I am trying to create a private extension using the EJBCA certextension property. The value is a static value. I found out that when I put a small value (several hundreds bytes). A certificate can be created with the private extension without problem. But when I put a value several thousonds bytes long. I got illegal value error. Here is an error:
javax.ejb.EJBException: org.ejbca.core.model.ca.certextensions.CertificateExtentionConfigurationException: Illegal value 048204CD352B694C7864577677592B4E614B6F522F30694A49584C3364426A543268472B774F2B4E586D3533585374536831656F6766656F6A56333542544F6171682F636D505565324D6470393170517032436A574F4F326B374F616D686A5531484233444C476D36366E3669616A7A3462716E326F49436D4E467844522F78326D4335732B724B686C6B5541334E653350386C675030714A666A66397576752B485758536646774E6F4834757147556D546164594D744F6337796A454564394555686B7745454F634453484B512B79686E537655595248386D69516F32464B3554436A575A5A47574B4238694850756431367741706E4376544F7A6A4946416A395451644378612B64644F54697A616131784A764430714D724B782B5964616A3669774A51473076615364595770547634487756524150335A364F4E6A4F4A756E4549654B52566D68756A7041322B77506D51523957465141466868396247517A464558582B57774F6E5871387056333550324163646E3070476562634D67374F67514B6145644F4B45416B466C6B2F394875454B4742567775636334416A6E4A2F4C42595530396856775759314630486C425543326C62794975594635384F38702B61644D7755743959416F582F497752744143394E416442417947754542335652353975382F54475978392F586A7A386250422F5A2F46394230536768424B2B34787866697774723047584543716564515139505256704541512B32364D69646247536D506D385277527A6351735431374550536D6F6F7248332B6176344A636A37384F2F7649702F757A4D456B484B4145362F4637564848536A3848646452305133796D63475A6652566A77666D4F6E4E6E33477557522B467A6863506D507169707448636179616354323854386A334373302F4C5143776F364A32695978503452353841736F626A46656775736F4A68757137564E5332657652506371415376516B692B67626B42597745544E50742F31413270543655457252317A4D7A5549545A527646354C70356261734F31666B3255346142536A6B6A693871754C33634479573754704933756E78657A4D6353544E68514A6866704763744B674B4E32416D6F372F375368536576346F586963505359532B36476B436D396131517733564563684355412B7A35487454636251684B36463134594655702B596E3757676D7A77705A434466354444695854394237553652644841487064623749716D4C566A715A534C6E545736317A6A51372F47374433686D39453834367554445A6F4E4D41446D4C6C6D37494732696558665574753155533954654E475548696245394E762F2F326A524A475A66516D4B337637796B4A4A4F763149586A4273444350706D67577070653673487852334B5653514B71702B574971616D6D754A6274716B785A6D4D487279346F532F39704C686443584B7138755230522B4C444571434B527871633556586476507649502B6767775230526B7942664F39694B5A76725747414B56647A333163756F63766F4F2F71656D436C464D5945464548376F492B76706B656B34733462434D42714B2B356D4851556C4470452F6F796C70792B322F367057584B333150455961675030346570563163453530554D793649515A65514D372B4F6C37345A2B65486670484E63374F6A6666512F486556305838426F706F446B47456B4141413D of certificate extension with id : 3 and OID : 1.2.3.4.5.6.7.8
at org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASignSessionBean.java:946)
at org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASignSessionBean.java:425)
at org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASignSessionBean.java:209)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
at org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
at sun.reflect.GeneratedMethodAccessor324.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_195280885.invoke(InvocationContextInterceptor_z_fillMethod_195280885.java)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_195280885.invoke(InvocationContextInterceptor_z_setup_195280885.java)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:190)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:201)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:176)
at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:216)
at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:207)
at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:164)
at $Proxy498.createCertificate(Unknown Source)
at org.ejbca.core.model.util.GenerateToken.generateOrKeyRecoverToken(GenerateToken.java:96)
at org.ejbca.ui.web.pub.RequestInstance.doPost(RequestInstance.java:306)
at org.ejbca.ui.web.pub.CertReqServlet.doPost(CertReqServlet.java:117)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:662)
My question is: does EJBCA has limit on the extension value? How can I solve this problem?
Thanks,
David
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
HI,
I am trying to create a private extension using the EJBCA certextension property. The value is a static value. I found out that when I put a small value (several hundreds bytes). A certificate can be created with the private extension without problem. But when I put a value several thousonds bytes long. I got illegal value error. Here is an error:
javax.ejb.EJBException: org.ejbca.core.model.ca.certextensions.CertificateExtentionConfigurationException: Illegal value 048204CD352B694C7864577677592B4E614B6F522F30694A49584C3364426A543268472B774F2B4E586D3533585374536831656F6766656F6A56333542544F6171682F636D505565324D6470393170517032436A574F4F326B374F616D686A5531484233444C476D36366E3669616A7A3462716E326F49436D4E467844522F78326D4335732B724B686C6B5541334E653350386C675030714A666A66397576752B485758536646774E6F4834757147556D546164594D744F6337796A454564394555686B7745454F634453484B512B79686E537655595248386D69516F32464B3554436A575A5A47574B4238694850756431367741706E4376544F7A6A4946416A395451644378612B64644F54697A616131784A764430714D724B782B5964616A3669774A51473076615364595770547634487756524150335A364F4E6A4F4A756E4549654B52566D68756A7041322B77506D51523957465141466868396247517A464558582B57774F6E5871387056333550324163646E3070476562634D67374F67514B6145644F4B45416B466C6B2F394875454B4742567775636334416A6E4A2F4C42595530396856775759314630486C425543326C62794975594635384F38702B61644D7755743959416F582F497752744143394E416442417947754542335652353975382F54475978392F586A7A386250422F5A2F46394230536768424B2B34787866697774723047584543716564515139505256704541512B32364D69646247536D506D385277527A6351735431374550536D6F6F7248332B6176344A636A37384F2F7649702F757A4D456B484B4145362F4637564848536A3848646452305133796D63475A6652566A77666D4F6E4E6E33477557522B467A6863506D507169707448636179616354323854386A334373302F4C5143776F364A32695978503452353841736F626A46656775736F4A68757137564E5332657652506371415376516B692B67626B42597745544E50742F31413270543655457252317A4D7A5549545A527646354C70356261734F31666B3255346142536A6B6A693871754C33634479573754704933756E78657A4D6353544E68514A6866704763744B674B4E32416D6F372F375368536576346F586963505359532B36476B436D396131517733564563684355412B7A35487454636251684B36463134594655702B596E3757676D7A77705A434466354444695854394237553652644841487064623749716D4C566A715A534C6E545736317A6A51372F47374433686D39453834367554445A6F4E4D41446D4C6C6D37494732696558665574753155533954654E475548696245394E762F2F326A524A475A66516D4B337637796B4A4A4F763149586A4273444350706D67577070653673487852334B5653514B71702B574971616D6D754A6274716B785A6D4D487279346F532F39704C686443584B7138755230522B4C444571434B527871633556586476507649502B6767775230526B7942664F39694B5A76725747414B56647A333163756F63766F4F2F71656D436C464D5945464548376F492B76706B656B34733462434D42714B2B356D4851556C4470452F6F796C70792B322F367057584B333150455961675030346570563163453530554D793649515A65514D372B4F6C37345A2B65486670484E63374F6A6666512F486556305838426F706F446B47456B4141413D of certificate extension with id : 3 and OID : 1.2.3.4.5.6.7.8
at org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASignSessionBean.java:946)
at org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASignSessionBean.java:425)
at org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASignSessionBean.java:209)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
at org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
at sun.reflect.GeneratedMethodAccessor324.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_195280885.invoke(InvocationContextInterceptor_z_fillMethod_195280885.java)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_195280885.invoke(InvocationContextInterceptor_z_setup_195280885.java)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:190)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:201)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:176)
at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:216)
at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:207)
at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:164)
at $Proxy498.createCertificate(Unknown Source)
at org.ejbca.core.model.util.GenerateToken.generateOrKeyRecoverToken(GenerateToken.java:96)
at org.ejbca.ui.web.pub.RequestInstance.doPost(RequestInstance.java:306)
at org.ejbca.ui.web.pub.CertReqServlet.doPost(CertReqServlet.java:117)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:662)
My question is: does EJBCA has limit on the extension value? How can I solve this problem?
Thanks,
David
I found the problem. It was my mistake. the ASN1 length was wrong. Once that was corrected. It was ok.
thanks,
David