Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-5813

Improve error message on browser enrollment key generation failure

    Details

    • Issue discovered during:
      Customer
    • Sprint:
      6.8.0 Sprint 4

      Description

      Firefox does not handle failures from PKCS#11 tokens when doing key generation, instead it sends the string "High Grade" (or "Medium Grade"). This causes an IOException in EJBCA:

      java.lang.IllegalStateException: Unexpected IOException was caught.
          at org.ejbca.ui.web.RequestHelper.nsCertRequest(RequestHelper.java:158)
          at org.ejbca.ui.web.pub.RequestInstance.doPost(RequestInstance.java:395)
      [...]
          at java.lang.Thread.run(Thread.java:745)
      Caused by: java.io.EOFException: DEF length 40 object truncated by 33
          at org.bouncycastle.asn1.DefiniteLengthInputStream.read(Unknown Source)
          at org.bouncycastle.asn1.ASN1InputStream.getBMPCharBuffer(Unknown Source)
          at org.bouncycastle.asn1.ASN1InputStream.createPrimitiveDERObject(Unknown Source)
          at org.bouncycastle.asn1.ASN1InputStream.buildObject(Unknown Source)
          at org.bouncycastle.asn1.ASN1InputStream.readObject(Unknown Source)
          at org.ejbca.ui.web.RequestHelper.nsCertRequest(RequestHelper.java:155)
          ... 52 more

      To reproduce, you can add SoftHSM as a Security Module in the browser, and then making SoftHSM fail key generation in some way (I did this by corrupting the SoftHSM slot file)

      We should check if the parameter has any of these values, or an empty string, and report a different error.

        Attachments

          Activity

            People

            Assignee:
            samuel Samuel Lidén Borell
            Reporter:
            samuel Samuel Lidén Borell
            Verified by:
            Mike Agrenius Kushner
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 2 hours
                2h
                Remaining:
                Time Spent - 30 minutes Remaining Estimate - 1 hour, 30 minutes
                1h 30m
                Logged:
                Time Spent - 30 minutes Remaining Estimate - 1 hour, 30 minutes
                30m