Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-7568

OCSP unathorized (6) error adds blank line to OCSP transaction log

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: EJBCA 6.15.0.2
    • Fix Version/s: EJBCA 7.0.0
    • Component/s: None
    • Labels:
      None
    • Sprint:
      EJBCA Team Alice - 2019 w2

      Description

      When OCSP query with a wrong issuer certificate:

      "

      [user@centos7verification Desktop]$ openssl ocsp -issuer /home/user/SubCAOCSP5.pem -CAfile 2-chain.pem -cert 22.pem -req_text -resp_text -url http://192.168.122.100:8080/ejbca/publicweb/status/ocsp
      OCSP Request Data:
      Version: 1 (0x0)
      Requestor List:
      Certificate ID:
      Hash Algorithm: sha1
      Issuer Name Hash: 594A4BA00BF9FA6FC1BBD152B8443CB286410D57
      Issuer Key Hash: 2705886A05292572EE04E25972FF6D68BDE71610
      Serial Number: 5516C132086253D2
      Request Extensions:
      OCSP Nonce:
      0410C62D8B76B4E7DEBBB86C41B3E4FCF6C6
      Responder Error: unauthorized (6)
      [user@centos7verification Desktop]$

      "

       

      The OCSP audit log and transaction log have the following entries:

      "

      [user@centos7verification jboss]$ cat standalone/log/audit.log
      13:50:31,651 DEBUG [org.cesecore.certificates.ocsp.logging.AuditLogger] (http-/0.0.0.0:8080-1) SESSION_ID:a7deddcbc0a87a647c3a825a589f828e;LOG ID:0;"2018-12-04 12:50:31.549+0000";REPLY TIME:102;
      TIME TO PROCESS:100;
      OCSP REQUEST:
      "306e306c304530433041300906052b0e03021a05000414594a4ba00bf9fa6fc1bbd152b8443cb286410d57041467a042f7eb081a54ec3a1a152e86c8f6d1bebd8502085516c132086253d2a2233021301f06092b0601050507300102041204109fac2e44ae76b6d602074ac3385f7718";
      OCSP RESPONSE:
      "308207ea0a0100a08207e3308207df06092b0601050507300101048207d0308207cc3081aca216041467a042f7eb081a54ec3a1a152e86c8f6d1bebd85180f32303138313230343132353033315a305c305a3041300906052b0e03021a05000414594a4ba00bf9fa6fc1bbd152b8443cb286410d57041467a042f7eb081a54ec3a1a152e86c8f6d1bebd8502085516c132086253d28000180f32303138313230343132353033315aa1023000a1233021301f06092b0601050507300102041204109fac2e44ae76b6d602074ac3385f7718300d06092a864886f70d01010b0500038202010088808ab94fd8a0e9b7e757304bb86218e19d19282af1fece4ccfc73525ed0e7ad146f4c97213e9478db59ce711bbe7e7ef55556f0f9ca13486ee004227e01cb968a178c4c754a8d816cc09f5b3fb60039264b8986329a13b1bdec75c8a01ea8f43aef5d65e11897da4c8f10a23f9aaeee037339a047f9c18f22173d04a7140d13e018bf464ddbf5c1c7f9da392100835feb00a5f19ac2aa18055d668fd225ca8178b47345e22e2f1f8c04427424b9dd742204adcb3a3294c0de57c3042aaadb74015c3fdce78674c49bc5ec3822fd367c9880befdf049c27d39d11268e94e72970fbcb20882f9e9fbe99fe77d7392f3ae0aafe961b417caac1218495a86512c4d35542e0047709c93b29794cd1acc091e197b91e07ef5e67559dfc1f5b477bf0570c212149ecdb7bb1e79a3df0ac6c3d5303db35d579890ca9f3823020441c3836c3a49efd103b7018bfedf2674d81c18bcf3177baf228678ba1c088e0677ae4f23c39e1b4ec157da6ab86aa717e16b8f85790eff1bb806b351fbca38a40f36a3de54ca47ba8d1cc05c5d6df31157a1f5c48bb799468b3b68ae8fe5fcc02a14471ec73b7aa95fc1ce2c5bb7ba97183c9af2fb9ba60324352e486b9724b43e9a8ec83474faadc9827fba6930