Menu
▾
▴
[Ejbca-develop] Scep problems
|
From: Nuno M. <nun...@mu...> - 2005-07-22 15:28:42
|
Hi all,
I am developing a proxy for validating scep requests. I'am testing this=20
application with simple scep (as client).
With getca operation, everything is ok, but with getcrl operation, an=20
error occurrs.
Proxy processes does the following:
- get scep message
-decode it from BASE64 to DER format
-instantiate a PKCS#7 object
-just log attributes (for now)
-build a new pkcs#7
-encode it to BASE64
-encode it with URLEncode
-send it to ejbca
The error is the following:
2005-07-16 22:28:04,633 DEBUG [se.anatom.ejbca.protocol.ScepServlet]=20
>doGet()
2005-07-16 22:28:04,639 DEBUG [se.anatom.ejbca.protocol.ScepServlet]=20
query=20
string=3Doperation=3DPKIOperation&message=3DMIIG2gYJKoZIhvcNAQcCoIIGyzCCB=
scCAQExDjAMBggqhkiG9w0CBQUAMIIB9wYJKoZIhvcNAQcB%250D%250AoIIB6ASCAeQwggHg=
BgkqhkiG9w0BBwOgggHRMIIBzQIBADGCAVwwggFYAgEAMEAwNDERMA8GA1UE%250D%250AAxM=
IQWRtaW5DQTExEjAQBgNVBAoTCU1VTFRJQ0VSVDELMAkGA1UEBhMCUFQCCFU0Zqx1AOojMA0G=
%250D%250ACSqGSIb3DQEBAQUABIIBACNKNONkmdMLiMwfuKn8upD5eLeM9p7G3Wye%252Bqx=
hpKgsxI7HpLj5sslw%250D%250AnypzZvL53Xp6qg7vinhVBZJ%252Bew%252BOLnIMh1tTSL=
0Rpur1pzm2xigrgnkAU2f6JI9LkLkCej8ls8zx%250D%250A0xT8jjRByfxeUyRbSu0ILbayv=
P8OxpbTymJYrfI9%252Ba00T%252BcuG%252BNv86S%252BRlzUwy04O9DUxSYVtTt2%250D%=
250A5Edu%252B6%252FGYUJyZq671Qe%252BJeDCBqvhRIT%252FTBqpL9A5u26XqtKNNKv3G=
OjUQdrcOLmAGOI%252FE28G3L5B%250D%250ATTFhj0qRPPatDox%252Fd03L81DoKJkE0UrE=
GGNynhshqQ8rwcUlNYDtZ2lO%252FjAwaAYJKoZIhvcNAQcB%250D%250AMBEGBSsOAwIHBAh=
VIeboZ113dIBItrh%252FEK2i4MRJgWS6Qo3xaj42y4ounSN0Y3mBBJxqDtAABv70%250D%25=
0AQcOiicolr4SC3WIvZFo6evNn%252ButCBoX5eZeKXAkhP2RQVosfoIIDETCCAw0wggH1oAM=
CAQICCGJu%250D%250AX0u30%252BNnMA0GCSqGSIb3DQEBBQUAMDQxETAPBgNVBAMTCEFkbW=
luQ0ExMRIwEAYDVQQKEwlNVUxU%250D%250ASUNFUlQxCzAJBgNVBAYTAlBUMB4XDTA1MDUyN=
zA1NDAxMloXDTA3MDUyNzA1NTAxMlowFTETMBEG%250D%250AA1UEAxMKbm1hcnRpbnMxMDCB=
nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA55Yg5e12beoAYcNC%250D%250A3lnPHe3hXIq=
nlxxAHcC94nyA3S3lhq4YMlHWNzhQNtWEPjbNEExG1ddEj%252FfGBz2MrOYzfgVq0pus%250=
D%250AdiQ7QO%252Bwubd%252ByyIEgpRDlFZhbyjSNwR3jsL6IEsBWhZ6GGIQqZqGtfC6MbS=
fpJsEDxsuzUQD%252B2Nj%250D%250AN1MCAwEAAaOBxTCBwjAMBgNVHRMBAf8EAjAAMA4GA1=
UdDwEB%252FwQEAwIFoDA7BgNVHSUENDAyBggr%250D%250ABgEFBQcDAQYIKwYBBQUHAwIGC=
CsGAQUFBwMEBggrBgEFBQcDBQYIKwYBBQUHAwcwHQYDVR0OBBYE%250D%250AFB6Gy4YXckzd=
TnDXVB1XVl4uK3WDMB8GA1UdIwQYMBaAFJD2uWNeMZZAS7x%252BxgwofXZGGBrGMCUG%250D=
%250AA1UdEQQeMByBGm51bm8ubWFydGluc0BtdWx0aWNlcnQuY29tMA0GCSqGSIb3DQEBBQUA=
A4IBAQBV%250D%250Aw89NtYjLgRlyFTA0V96v6KcDrWXpl2yDDvoxsu18o1j5nMlaG3jStNr=
zHWl5MTCnLiJ%252Fm4P209mf%250D%250AvQctOqkQh2Q1EZNbEVE%252Bap%252FxLToHEQ=
Ifd15T23mjMu94ichrYM%252BozyQcfLdPx%252FsYOtqF86CclqL5%250D%250AFKtUC5CSt=
nQSe%252B9oxyGTjEMyGJ1x568Kq%252F%252BD%252Bi0VOMiTtg2VQCRHO2HPAvIMoLpU%2=
52BTpOThFBT09m%250D%250A%252B6%252FLmvX9hkFUQvBRXLXwoQj2RmvgEk0PomgvBxETg=
IOlvPtlOOe3oxbMU03KNIvXBeURCT%252BY9x%252FL%250D%250AhFByCtuOzahNeFpvKi6z=
Y4ld8LgMMPqnnU8SMYIBoDCCAZwCAQEwQDA0MREwDwYDVQQDEwhBZG1p%250D%250AbkNBMTE=
SMBAGA1UEChMJTVVMVElDRVJUMQswCQYDVQQGEwJQVAIIYm5fS7fT42cwDAYIKoZIhvcN%250=
D%250AAgUFAKCBtDASBgpghkgBhvhFAQkCMQQTAjIyMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0=
BBwEwHAYJ%250D%250AKoZIhvcNAQkFMQ8XDTA1MDcyMjE1MTc0OFowHwYJKoZIhvcNAQkEMR=
IEEMET0TmCWVnskzBvCQn7%250D%250ARkAwIAYKYIZIAYb4RQEJBTESBBDg9x1fZ00v6ZS%2=
52BaZZZCxiLMCMGCmCGSAGG%252BEUBCQcxFRMTU1ND%250D%250ARVAgdHJhbnNhY3Rpb25J=
ZDANBgkqhkiG9w0BAQEFAASBgH9oBG%252BDf4pFm2t5UcLBa%252FjO660yq0hj%250D%250=
A43YzTT3tdI72FF%252FRktsprPTSwNOhFNP7goOEIYEi44V2CQlsgx%252FJXSq%252Fbp%2=
52F%252FnOPVbYA%252FwKvGXXOP%250D%250AVI8rwfTD0oySm9SFTOdL3Mo%252FoxMLZ4I=
NixaG2oe%252FAEUu1Bt5nE17T6orKefSqd4S
2005-07-16 22:28:04,641 DEBUG [se.anatom.ejbca.protocol.ScepServlet] Got =
request 'PKIOperation'
2005-07-16 22:28:04,641 DEBUG [se.anatom.ejbca.protocol.ScepServlet]=20
Message:=20
MIIG2gYJKoZIhvcNAQcCoIIGyzCCBscCAQExDjAMBggqhkiG9w0CBQUAMIIB9wYJKoZIhvcNA=
QcB%0D%0AoIIB6ASCAeQwggHgBgkqhkiG9w0BBwOgggHRMIIBzQIBADGCAVwwggFYAgEAMEAw=
NDERMA8GA1UE%0D%0AAxMIQWRtaW5DQTExEjAQBgNVBAoTCU1VTFRJQ0VSVDELMAkGA1UEBhM=
CUFQCCFU0Zqx1AOojMA0G%0D%0ACSqGSIb3DQEBAQUABIIBACNKNONkmdMLiMwfuKn8upD5eL=
eM9p7G3Wye%2BqxhpKgsxI7HpLj5sslw%0D%0AnypzZvL53Xp6qg7vinhVBZJ%2Bew%2BOLnI=
Mh1tTSL0Rpur1pzm2xigrgnkAU2f6JI9LkLkCej8ls8zx%0D%0A0xT8jjRByfxeUyRbSu0ILb=
ayvP8OxpbTymJYrfI9%2Ba00T%2BcuG%2BNv86S%2BRlzUwy04O9DUxSYVtTt2%0D%0A5Edu%=
2B6%2FGYUJyZq671Qe%2BJeDCBqvhRIT%2FTBqpL9A5u26XqtKNNKv3GOjUQdrcOLmAGOI%2F=
E28G3L5B%0D%0ATTFhj0qRPPatDox%2Fd03L81DoKJkE0UrEGGNynhshqQ8rwcUlNYDtZ2lO%=
2FjAwaAYJKoZIhvcNAQcB%0D%0AMBEGBSsOAwIHBAhVIeboZ113dIBItrh%2FEK2i4MRJgWS6=
Qo3xaj42y4ounSN0Y3mBBJxqDtAABv70%0D%0AQcOiicolr4SC3WIvZFo6evNn%2ButCBoX5e=
ZeKXAkhP2RQVosfoIIDETCCAw0wggH1oAMCAQICCGJu%0D%0AX0u30%2BNnMA0GCSqGSIb3DQ=
EBBQUAMDQxETAPBgNVBAMTCEFkbWluQ0ExMRIwEAYDVQQKEwlNVUxU%0D%0ASUNFUlQxCzAJB=
gNVBAYTAlBUMB4XDTA1MDUyNzA1NDAxMloXDTA3MDUyNzA1NTAxMlowFTETMBEG%0D%0AA1UE=
AxMKbm1hcnRpbnMxMDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA55Yg5e12beoAYcNC%=
