Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-9326

SCEP approvals only works with soft Crypto Tokens, not HSM.

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: EJBCA 7.4.0
    • Fix Version/s: EJBCA 7.4.1
    • Component/s: None
    • Labels:
    • Environment:
      EJBCA 7.4.0, WildFly 14.0.1, MariaDB, mariadb-java-client-2.2.6.jar, OS-RedHat 7.6
    • Issue discovered during:
      Customer

      Description

      ScepMessageDispatcherSessionBean.createPendingResponseMessage accidentally sets the BC provider only.

      ret.setSignKeyInfo(racertColl, signingKey, BouncyCastleProvider.PROVIDER_NAME);

      It should set the provider used by the CA token:

      ret.setSignKeyInfo(racertColl, signingKey, caCryptoToken.getSignProviderName());

       

      This causes a failure to create the pending response when using an HSM for the CA keys. Without approvals it will work, because pending responses are only used together with approvals.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              tomas Tomas Gustavsson
              Reporter:
              rubinaa Rubina Akram
              Verified by:
              Henrik Sunmark
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 15 minutes
                  15m
                  Remaining:
                  Time Spent - 10 minutes Remaining Estimate - 5 minutes
                  5m
                  Logged:
                  Time Spent - 10 minutes Remaining Estimate - 5 minutes
                  10m