Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-7965

Document CertTools.verify behavior for bad params with JUnit test

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: EJBCA 6.15.0.1
    • Fix Version/s: EJBCA 7.1.0
    • Component/s: None
    • Labels:
      None
    • Provenance:
      Internal Delivery
    • Sprint:
      EJBCA Team Bob - 2019 w10

      Description

      When building an OCSP signing entry EJBCA can end up with the following exception:

      ERROR [org.jboss.ejb3.invocation] (MSC service thread 1-7) JBAS014134: EJB Invocation failed on component OcspResponseGeneratorSessionBean for method public abstract void org.cesecore.certificat
      es.ocsp.OcspResponseGeneratorSessionLocal.initTimers(): java.lang.ArrayIndexOutOfBoundsException: 0
              at org.cesecore.util.CertTools.verify(CertTools.java:3004) [cesecore-common.jar:]
              at org.cesecore.certificates.ocsp.OcspResponseGeneratorSessionBean.getCaCertificateChain(OcspResponseGeneratorSessionBean.java:525) [cesecore-ejb.jar:]
              at org.cesecore.certificates.ocsp.OcspResponseGeneratorSessionBean.makeOcspSigningCacheEntry(OcspResponseGeneratorSessionBean.java:428) [cesecore-ejb.jar:]
              at org.cesecore.certificates.ocsp.OcspResponseGeneratorSessionBean.reloadOcspSigningCache(OcspResponseGeneratorSessionBean.java:403) [cesecore-ejb.jar:]
              at org.cesecore.certificates.ocsp.OcspResponseGeneratorSessionBean.initTimers(OcspResponseGeneratorSessionBean.java:237) [cesecore-ejb.jar:]
      

      Add another test case for CertTools.verify(X509Certificate certificate, Collection<X509Certificate> caCertChain) to make it clear that this is caused by an empty, but non-null collection being passed to this call.

        Attachments

          Activity

            People

            • Assignee:
              johan Johan Eklund
              Reporter:
              johan Johan Eklund
              Verified by:
              Samuel Lidén Borell
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 10 minutes
                10m