0D%0A3lnPHe3hXIqnlxxAHcC94nyA3S3lhq4YMlHWNzhQNtWEPjbNEExG1ddEj%2FfGBz2MrO=
YzfgVq0pus%0D%0AdiQ7QO%2Bwubd%2ByyIEgpRDlFZhbyjSNwR3jsL6IEsBWhZ6GGIQqZqGt=
fC6MbSfpJsEDxsuzUQD%2B2Nj%0D%0AN1MCAwEAAaOBxTCBwjAMBgNVHRMBAf8EAjAAMA4GA1=
UdDwEB%2FwQEAwIFoDA7BgNVHSUENDAyBggr%0D%0ABgEFBQcDAQYIKwYBBQUHAwIGCCsGAQU=
FBwMEBggrBgEFBQcDBQYIKwYBBQUHAwcwHQYDVR0OBBYE%0D%0AFB6Gy4YXckzdTnDXVB1XVl=
4uK3WDMB8GA1UdIwQYMBaAFJD2uWNeMZZAS7x%2BxgwofXZGGBrGMCUG%0D%0AA1UdEQQeMBy=
BGm51bm8ubWFydGluc0BtdWx0aWNlcnQuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQBV%0D%0Aw8=
9NtYjLgRlyFTA0V96v6KcDrWXpl2yDDvoxsu18o1j5nMlaG3jStNrzHWl5MTCnLiJ%2Fm4P20=
9mf%0D%0AvQctOqkQh2Q1EZNbEVE%2Bap%2FxLToHEQIfd15T23mjMu94ichrYM%2BozyQcfL=
dPx%2FsYOtqF86CclqL5%0D%0AFKtUC5CStnQSe%2B9oxyGTjEMyGJ1x568Kq%2F%2BD%2Bi0=
VOMiTtg2VQCRHO2HPAvIMoLpU%2BTpOThFBT09m%0D%0A%2B6%2FLmvX9hkFUQvBRXLXwoQj2=
RmvgEk0PomgvBxETgIOlvPtlOOe3oxbMU03KNIvXBeURCT%2BY9x%2FL%0D%0AhFByCtuOzah=
NeFpvKi6zY4ld8LgMMPqnnU8SMYIBoDCCAZwCAQEwQDA0MREwDwYDVQQDEwhBZG1p%0D%0Abk=
NBMTESMBAGA1UEChMJTVVMVElDRVJUMQswCQYDVQQGEwJQVAIIYm5fS7fT42cwDAYIKoZIhvc=
N%0D%0AAgUFAKCBtDASBgpghkgBhvhFAQkCMQQTAjIyMBgGCSqGSIb3DQEJAzELBgkqhkiG9w=
0BBwEwHAYJ%0D%0AKoZIhvcNAQkFMQ8XDTA1MDcyMjE1MTc0OFowHwYJKoZIhvcNAQkEMRIEE=
MET0TmCWVnskzBvCQn7%0D%0ARkAwIAYKYIZIAYb4RQEJBTESBBDg9x1fZ00v6ZS%2BaZZZCx=
iLMCMGCmCGSAGG%2BEUBCQcxFRMTU1ND%0D%0ARVAgdHJhbnNhY3Rpb25JZDANBgkqhkiG9w0=
BAQEFAASBgH9oBG%2BDf4pFm2t5UcLBa%2FjO660yq0hj%0D%0A43YzTT3tdI72FF%2FRktsp=
rPTSwNOhFNP7goOEIYEi44V2CQlsgx%2FJXSq%2Fbp%2F%2FnOPVbYA%2FwKvGXXOP%0D%0AV=
I8rwfTD0oySm9SFTOdL3Mo%2FoxMLZ4INixaG2oe%2FAEUu1Bt5nE17T6orKefSqd4S
2005-07-16 22:28:04,649 DEBUG [se.anatom.ejbca.protocol.ScepPkiOpHelper] =
>ScepPkiOpHelper
2005-07-16 22:28:04,649 DEBUG [se.anatom.ejbca.protocol.ScepPkiOpHelper] =
<ScepPkiOpHelper
2005-07-16 22:28:04,650 DEBUG [se.anatom.ejbca.protocol.ScepPkiOpHelper] =
>getRequestMessage(1968 bytes)
2005-07-16 22:28:04,650 DEBUG=20
[se.anatom.ejbca.protocol.ScepRequestMessage] >ScepRequestMessage
2005-07-16 22:28:04,651 DEBUG=20
[se.anatom.ejbca.protocol.ScepRequestMessage] >init
2005-07-16 22:28:04,653 ERROR [se.anatom.ejbca.protocol.ScepPkiOpHelper] =
Error receiving ScepMessage:
java.io.IOException: DER length more than 4 bytes
at=20
org.bouncycastle.asn1.ASN1InputStream.readLength(ASN1InputStream.java:72)=
at=20
org.bouncycastle.asn1.ASN1InputStream.readObject(ASN1InputStream.java:349=
)
at=20
org.bouncycastle.asn1.ASN1InputStream.buildObject(ASN1InputStream.java:15=
1)
at=20
org.bouncycastle.asn1.ASN1InputStream.readObject(ASN1InputStream.java:475=
)
at=20
org.bouncycastle.asn1.ASN1InputStream.buildObject(ASN1InputStream.java:15=
1)
at=20
org.bouncycastle.asn1.ASN1InputStream.readObject(ASN1InputStream.java:475=
)
at=20
org.bouncycastle.asn1.ASN1InputStream.buildObject(ASN1InputStream.java:25=
9)
at=20
org.bouncycastle.asn1.ASN1InputStream.readObject(ASN1InputStream.java:475=
)
at=20
org.bouncycastle.asn1.ASN1InputStream.buildObject(ASN1InputStream.java:15=
1)
at=20
org.bouncycastle.asn1.ASN1InputStream.readObject(ASN1InputStream.java:475=
)
at=20
se.anatom.ejbca.protocol.ScepRequestMessage.init(ScepRequestMessage.java:=
155)
at=20
se.anatom.ejbca.protocol.ScepRequestMessage.<init>(ScepRequestMessage.jav=
a:146)
at=20
se.anatom.ejbca.protocol.ScepPkiOpHelper.scepCertRequest(ScepPkiOpHelper.=
java:72)
at se.anatom.ejbca.protocol.ScepServlet.doGet(ScepServlet.java:145)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:697)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at=20
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applicat=
ionFilterChain.java:252)
at=20
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilte=
rChain.java:173)
at=20
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter=
=2Ejava:81)
at=20
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applicat=
ionFilterChain.java:202)
at=20
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilte=
rChain.java:173)
at=20
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve=
=2Ejava:213)
at=20
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve=
=2Ejava:178)
at=20
org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipal=
Valve.java:39)
at=20
org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAss=
ociationValve.java:153)
at=20
org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.ja=
va:59)
at=20
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:=
126)
at=20
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:=
105)
at=20
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.j=
ava:107)
at=20
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:14=
8)
at=20
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856=
)
at=20
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processCo=
nnection(Http11Protocol.java:744)
at=20
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.=
java:527)
at=20
org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerT=
hread.java:112)
at java.lang.Thread.run(Thread.java:534)
Any ideas?
Cheers,
Nuno Martins
|