Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-2192

Support other than DN in CMP recipient field

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: EJBCA 4.0.3
    • Fix Version/s: EJBCA 4.0.4
    • Component/s: Protocols
    • Labels:
      None

      Description

      If a Cmp CertConf message received from a client contains only an altname, such as "dnsName: foo.bar.com" ejbca will give an exception.


      16:52:52,146 ERROR [CmpMessageDispatcher] Exception during CMP processing:
      > java.lang.IllegalArgumentException: unknown object in factory:
      > org.bouncycastle.asn1.DERIA5String
      > at org.bouncycastle.asn1.x509.X509Name.getInstance(Unknown Source)
      > at
      > org.ejbca.core.protocol.cmp.CmpConfirmResponseMessage.create(CmpConfirmResponseMessage.java:124)
      >
      > at
      > org.ejbca.core.protocol.cmp.ConfirmationMessageHandler.handleMessage(ConfirmationMessageHandler.java:210)
      >


      This happens when CmpConfirmResponseMessage.java tries to copy the recipient field to the sender field,
      X509Name sender = X509Name.getInstance(getSender().getName());

      a dnsName is fully valid asn.1, albeit a bit unexpected perhaps?

      We can easily copy the whole GeneralName directly to sender and recipient fields, instead of making:
      GeneralName -> X509Name -> GeneralName. This will avoid some code as well and make things more efficient (admittedly not very much though).

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              tomas Tomas Gustavsson
              Reporter:
              tomas Tomas Gustavsson
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: