Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-7167

Regression: Cannot generate keystore with autogenerated password from RA

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 6.14.0
    • Component/s: None
    • Labels:
    • Issue discovered during:
      Customer
    • Sprint:
      EJBCA Sprint 17

      Description

      It is not possible to generate a keystore with an autogenerated password from RA. The use case could be self-registration, or perhaps simply enforcing good random passwords.

      Steps to reproduce:

      • Create an End Entity Profile with password set to auto-generated.
        (In a real world use case, one would also enable notifications and send the password via e-mail)
      • Allow keystore generation in this profile (P12, JKS and PEM)
      • Try to enroll from the RA using this profile.

      Expected result:

      • Should work. (TODO: decide if the RA operator should receive the keystore at this point, or if only the user should get a link via e-mail)

      Actual result:

      • You get LOGIN_FAILURE

      Why it happens:
      EnrollMakeNewRequestBean creates keystores using two separate RaMasterApi method calls. First it creates the End Entity (which gets assigned a random password) using addUser(). Second it tries to generate a keystore using generateKeyStore(), but EnrollMakeNewRequestBean does not have the password, so the authentication fails.

      If, in the use case, the RA operator needs to download the keystore directly from the RA web (rather than from an e-mail link), we would need to restructure the two API calls into one API call.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                katja_helmes Jekaterina Bunina
                Reporter:
                samuel Samuel Lidén Borell
                Verified by:
                Tomas Gustavsson
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 days, 6 hours
                  2d 6h