Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-8018

For Signed CMP messages, signed error message may not be signed with the expected signature for some errors

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 7.1.0
    • Component/s: None
    • Labels:
      None
    • Issue discovered during:
      Another issue
    • Sprint:
      EJBCA Team Bob - 2019 w10, EJBCA Team Alice - 2019 w13

      Description

      We match response signature to the request signature by setting:

      // If message was signed, use the same signature alg in response
      if(crmfreq.getHeader().getProtectionAlg() != null) {
          if (LOG.isDebugEnabled()) {
              LOG.debug("CRMF request message header has protection alg: " + crmfreq.getHeader().getProtectionAlg().getAlgorithm().getId());
          }
          crmfreq.setPreferredDigestAlg(AlgorithmTools.getDigestFromSigAlg(crmfreq.getHeader().getProtectionAlg().getAlgorithm().getId()));
      } else if (LOG.isDebugEnabled()) {
          LOG.debug("CRMF request message header has no protection alg, using default alg in response.");
      }
      
      

      If some errors, like not able to find user, happens the error response is signed, but it's signed with the default signature algorithm because we set the preferredAlgo too late.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              tomas Tomas Gustavsson
              Reporter:
              tomas Tomas Gustavsson
              Verified by:
              Henrik Sunmark
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 1 hour
                  1h
                  Remaining:
                  Time Spent - 30 minutes Remaining Estimate - 30 minutes
                  30m
                  Logged:
                  Time Spent - 30 minutes Remaining Estimate - 30 minutes
                  30m