DCM-tools icon indicating copy to clipboard operation
DCM-tools copied to clipboard

Published 20 hours ago verified publisher icon ThePrez

dcmassign - not working

Open richardm90 opened this issue 1 year ago • 3 comments

I've tried using the dcmassign command to assign my certificate to a HTTP server instance.

It didn't work!

The first problem I hit was when trying to pass the Application Id on the command line like this.

dcmassign -v --cert="CN=rmwebsrv.rmsoftwareservices.co.uk" QIBM_HTTP_SERVER_RMWEBSRV

This returned the message ERROR: Application ID is required. I've worked out why this occurs and I'll submit a PR to correct it but I need a hand with the next part. I'm not a Java developer nor very familiar with the JTOpen/JT400 classes!

When I ran the command again I got the message The parameter [1]: Parameter value is not valid.. After reviewing the parameters, which all looked OK, I decided to turn trace on and this showed me the problem.

Thread[main,5,main]  Tue Oct 31 11:40:51:019 GMT 2023  Parameter list length is larger than 7 parameters, all parameters must be passed as pointers. The parameter   1
ava.lang.Throwable
	at com.ibm.as400.access.Trace.logData(Trace.java:776)
	at com.ibm.as400.access.Trace.log(Trace.java:836)
	at com.ibm.as400.access.Trace.log(Trace.java:960)
	at com.ibm.as400.access.ServiceProgramCall.run(ServiceProgramCall.java:320)
	at com.github.ibmioss.dcmtools.utils.DcmApiCaller.runServiceProgram(DcmApiCaller.java:308)
	at com.github.ibmioss.dcmtools.utils.DcmApiCaller.callQycdUpdateCertUsage(DcmApiCaller.java:197)
	at com.github.ibmioss.dcmtools.DcmAssignCmd.main(DcmAssignCmd.java:158)

There appears to be some restriction when the number of parameters if greater than 7. The QycdUpdateCertUsage API has 8 parameters. I then decided to review the ServiceProgramCall docs.

This was interesting as it pointed out a couple of possibilities regarding parameters, notably it mentions the following.

  • Up to seven parameters can be passed to the service program.
  • When pass by reference, the data is copied from Java storage to system storage, then a pointer to the system storage is passed to the service program.
  • Up to four bytes can be passed by value. Parameters longer than four bytes must be passed by reference which may require a change to the service program.

If I change all of the parameters to be passed by reference it works but before I submit a PR I'd like to understand the impact of this change. Maybe service program call parameters should always be passed by reference? Can anyone help? I guess the real question is how do I decide whether the parameter should be passed by reference or value?

Changing the parameter types for the renew command should also help with issue #43 and PR #48.

richardm90 avatar Oct 31 '23 12:10 richardm90

Your question reminded me of another product that needed to convert to a different CCSID after getting their certificate. The IBM i High Availability product states how to convert to CCSID 819 after getting the certificate from PASE. [https://www.ibm.com/docs/en/i/7.5?topic=ssw_ibm_i_75/rzaig/rzaigconfighmcrest.html] (url)

tlhaze avatar Nov 02 '23 16:11 tlhaze

I am getting the same error. our company is moving toward 90 day certs and we'll need some type of a way to automate the cert process.

bdietz400 avatar May 30 '24 15:05 bdietz400

On IBM i PASE to convert US English EBCDIC to ISO 8859-1 (CCSID 819 == ISO 8859-1; Latin Alphabet No. 1):

/usr/bin/iconv -f IBM037 -t ISO8859-1 <my_infile >my_outfile

jwoehr avatar May 30 '24 17:05 jwoehr