Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-7099

CRL generation as CRL Issue interval can miss some intervals

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 6.14.0
    • Component/s: None
    • Labels:
    • Stakeholder:
      Customer
    • Issue discovered during:
      Customer
    • Sprint:
      EJBCA Sprint 15

      Description

      The code for generating a new CRL based on specific CRL issue interval looks good in general, but it can miss issuance just based on a few milliseconds.

      A normal setting is for example to have CRL Expire period to 1d and Issue interval to 15m

      In the normal case, if crlissueinterval is used:

      if (crlissueinterval > 0) {

      nextUpdate is set to "long u = lastBaseCrlInfo.getCreateDate().getTime() + crlissueinterval;"

      Which is correct, next update is the old CRL create time + issue interval.

       

      But next when determining if to create the CRL now we check:

      if (now.getTime() + overlap >= nextUpdate)

      and since we set "overlap = 0" when issue interval is used, the service just has to run 1 second before "u" in order for the CRL to not be created.

      I would suggest to set:

      overlap = addtocrloverlaptime;

      instead of:

      overlap = 0;

      To take the interval the service is running on in consideration. I.e. if the CRL service runs every 15 minutes anew CRL with issue interval 15m will be created, even if the sevrice happens to run 1 second (or 1 minute) too early.

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                tomas Tomas Gustavsson
                Reporter:
                tomas Tomas Gustavsson
                Verified by:
                Bastian Fredriksson
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 day
                  1d