Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-6865

Failure to publish to a Peer Publisher gives no error message in log in some cases


    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 7.0.0
    • Component/s: None
    • Labels:


      With a Ca and a VA connected with Peer Publisher. I have a Peer Publisher which tests succesfully. Trying to issue a CRL and publishing that through the Peer Publisher says "SUCCESS" on the CA, but failure on the VA.


      VA log:

      2018-05-04 10:02:27,206 DEBUG [org.ejbca.peerconnector.PeerConnectorServlet] (default task-73) peerMessageIn: PUBLISH_CRL data: 16447 byte(s).
      2018-05-04 10:02:27,206 INFO [org.cesecore.authorization.AuthorizationSessionBean] (default task-73) Authorization failed for CN=peerEndEntity of type X509CertificateAuthenticationToken for resource /ca/1198966592
      2018-05-04 10:02:27,206 INFO [org.ejbca.peerconnector.publisher.PeerPublishMessageListener] (default task-73) Denied peer with credential CN=peerEndEntity to publish CRL issued by CN=Management CA,O=PK-DM,C=AE
      2018-05-04 10:02:28,744 DEBUG [org.ejbca.peerconnector.PeerConnectorServlet] (default task-74) peerMessageIn: RA_MASTER_API_STATUS_REQUEST_MESSAGE data: 0 byte(s).
      2018-05-04 10:02:28,744 DEBUG [org.cesecore.authorization.AuthorizationSessionBean] (default task-74) Authorization failed for CN=peerEndEntity of type X509CertificateAuthenticationToken for resource /ra_master/invoke_api


      CA log:

      2018-05-04 12:02:27,201 DEBUG [org.cesecore.internal.CommonCacheBase] (default task-114) Update not needed CustomPublisherContainer in cache. Digest was 1719017555, cacheEntry digest was 1719017555
      2018-05-04 12:02:27,207 INFO [org.cesecore.audit.impl.log4j.Log4jDevice] (default task-114) 2018-05-04 12:02:27+02:00;PUBLISHER_STORE_CRL;SUCCESS;PUBLISHER;EJBCA;CN=SuperAdmin;;;;msg=Published object CRL success
      fully to publisher PeerPublisher.
      2018-05-04 12:02:27,207 DEBUG [org.cesecore.audit.log.InternalSecurityEventsLoggerSessionBean] (default task-114) LogDevice: Log4jDevice Proc: 0
      2018-05-04 12:02:27,210 DEBUG [org.cesecore.audit.log.InternalSecurityEventsLoggerSessionBean] (default task-114) LogDevice: IntegrityProtectedDevice Proc: 3
      2018-05-04 12:02:27,210 DEBUG [org.ejbca.core.ejb.ca.publisher.PublisherSessionBean] (default task-114) KeepPublishedInQueue: false
      2018-05-04 12:02:27,210 DEBUG [org.ejbca.core.ejb.ca.publisher.PublisherSessionBean] (default task-114) UseQueueForCRLs: true
      2018-05-04 12:02:27,212 DEBUG [org.ejbca.core.ejb.ca.publisher.PublisherQueueData] (default task-114) PublisherQueueVolatileData:
      <?xml version="1.0" encoding="UTF-8"?>
      <java version="1.8.0_162" class="java.beans.XMLDecoder">
      <object class="org.cesecore.util.Base64PutHashMap">
      <void method="put">
      <void method="put">
      <string>CN=Management CA,O=PK-DM,C=AE</string>

      2018-05-04 12:02:27,212 DEBUG [org.ejbca.core.ejb.ca.publisher.PublisherQueueData] (default task-114) Created Publisher queue data 17b8428a7f00010119a150d6f494168c
      2018-05-04 12:02:27,213 INFO [org.ejbca.core.ejb.ca.publisher.PublisherSessionBean] (default task-114) Stored publish to queue. Publisher PeerPublisher, fingerprint 5076f94d85589c527109f94eb9fe6c23552e3f03, stat
      us CRL


      So from the log entry that it was stored in the queue, you can "guess" that it failed publishing. But there should not be a PUBLISHER_STORE_CRL;SUCCESS log even, it should be logged as failure. It would also be good to see on the CA side what the failure was.



          Issue Links



              tomas Tomas Gustavsson
              tomas Tomas Gustavsson
              Verified by:
              Henrik Sunmark
              0 Vote for this issue
              3 Start watching this issue