ejbca-develop — Development discussions

Re: [Ejbca-develop] Dangerous pattern of seeding SecureRandom instances

[Jaime H. <hab...@gm...>]

On Wed, Mar 13, 2019 at 5:02 PM Martijn Brinkers <mar...@gm...>
wrote:

> On 12-03-19 21:02, Jaime Hablutzel wrote:
> > I'm looking the following code pattern in several places of the source
> > code (mostly in tests):
> >
> > SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
> > random.setSeed(new Date().getTime());
> > random.nextBytes(serno);
> >
> > Where the setSeed call just before the call to nextBytes prevents the
> > SHA1PRNG default implementation from feeding itself from system entropy,
> > so it relies on the provided timestamp as its only source of entropy,
> > which looks like a bad idea.
>
> According to SecureRandom javadoc, this should not have any implication
> on the security of the random generator (i.e., the randomness)
>
> https://docs.oracle.com/javase/7/docs/api/
>
> The given seed supplements, rather than replaces, the existing seed.
> Thus, repeated calls are guaranteed never to reduce randomness.
>

If you read carefully, it says that it will supplement the "existing" seed,
but in a fresh SecureRandom, there isn't an existing seed as you can
confirm from
https://docs.oracle.com/javase/7/docs/api/java/security/SecureRandom.html#getInstance(java.lang.String)
:

The returned SecureRandom object has not been seeded. To seed the returned
> object, call the setSeed method. If setSeed is not called, the first call
> to nextBytes will force the SecureRandom object to seed itself. This
> self-seeding will not occur if setSeed was previously called.


Where the key is the last phrase documented: "... self-seeding will not
occur if setSeed was previously called."

But that isn't easy to spot at first sight. Anyway, recent JDK versions are
improving their documentation by including this warning at the level of one
of the setSeed method overloads. Quoting from
https://docs.oracle.com/javase/10/docs/api/java/security/SecureRandom.html#setSeed(byte%5B%5D)
:

A PRNG SecureRandom will not seed itself automatically if setSeed is called
> before any nextBytes or reseed calls. The caller should make sure that the
> seed argument contains enough entropy for the security of this SecureRandom.



>
> Kind regards,
>
> Martijn Brinkers
>
>
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>


-- 
Jaime Hablutzel -  RPC 994690880

Re: [Ejbca-develop] Dangerous pattern of seeding SecureRandom instances

[Tomas G. <to...@pr...>]

Hi,

Tests are executed buy JUnit, which forks, can run individual tests in a
single JVM, runs different batches etc. So a global SecureRandom for
that I think may not be logical as tests are in different modules. Hard
to find a common base.

In production code, SecureRandom is already initialized on startup, and
self-seeded by getting the first random number (which leeds to very long
startup times if there is not enough entropy available).

(SecureRandom only self-seeds once, all instances retrieved in the same
JVM use the same base.)

Cheers,
Tomas

On 2019-03-14 14:31, Jaime Hablutzel wrote:
> 
> 
> On Wed, Mar 13, 2019 at 3:18 AM Tomas Gustavsson <to...@pr...
> <mailto:to...@pr...>> wrote:
> 
> 
>     Hi,
> 
>     For test code it can prevent things getting stuck, as self-seeding of
>     SecureRandom can take a long time, especially in VM environments,
>     depending on configuration.
> 
>     I agree it's bad template code, as someone might copy-paste it
>     somewhere. Imho it might be better to use a normal "Random" where
>     security does not matter. Then it's not mistaken for security, and
>     nobody will copy-paste the usage of SecureRandom.
> 
>     What do you think about that?
> 
> 
> What about maintaining a single global instance of a self-seeded, well
> documented (with an explanation of the warning of seeding it manually)
> SecureRandom to be used by tests and even production code?, maybe a
> thread-local to avoid the performance penalty of locking?.
> 
> That way, there wouldn't exist any misleading code that could be copied
> by mistake and the costly self-seeding wouldn't happen every time.
>  
> 
> 
>     Cheers,
>     Tomas
> 
>     On 2019-03-12 21:02, Jaime Hablutzel wrote:
>     > I'm looking the following code pattern in several places of the source
>     > code (mostly in tests):
>     >
>     > SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
>     > random.setSeed(new Date().getTime());
>     > random.nextBytes(serno);
>     >
>     > Where the setSeed call just before the call to nextBytes prevents the
>     > SHA1PRNG default implementation from feeding itself from system
>     entropy,
>     > so it relies on the provided timestamp as its only source of entropy,
>     > which looks like a bad idea.
>     >
>     > Anyway, the only one production code that I see being affected by this
>     > is one overload of the method
>     > org.cesecore.util.CertTools#genSelfCertForPurpose, and even when I
>     can't
>     > find any real security impact (after a quick trace of the usages
>     of this
>     > method), wouldn't it be better to remove all the calls
>     > java.security.SecureRandom#setSeed anywhere (even in tests code)  to
>     > prevent any future problem or mistake?.
>     >
>     > Regards.
>     >
>     > --
>     > Jaime Hablutzel -  RPC 994690880
>     >
>     >
>     > _______________________________________________
>     > Ejbca-develop mailing list
>     > Ejb...@li...
>     <mailto:Ejb...@li...>
>     > https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>     >
> 
> 
>     _______________________________________________
>     Ejbca-develop mailing list
>     Ejb...@li...
>     <mailto:Ejb...@li...>
>     https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 
> 
> 
> -- 
> Jaime Hablutzel -  RPC 994690880
> 
> 
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 

Re: [Ejbca-develop] Dangerous pattern of seeding SecureRandom instances

[Jaime H. <hab...@gm...>]

On Wed, Mar 13, 2019 at 3:18 AM Tomas Gustavsson <to...@pr...> wrote:

>
> Hi,
>
> For test code it can prevent things getting stuck, as self-seeding of
> SecureRandom can take a long time, especially in VM environments,
> depending on configuration.
>
> I agree it's bad template code, as someone might copy-paste it
> somewhere. Imho it might be better to use a normal "Random" where
> security does not matter. Then it's not mistaken for security, and
> nobody will copy-paste the usage of SecureRandom.
>
> What do you think about that?
>

What about maintaining a single global instance of a self-seeded, well
documented (with an explanation of the warning of seeding it manually)
SecureRandom to be used by tests and even production code?, maybe a
thread-local to avoid the performance penalty of locking?.

That way, there wouldn't exist any misleading code that could be copied by
mistake and the costly self-seeding wouldn't happen every time.


>
> Cheers,
> Tomas
>
> On 2019-03-12 21:02, Jaime Hablutzel wrote:
> > I'm looking the following code pattern in several places of the source
> > code (mostly in tests):
> >
> > SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
> > random.setSeed(new Date().getTime());
> > random.nextBytes(serno);
> >
> > Where the setSeed call just before the call to nextBytes prevents the
> > SHA1PRNG default implementation from feeding itself from system entropy,
> > so it relies on the provided timestamp as its only source of entropy,
> > which looks like a bad idea.
> >
> > Anyway, the only one production code that I see being affected by this
> > is one overload of the method
> > org.cesecore.util.CertTools#genSelfCertForPurpose, and even when I can't
> > find any real security impact (after a quick trace of the usages of this
> > method), wouldn't it be better to remove all the calls
> > java.security.SecureRandom#setSeed anywhere (even in tests code)  to
> > prevent any future problem or mistake?.
> >
> > Regards.
> >
> > --
> > Jaime Hablutzel -  RPC 994690880
> >
> >
> > _______________________________________________
> > Ejbca-develop mailing list
> > Ejb...@li...
> > https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> >
>
>
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>


-- 
Jaime Hablutzel -  RPC 994690880

Re: [Ejbca-develop] Dangerous pattern of seeding SecureRandom instances

[Tomas G. <to...@pr...>]

Hi Martijn,

Yes the javadoc says so, but analysis of the java source code tells me
otherwise. Unless I, and another guy in the Internet, read it
incorrectly, is a subtle interpretation issue of the javadoc in the
actual implementation.
setSeed makes the internal seeding not to run, causing the setSeed to be
the only seeding. But subsequent calls to setSeed will supplement the
first call.

