[ECA-8681] CRLData query wrongly assumes unique result - PrimeKey Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Cosmetic
Resolution: Fixed
Affects Version/s: EJBCA 7.1.0
Fix Version/s: EJBCA 7.4.3
Component/s: None
Labels:
- TeamBobSprint

Issue discovered during:
Review

Description

org.cesecore.certificates.crl.CRLData.crlExistsForCa(EntityManager, String) JavaDoc is incorrect.

The method

    /**
     * @return true if at least one CRL exists for the given CA.
     */
    public static boolean crlExistsForCa(final EntityManager entityManager, final String issuerDn) {
        final Query query = entityManager
                .createQuery("SELECT a.crlNumber FROM CRLData a WHERE a.issuerDN=:issuerDN");
        query.setParameter("issuerDN", issuerDn);
        return QueryResultWrapper.getSingleResult(query) != null;
    }

is lacking a query.setMaxResults(1); and will throw a javax.persistence.NonUniqueResultException if there is more than one CRL present for the issuer (even full+delta or partitions).

Since it is currently only used to check for an illegal state from org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean.renewCAInternal(AuthenticationToken, int, String, Date, boolean, String) there is no real impact, but future use of this API could fail worse.

Attachments

Issue Links

is caused by

ECA-7935 Add crlPartitionIndex column in CRLData

Closed

relates

ECA-9434 Multiple CRLs with different CRL partition indexes after upgrade causes NonUniqueResultException

Closed

Activity

People

Assignee:: Tomas Gustavsson

Reporter:: Johan Eklund

Verified by:: Jekaterina Bunina

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2019-11-01 22:53

Updated:: 2020-09-10 09:19

Resolved:: 2020-09-02 08:21

Time Tracking

Estimated:

10m

Remaining:

10m

Logged:

Not Specified