Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-8955

SCEP renewal should give nice error message when renewal cert does not exist

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Cosmetic
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 7.4.0
    • Component/s: Protocols
    • Labels:
    • Issue discovered during:
      Another issue
    • Sprint:
      EJBCA Team Alice -2020 w10

      Description

      Trying to do a SCEP renewal (SCEP CA mode, new request for an existing end entity that is in status generated, but does not have any certificates issued to it) currently fails (as it should) but with a not-nice looking error message in the log.

       

      2020-03-18 08:20:05,959 ERROR [org.jboss.as.ejb3.invocation] (default task-255) WFLYEJB0034: EJB Invocation failed on component ScepMessageDispatcherSessionBean for method public abstract byte[] org.ejbca
      .core.protocol.scep.ScepMessageDispatcherSessionLocal.dispatchRequest(org.cesecore.authentication.tokens.AuthenticationToken,java.lang.String,java.lang.String,java.lang.String) throws org.ejbca.core.proto
      col.NoSuchAliasException,java.security.cert.CertificateEncodingException,org.cesecore.certificates.ca.CADoesntExistsException,org.cesecore.authorization.AuthorizationDeniedException,org.ejbca.core.ejb.ra.
      NoSuchEndEntityException,org.cesecore.certificates.certificate.exception.CustomCertificateSerialNumberException,org.cesecore.keys.token.CryptoTokenOfflineException,org.cesecore.certificates.certificate.Il
      legalKeyException,org.cesecore.certificates.ca.SignRequestException,org.cesecore.certificates.ca.SignRequestSignatureException,org.ejbca.core.model.ca.AuthStatusException,org.ejbca.core.model.ca.AuthLogin
      Exception,org.cesecore.certificates.ca.IllegalNameException,org.cesecore.certificates.certificate.CertificateCreateException,org.cesecore.certificates.certificate.CertificateRevokeException,org.cesecore.c
      ertificates.certificate.exception.CertificateSerialNumberException,org.cesecore.certificates.ca.IllegalValidityException,org.cesecore.certificates.ca.CAOfflineException,org.cesecore.certificates.ca.Invali
      dAlgorithmException,java.security.SignatureException,java.security.cert.CertificateException,org.cesecore.certificates.certificate.certextensions.CertificateExtensionException,org.ejbca.ui.web.protocol.Ce
      rtificateRenewalException: javax.ejb.EJBException: java.lang.IllegalStateException: End entity with username user has status generated, but no certificate was found. RequestDN: 'CN=user', end entity DN: '
      CN=User Usersson'.
       at org.jboss.as.ejb3//org.jboss.as.ejb3.tx.CMTTxInterceptor.handleExceptionInOurTx(CMTTxInterceptor.java:188)
       at org.jboss.as.ejb3//org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:277)
       at org.jboss.as.ejb3//org.jboss.as.ejb3.tx.CMTTxInterceptor.required(CMTTxInterceptor.java:332)
       
      

      We can make that a better error message by using a for-purpose exception. No difference in functionality, looks better in the log, as it is a case that we handle gracefully.

       

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              tomas Tomas Gustavsson
              Reporter:
              tomas Tomas Gustavsson
              Verified by:
              Mike Agrenius Kushner
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 10 minutes
                  10m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 10 minutes
                  10m