I made the same interpretation as you from the javadoc, but checking the
implementation changed my mind.


Cheers,
Tomas

On 2019-03-13 23:01, Martijn Brinkers wrote:
> On 12-03-19 21:02, Jaime Hablutzel wrote:
>> I'm looking the following code pattern in several places of the source
>> code (mostly in tests):
>>
>> SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
>> random.setSeed(new Date().getTime());
>> random.nextBytes(serno);
>>
>> Where the setSeed call just before the call to nextBytes prevents the
>> SHA1PRNG default implementation from feeding itself from system entropy,
>> so it relies on the provided timestamp as its only source of entropy,
>> which looks like a bad idea.
> 
> According to SecureRandom javadoc, this should not have any implication
> on the security of the random generator (i.e., the randomness)
> 
> https://docs.oracle.com/javase/7/docs/api/
> 
> The given seed supplements, rather than replaces, the existing seed.
> Thus, repeated calls are guaranteed never to reduce randomness.
> 
> Kind regards,
> 
> Martijn Brinkers
> 
> 
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 

Re: [Ejbca-develop] Dangerous pattern of seeding SecureRandom instances

[Martijn B. <mar...@gm...>]

On 12-03-19 21:02, Jaime Hablutzel wrote:
> I'm looking the following code pattern in several places of the source
> code (mostly in tests):
> 
> SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
> random.setSeed(new Date().getTime());
> random.nextBytes(serno);
> 
> Where the setSeed call just before the call to nextBytes prevents the
> SHA1PRNG default implementation from feeding itself from system entropy,
> so it relies on the provided timestamp as its only source of entropy,
> which looks like a bad idea.

According to SecureRandom javadoc, this should not have any implication
on the security of the random generator (i.e., the randomness)

https://docs.oracle.com/javase/7/docs/api/

The given seed supplements, rather than replaces, the existing seed.
Thus, repeated calls are guaranteed never to reduce randomness.

Kind regards,

Martijn Brinkers

Re: [Ejbca-develop] Dangerous pattern of seeding SecureRandom instances

[Tomas G. <to...@pr...>]

Hi,

For test code it can prevent things getting stuck, as self-seeding of
SecureRandom can take a long time, especially in VM environments,
depending on configuration.

I agree it's bad template code, as someone might copy-paste it
somewhere. Imho it might be better to use a normal "Random" where
security does not matter. Then it's not mistaken for security, and
nobody will copy-paste the usage of SecureRandom.

What do you think about that?

Cheers,
Tomas

On 2019-03-12 21:02, Jaime Hablutzel wrote:
> I'm looking the following code pattern in several places of the source
> code (mostly in tests):
> 
> SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
> random.setSeed(new Date().getTime());
> random.nextBytes(serno);
> 
> Where the setSeed call just before the call to nextBytes prevents the
> SHA1PRNG default implementation from feeding itself from system entropy,
> so it relies on the provided timestamp as its only source of entropy,
> which looks like a bad idea.
> 
> Anyway, the only one production code that I see being affected by this
> is one overload of the method
> org.cesecore.util.CertTools#genSelfCertForPurpose, and even when I can't
> find any real security impact (after a quick trace of the usages of this
> method), wouldn't it be better to remove all the calls
> java.security.SecureRandom#setSeed anywhere (even in tests code)  to
> prevent any future problem or mistake?.
> 
> Regards.
> 
> -- 
> Jaime Hablutzel -  RPC 994690880
> 
> 
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 

[Ejbca-develop] Dangerous pattern of seeding SecureRandom instances

[Jaime H. <hab...@gm...>]

I'm looking the following code pattern in several places of the source code
(mostly in tests):

SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
random.setSeed(new Date().getTime());
random.nextBytes(serno);

Where the setSeed call just before the call to nextBytes prevents the
SHA1PRNG default implementation from feeding itself from system entropy, so
it relies on the provided timestamp as its only source of entropy, which
looks like a bad idea.

