Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-9485

Regression: XmlSerializer does not B64 encode non-ASCII strings, causing audit record to fail in some cases

    Details

      Description

      The XmlSerializer class does not encode strings with non-ASCII characters as Base64. This can cause audit logging to fail if all of the following conditions are met:

      • The database software is MySQL/MariaDB.
      • The database character set is the non-standard MySQL/MariaDB variant of UTF-8, which is called "utf8" (the real UTF-8 encoding is called "utf8mb4")
      • Audit logging to database is enabled (the default setting).
      • A Unicode character, which is not in the Basic Multilingual Plane, appears in the audit log details (e.g. the added/changed/removed entries)

      When the audit logging fails, the attempted operation is rolled back (for example, creating a crypto token in EJBCA).

      This causes a test failure in StatedumpTest, when a crypto token alias name has a special characters. A such name is created by another test. In the test, a stack trace can be seen:

      org.cesecore.audit.log.AuditRecordStorageException: Failed to write audit log to at least one device.
      	at org.cesecore.audit.log.InternalSecurityEventsLoggerSessionBean.log(InternalSecurityEventsLoggerSessionBean.java:86)
      	at org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52)
      	[...]
      	at org.cesecore.audit.log.InternalSecurityEventsLoggerSessionLocal$$$view380.log(Unknown Source)
      	at org.cesecore.audit.log.SecurityEventsLoggerSessionBean.log(SecurityEventsLoggerSessionBean.java:94)
      	at org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52)
      	[...]
      	at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:73)
      	at org.cesecore.audit.log.SecurityEventsLoggerSessionLocal$$$view272.log(Unknown Source)
      	at org.cesecore.keys.token.CryptoTokenManagementSessionBean.createCryptoToken(CryptoTokenManagementSessionBean.java:381)
      	at org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52)
      	[...]
      	at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:73)
      	at org.cesecore.keys.token.CryptoTokenManagementSessionLocal$$$view265.createCryptoToken(Unknown Source)
      	at org.ejbca.statedump.ejb.StatedumpSessionBean.importCryptoTokens(StatedumpSessionBean.java:599)
      	at org.ejbca.statedump.ejb.StatedumpSessionBean.performImport(StatedumpSessionBean.java:252)
      	at org.ejbca.statedump.ejb.StatedumpSessionBean.performImport(StatedumpSessionBean.java:230)
      	at org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52)
      	[...]
      	at com.sun.proxy.$Proxy14.performImport(Unknown Source)
      	at org.ejbca.ui.statedump.command.ImportCommand.execute(ImportCommand.java:218)
      	[...]
      	at org.ejbca.ui.statedump.test.StatedumpTest.test02ExportAndImport(StatedumpTest.java:424)
      

      And an error in server log:

      Caused by: java.sql.SQLException: Incorrect string value: '\xE1\xBA\xBD\xC4\x87\xC2...' for column `ejbcatest`.`AuditRecordData`.`additionalDetails` at row 1
              at deployment.mariadb-java-client.jar//org.mariadb.jdbc.internal.protocol.AbstractQueryProtocol.readErrorPacket(AbstractQueryProtocol.java:1594)
              [...]
              at deployment.mariadb-java-client.jar//org.mariadb.jdbc.ClientSidePreparedStatement.executeInternal(ClientSidePreparedStatement.java:221)
              ... 316 more
      

      This appears to be a regression caused by ECA-6284

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              samuel Samuel Lidén Borell
              Reporter:
              samuel Samuel Lidén Borell
              Verified by:
              Henrik Sunmark, Lauri Kongas
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 day, 2 hours
                  1d 2h