Source) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMetho dAccessorImpl.java:43) java.lang.reflect.Method.invoke(Method.java:498) org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.ja va:282) org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.ja va:279) java.security.AccessController.doPrivileged(Native Method) javax.security.auth.Subject.doAsPrivileged(Subject.java:549) org.apache.catalina.security.SecurityUtil.execute(SecurityUtil. java:314) org.apache.catalina.security.SecurityUtil.doAsPrivilege(Securit yUtil.java:170) java.security.AccessController.doPrivileged(Native Method) org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.j ava:53) sun.reflect.GeneratedMethodAccessor47.invoke(Unknown Source) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMetho dAccessorImpl.java:43) java.lang.reflect.Method.invoke(Method.java:498) org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.ja va:282) org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.ja va:279) java.security.AccessController.doPrivileged(Native Method) javax.security.auth.Subject.doAsPrivileged(Subject.java:549) org.apache.catalina.security.SecurityUtil.execute(SecurityUtil. java:314) org.apache.catalina.security.SecurityUtil.doAsPrivilege(Securit yUtil.java:253) </pre><p><b>Note</b> The full stack trace of the root cause is available in the server logs.</p><hr class="line" /><h3>Apache Tomcat/9.0.21</h3></body></html> sscep: wrong (or missing) MIME content type sscep: error while sending message
On initial investigation, the ClassNotFoundException might be due to the merge of cmscore jar into cms jar: https://github.com/dogtagpki/pki/commits/master/base/server/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java
ClassNotFoundException
Metadata Update from @dmoluguw: - Custom field component adjusted to None - Custom field feature adjusted to None - Custom field origin adjusted to None - Custom field proposedmilestone adjusted to None - Custom field proposedpriority adjusted to None - Custom field reviewer adjusted to None - Custom field type adjusted to None - Custom field version adjusted to None
The stack trace does not point to the origin of the exception, but based on the error message the ClassNotFoundException might have been generated by either one of these lines in JSS:
The code is trying to load a class using the class loader of the current class (i.e. OIDMap). Note that the OIDMap was moved from PKI to JSS last year which also changed the class loader in Tomcat (see https://tomcat.apache.org/tomcat-8.5-doc/class-loader-howto.html).
This will still require further investigation, but I suspect the recent merging of cmscore.jar and cms.jar was probably not the cause because it shouldn't have changed the class loader. It would be nice if the problem can be retested on PKI 10.7.x to confirm that.
Interestingly, it seems to reference two files which I can't find anywhere (in PKI, Java, or JSS):
x509extensions.oid
x509extensions.classes
Hello, we hit the same issue while using the current master Dogtag version.
As a workaround, we successfully tried the following solution:
org/mozilla/jss/netscape/security/pkcs/
we updated the /etc/pki/pki-tomcat/ca/CS.cfg config file to reflect the new class location:
/etc/pki/pki-tomcat/ca/CS.cfg
oidmap.challenge_password.class=org.mozilla.jss.netscape.security.pkcs.ChallengePassword
and used the custom JSS build in Dogtag.
Iām not sure if the class philosophically belongs to Dogtag or JSS but perhaps you might consider moving this class to JSS as a permanent solution to the problem?
We noticed that this class is also used from a few places in Dogtag so the references would need to be updated there. Thanks!
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/3224
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Metadata Update from @dmoluguw: - Issue close_status updated to: migrated - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.