Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-4347

Race condition when multiple RA threads are requesting certificates for the same user

    Details

    • Type: Bug
    • Status: Open
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: EJBCA 6.2.6
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      Customer reports an occasional issue with RAs issuing 2 or more certificates with the same username at the same time causing an exception due to one beating the other to change STATUS in the USERDATA table.

      The typical usecase are RAs making +400 certificateRequests against the same user.

      A couple of solutions have been proposed to customer, the preferred one is as follows:

      1. certificateRequest avoids setting status to NEW and calls down the stack over local interface with flag that UserData status does not need to be checked.
      2. Once a certificate has been issued when this flag is set, the UserData is never updated unless 1. it does not exist or 2. status was something else than GENERATED (also decrease request counter in such a case). This would also save parts of the database writes when renewing end entities.

      Initially PrimeKey will perform a test investigation of 10d to investigate the feasibility of the proposed solution and formulate a testing strategy.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                mikek Mike Agrenius Kushner
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:

                  Time Tracking

                  Estimated:
                  Original Estimate - 2 weeks
                  2w
                  Remaining:
                  Remaining Estimate - 2 weeks
                  2w
                  Logged:
                  Time Spent - Not Specified
                  Not Specified