a811281140bf0eb6dee6968530a54ed227de07c01873d626e06e1f680d41ed44face3a7d0f44b4552e8ad29dcb36b7654ac5f2882a082050530820501308204fd308202e5a003020102020819ca0026e1f0abde300d06092a864886f70d01010b0500300c310a300806035504030c0132301e170d3138313133303134313334315a170d3238313132373134313334315a300c310a300806035504030c013230820222300d06092a864886f70d01010105000382020f003082020a0282020100baafd3cafe8fd67275fddfc3b2666808167bc0e1d947d6b8359028535ffcb2ff48950e28f91b1fb10fccd81ce3e486a89b519d39563755526eda86d6b2276cbc408533543329df065f7ddae9854441a03b68ccbadc28f065d573c08ac240f0b4de12865cb307e3b6d95314ffef054181cf3e3c59405fe15a9f3ea0943f27835b733195347bfd0117c4e0fcfab9b50e4856a8cdadb0978a0866ca9bc70a79ce619a37b5f264af91f91c294c09fd72ec3af760e361cb47829434a09c59f14f124f74fd0a83633fa99a2c7a9a27b522252056518ba120bd593cb0a95b3ddd480a5930adbd1dc5ed1d1b3629d9c5bc9376f7b5d5cbfe40fec5342b4867865ddd2a2435a2e556d3fa55577bf2c3787dceb2ca4701138473ef4fd9550fa3c8cafbc5a373ebc32cc79f37f05c79872436cf4355c6f99c2b7ecae434dccfb364762e44c74111dd437ee6465746d80323c15d76d789378c1810af92be3705dd5aec8be6f5f38eb54da88a6ed4fdb52123cfdae5c3772216fb440d1616d16869e09d23497d16d63c02eeb0a3f62d4944a8465d374f725059a1d30a3c4b68d2967da0969466c082434d193de97a6df2a0c6747d23fd5c6039d9548c7f56acf48f482be5e6fc0b98797c04c4ab91829e55bab518896c24fe1d4c30c41c77a23c150cf3340e1f779fdb823638a10e13fa2d0c4bf279d434127059c8672e49557346ecf72069b90203010001a3633061300f0603551d130101ff040530030101ff301f0603551d2304183016801467a042f7eb081a54ec3a1a152e86c8f6d1bebd85301d0603551d0e0416041467a042f7eb081a54ec3a1a152e86c8f6d1bebd85300e0603551d0f0101ff040403020186300d06092a864886f70d01010b050003820201004013c52fa643f1b458ef2168f34b80995faa9e1c2efbca4f02e154a801989e4ddca4df8f9fd2013485ceb2fc522e471e0caa1c6e54ad488f2bd794c8413c8ea8fd8fa08254a88b04893ef04365ff775195240ab3ffbee3bcfda1c6a1eb3b71b56c1663251f3bd53a696a14e3dfdb8abee94ea27b3c1d8e9fb5ed32f537b9e6dd25728126105956ddb48ab92f9216b6f71432256974466f13895c0c6de6d8c21fe883de20f8bd064bbe2f258565c860d6a87f8a56e1782a9b924de805939edb38689efbe4ac922b9e5366c71b468c80acf74ec9c697f1725d99af287d640d6de83600e49f569b665fe46e6bd99a2069f95dfb9d6046fdecacbbecdfbdf791acb55a3648b473eb4d052509b8593e55378336682592caef0b91742eeccae90edb3975a23c27a24af772b738b517871817911e1f368be1286bdf664017a32b2a555e2a55164df9e914b653e9a3011a821ff836d15d51bfbd86c09fd01ec291a5d540e8041cbfd058f6041069953561ccf8bf4b9e2280ca3ee6154bba328d5c14aa6d06f902641d1f5f9ade316022283e9b5a90fc59390edd46bd05d4d765b90809bb82ba8c77ea2ff2564a0cc4d9928beeb987d9145a116aa40e2f093bb75d0394069967199d5af6e5ef754fbcd144c3d2397133d5f99ffe9eb54fd17c1c346ad8e32bcc2bb5353f8cd12b9c0789a135c3278cdb240c8522898341cfcdc4b17365b5";
      STATUS:0
      13:50:39,323 DEBUG [org.cesecore.certificates.ocsp.logging.AuditLogger] (http-/0.0.0.0:8080-1) SESSION_ID:a7deddcbc0a87a647c3a825a589f828e;LOG ID:1;"2018-12-04 12:50:39.261+0000";REPLY TIME:62;
      TIME TO PROCESS:62;
      OCSP REQUEST:
      "306e306c304530433041300906052b0e03021a05000414594a4ba00bf9fa6fc1bbd152b8443cb286410d57041467a042f7eb081a54ec3a1a152e86c8f6d1bebd8502085516c132086253d2a2233021301f06092b060105050730010204120410e0a530e0f4c47afb1f5483fda7d6b8c0";
