Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-8681

CRLData query wrongly assumes unique result

    Details

    • Type: Bug
    • Status: Open
    • Priority: Cosmetic
    • Resolution: Unresolved
    • Affects Version/s: EJBCA 7.1.0
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Issue discovered during:
      Review

      Description

      org.cesecore.certificates.crl.CRLData.crlExistsForCa(EntityManager, String) JavaDoc is incorrect.

      The method

          /**
           * @return true if at least one CRL exists for the given CA.
           */
          public static boolean crlExistsForCa(final EntityManager entityManager, final String issuerDn) {
              final Query query = entityManager
                      .createQuery("SELECT a.crlNumber FROM CRLData a WHERE a.issuerDN=:issuerDN");
              query.setParameter("issuerDN", issuerDn);
              return QueryResultWrapper.getSingleResult(query) != null;
          }
      

      is lacking a query.setMaxResults(1); and will throw a javax.persistence.NonUniqueResultException if there is more than one CRL present for the issuer (even full+delta or partitions).

      Since it is currently only used to check for an illegal state from org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean.renewCAInternal(AuthenticationToken, int, String, Date, boolean, String) there is no real impact, but future use of this API could fail worse.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              johan Johan Eklund
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated: