0

UNABLE TO ADD DISABLED ATTRIBUTE TO CERTIFICATE, IDENTITY AND TRUST STORE.

Hello,

We have an automated solution for venafi cert , identity and trust store creation developed in perl scripts. We are facing an issue an unable to find the cause of it. Below is the description of same.

We are trying to add Disabled attribute with value set as 0 for jks cert , identity and trust store. The attribute gets set/add successfully, However when we go and read the attribute for verification it is not found and our verification fails.

A. Below is the snippet for code which is handling add attribute task.

This is main calling code (Value passed here is 0)
$createDevice->updateProcessingDisabled( $certPath, '0');
#set disable value to 0 for Identity key
$createDevice->updateProcessingDisabled( $deviceIdentityPath, '0');
#set disable value to 0 for Trust key
$createDevice->updateProcessingDisabled( $deviceTrustPath, '0');

 

B. This code is being called from above main (Here attribute is Disabled)

sub updateProcessingDisabled {

my ($self, $objectPath, $disable) = @_;
#my $completeIdentityKeyPath = $self->getGroupKeyStorePath($dc);

#print "Identity Store Object PATH=" . $completeIdentityKeyPath . "\n";
print "\n\n",'*' x 80,"\n";
print "Updating Disabled value for Object PATH=". $objectPath;
print " with Disable value=",$disable;
print "\n",'*' x 80;
if ( $self->{_verbose} ) {
print "In verbose\n";
print "Object PATH=" . $objectPath . "\n";
}
print "\n\n",'*' x 80,"\n";
#Updating Identity key store
$self->{_venafi}->addValue($objectPath, 'Disabled', $disable);
print "\n",'*' x 80;
}

C. Below code does the addition of attribute. The code is running fine so please ignore any syntax error if missed during copy paste.

sub addValue {
my ( $self, $objectPath, $attribute, $value ) = @_;

my $urlPath = '/Config/AddValue';

my %request_body_map = ( 'ObjectDN' => $objectPath, 'AttributeName' => $attribute, 'Value' => $value );

my $response = $self->postCommand( $urlPath, %request_body_map );

if ( ! defined $response ) {
print "ERROR: FAIL to add the value", $objectPath, "\n";
return undef;
}
elsif ( $response->{'Result'} == 1) {
print "INFO: SUCCESSFULLY added the value: ", $objectPath, "\n";
return 1;

}

 

Below is what verification code looks like

sub readAttribute {
my ( $self, $objectPath, $attribute ) = @_;

my $urlPath = '/Config/Read';

my %request_body_map = ( 'ObjectDN' => $objectPath, 'AttributeName' => $attribute );
my $response = $self->postCommand( $urlPath, %request_body_map );

if ( defined $response ) {
my @values = @{ $response->{'Values'} };
return @{ $response->{'Values'} };
}
else {
print "ERROR occurred.\n";
return -1;
}
}

 

Please help us with the issue. Either it could be that Disabled attribute has gone and no more used but, in venafi document I read the attribute still exist or it can be some other issue.

Venafi version is 19.4.0.3361

Regards

Inderjeet Singh

4 comments

Please sign in to leave a comment.