      OCSP RESPONSE:
      "308207ea0a0100a08207e3308207df06092b0601050507300101048207d0308207cc3081aca216041467a042f7eb081a54ec3a1a152e86c8f6d1bebd85180f32303138313230343132353033395a305c305a3041300906052b0e03021a05000414594a4ba00bf9fa6fc1bbd152b8443cb286410d57041467a042f7eb081a54ec3a1a152e86c8f6d1bebd8502085516c132086253d28000180f32303138313230343132353033395aa1023000a1233021301f06092b060105050730010204120410e0a530e0f4c47afb1f5483fda7d6b8c0300d06092a864886f70d01010b05000382020100aa03584871674e8cddbd5855aa3c1109561b1c7594f78fa09f81e0bd533445ea31b2e875f4f3b7396b16c3f4a34d1381bbf0da24f6832d67656137ce520c298223f4128c5381bb613e27f94510181091813f9b1427185588957dbc6c61ad6aa871787a9353e5de6cf4e7ceed32cfdc123d44ab8c7f4768d69b45f9f10f743c3809acb2d3070ef3fdfd7b2eec45c5c082e35f5eff88cbb021f64e1a3fa3d12104d4b10368354bbd6c4866e009bf93bb10f0b7c901c008d00561f6a540eba07bf9e6a7191edbb37e95aae2c5fcbb359e3df1e13d64da0c63a9b9ce27a42a18a452c36d645780162e8dfe02598a4669ab0e72c46b8c5ca4bad7958189867522c3df8d6131822fda046778f1224d19a5369722409941294aca30e127c1a53b0a9766103a6bf64677cd9d7bd889b148a0c921e64d8397f1c1e8c8481380096be5f08cd0fe5a44ef5d27f4bc14b83129f5bdd451a310851ce49a53cab000c36483e01356516b8d26288c7da04e3decdce011c3c9494df5e56419431180b40dd0f1ae72eda1067735ee29ef3283c9e0b65d8361d11fca9aeae6342d1a10d4766fa2d8aa32a479a32a2010574c4ff0f5be211f57139243b5f75db5caab4c593f70d5c262a763d3d6394096045a4d364c296128df99472f3b7330214b9046da8b354fa9af3178505e84e5fb80c518cb05b2a5440b97057b5150cc6c5bb9e46bd6a913491aa082050530820501308204fd308202e5a003020102020819ca0026e1f0abde300d06092a864886f70d01010b0500300c310a300806035504030c0132301e170d3138313133303134313334315a170d3238313132373134313334315a300c310a300806035504030c013230820222300d06092a864886f70d01010105000382020f003082020a0282020100baafd3cafe8fd67275fddfc3b2666808167bc0e1d947d6b8359028535ffcb2ff48950e28f91b1fb10fccd81ce3e486a89b519d39563755526eda86d6b2276cbc408533543329df065f7ddae9854441a03b68ccbadc28f065d573c08ac240f0b4de12865cb307e3b6d95314ffef054181cf3e3c59405fe15a9f3ea0943f27835b733195347bfd0117c4e0fcfab9b50e4856a8cdadb0978a0866ca9bc70a79ce619a37b5f264af91f91c294c09fd72ec3af760e361cb47829434a09c59f14f124f74fd0a83633fa99a2c7a9a27b522252056518ba120bd593cb0a95b3ddd480a5930adbd1dc5ed1d1b3629d9c5bc9376f7b5d5cbfe40fec5342b4867865ddd2a2435a2e556d3fa55577bf2c3787dceb2ca4701138473ef4fd9550fa3c8cafbc5a373ebc32cc79f37f05c79872436cf4355c6f99c2b7ecae434dccfb364762e44c74111dd437ee6465746d80323c15d76d789378c1810af92be3705dd5aec8be6f5f38eb54da88a6ed4fdb52123cfdae5c3772216fb440d1616d16869e09d23497d16d63c02eeb0a3f62d4944a8465d374f725059a1d30a3c4b68d2967da0969466c082434d193de97a6df2a0c6747d23fd5c6039d9548c7f56acf48f482be5e6fc0b98797c04c4ab91829e55bab518896c24fe1d4c30c41c77a23c150cf3340e1f779fdb823638a10e13fa2d0c4bf279d434127059c8672e49557346ecf72069b90203010001a3633061300f0603551d130101ff040530030101ff301f0603551d2304183016801467a042f7eb081a54ec3a1a152e86c8f6d1bebd85301d0603551d0e0416041467a042f7eb081a54ec3a1a152e86c8f6d1bebd85300e0603551d0f0101ff040403020186300d06092a864886f70d01010b050003820201004013c52fa643f1b458ef2168f34b80995faa9e1c2efbca4f02e154a801989e4ddca4df8f9fd2013485ceb2fc522e471e0caa1c6e54ad488f2bd794c8413c8ea8fd8fa08254a88b04893ef04365ff775195240ab3ffbee3bcfda1c6a1eb3b71b56c1663251f3bd53a696a14e3dfdb8abee94ea27b3c1d8e9fb5ed32f537b9e6dd25728126105956ddb48ab92f9216b6f71432256974466f13895c0c6de6d8c21fe883de20f8bd064bbe2f258565c860d6a87f8a56e1782a9b924de805939edb38689efbe4ac922b9e5366c71b468c80acf74ec9c697f1725d99af287d640d6de83600e49f569b665fe46e6bd99a2069f95dfb9d6046fdecacbbecdfbdf791acb55a3648b473eb4d052509b8593e55378336682592caef0b91742eeccae90edb3975a23c27a24af772b738b517871817911e1f368be1286bdf664017a32b2a555e2a55164df9e914b653e9a3011a821ff836d15d51bfbd86c09fd01ec291a5d540e8041cbfd058f6041069953561ccf8bf4b9e2280ca3ee6154bba328d5c14aa6d06f902641d1f5f9ade316022283e9b5a90fc59390edd46bd05d4d765b90809bb82ba8c77ea2ff2564a0cc4d9928beeb987d9145a116aa40e2f093bb75d0394069967199d5af6e5ef754fbcd144c3d2397133d5f99ffe9eb54fd17c1c346ad8e32bcc2bb5353f8cd12b9c0789a135c3278cdb240c8522898341cfcdc4b17365b5";
      STATUS:0
      13:56:06,567 DEBUG [org.cesecore.certificates.ocsp.logging.AuditLogger] (http-/0.0.0.0:8080-1) SESSION_ID:a7deddcbc0a87a647c3a825a589f828e;LOG ID:2;"2018-12-04 12:56:06.558+0000";REPLY TIME:9;
      TIME TO PROCESS:8;
      OCSP REQUEST:
      "306e306c304530433041300906052b0e03021a05000414594a4ba00bf9fa6fc1bbd152b8443cb286410d5704142705886a05292572ee04e25972ff6d68bde7161002085516c132086253d2a2233021301f06092b060105050730010204120410c62d8b76b4e7debbb86c41b3e4fcf6c6";
      OCSP RESPONSE:
      "30030a0106";
      STATUS:6
      [user@centos7verification jboss]$ cat standalone/log/transactions.log
      13:50:31,660 DEBUG [org.cesecore.certificates.ocsp.logging.TransactionLogger] (http-/0.0.0.0:8080-1) a7deddcbc0a87a647c3a825a589f828e;0;0;0"192.168.122.100";"0";"0";0;"2018-12-04 12:50:31.548+0000";112;109;1;0;0;0;0;0;0;0;"CN=2";594a4ba00bf9fa6fc1bbd152b8443cb286410d57;67a042f7eb081a54ec3a1a152e86c8f6d1bebd85;1.3.14.3.2.26;5516c132086253d2;0;1;
      13:50:39,324 DEBUG [org.cesecore.certificates.ocsp.logging.TransactionLogger] (http-/0.0.0.0:8080-1) a7deddcbc0a87a647c3a825a589f828e;1;0;0"192.168.122.100";"0";"0";0;"2018-12-04 12:50:39.261+0000";63;63;1;0;0;0;0;0;0;0;"CN=2";594a4ba00bf9fa6fc1bbd152b8443cb286410d57;67a042f7eb081a54ec3a1a152e86c8f6d1bebd85;1.3.14.3.2.26;5516c132086253d2;0;1;
      13:56:06,567 DEBUG [org.cesecore.certificates.ocsp.logging.TransactionLogger] (http-/0.0.0.0:8080-1)
      [user@centos7verification jboss]$

      "

       

        Attachments

          Activity

            People

            Assignee:
            amin Amin Khorsandi
            Reporter:
            blanca.morales@primekey.com Blanca Morales
            Verified by:
            Henrik Sunmark
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 2 days
                2d
                Remaining:
                Time Spent - 1 day, 4 hours, 30 minutes Remaining Estimate - 3 hours, 30 minutes
                3h 30m
                Logged:
                Time Spent - 1 day, 4 hours, 30 minutes Remaining Estimate - 3 hours, 30 minutes
                1d 4h 30m