Anyway, the only one production code that I see being affected by this is
one overload of the method org.cesecore.util.CertTools#genSelfCertForPurpose,
and even when I can't find any real security impact (after a quick trace of
the usages of this method), wouldn't it be better to remove all the calls
java.security.SecureRandom#setSeed anywhere (even in tests code)  to
prevent any future problem or mistake?.

Regards.

-- 
Jaime Hablutzel -  RPC 994690880

Re: [Ejbca-develop] EJBCA is checking for serial number collisions after generating the certificate

[Tomas G. <to...@pr...>]

> I could think of using a serial number that includes a nodeIDs and
> timers (nanosecond?) + randomness. That is perhaps an area you could
> look into if you are interested in this topic. Patches will be considered.

Jaime,

I agree somewhat that checking for collisions before could have some
statistical value as well, i.e. the pool of potential collisions is
limited to the issuance latency (including CT submissions) and level of
concurrency. If you have a patch I'd love to see it.

Cheers,
Tomas

On 2019-03-12 16:17, Tomas Gustavsson wrote:
> 
>> But the colliding precertificate is still published outside to the CT
>> Logs, which could lead to the following scenario:
> 
> Yes this was concluded in the first email exchange already.
> 
> Do you agree that CT is never used when certificate serial numbers are
> short?
> 
> Do you have an estimate on the risk of serial number collision when
> using 16 or 20 byte serial numbers?
> 
>> I think that the call to verify if the newly generated serial number is
>> about to collide with an existing one should be performed early, before
>> any signature is generated in the pre-certificate or the real certificate.
> 
> This is a reasonable assumption if you are running on a single node
> system with not too high level of concurrency.
> However, we must consider CA systems running in a clustered environment,
> with several nodes across multiple data centers, with a very high level
> of concurrency (i.e. 100s of certificate per second issued). The only
> really safe way I can see to check in a multi-node clustered environment
> is to abort if it turns out another node has accidentally generated the
> same serial number, and then to remediate this.
> 
> I could think of using a serial number that includes a nodeIDs and
> timers (nanosecond?) + randomness. That is perhaps an area you could
> look into if you are interested in this topic. Patches will be considered.
> 
> Reading on the mozilla list (and code), I understand it that some other
> CAs only uses nodeID and random serial numbers to protect against
> collisions, i.e. only randomness on each node.
> 
> Kind regards,
> Tomas
> 
> On 2019-03-12 15:51, Jaime Hablutzel wrote:
>>
>>
>> On Tue, Mar 12, 2019 at 7:58 AM Tomas Gustavsson <to...@pr...
>> <mailto:to...@pr...>> wrote:
>>
>>
>>     Now you are getting into semantics. I believe you read the code correct.
>>     The definition used by me is a difference between "internally generated"
>>     and "issued by the CA".
>>
>>     The code is there to guard against any certificate with duplicate serial
>>     numbers being "issued from the CA". This is done by verifying, after the
>>     certificate has been created in memory, but before it is stored
>>     anywhere, or returned to anything outside the internal RAM
>>
>>
>> But the colliding precertificate is still published outside to the CT
>> Logs, which could lead to the following scenario:
>>
>> 1. A certificate is issued for a subject X with a random serial number A
>> and it is appropriately stored and published to CT Logs.
>> 2. A new certificate for subject Y is about to be generated and the
>> random serial number generation process generates the same serial number
>> A (very unlikely but not impossible).
>> 3. A precertificate for the new certificate is signed and published to
>> CT Logs.
>> 4. The final certificate is signed but never stored in system because of
>> the check made by
>> org.cesecore.certificates.certificate.CertificateCreateSessionBean#assertSerialNumberForIssuerOk.
>>
>> And now there are two different precertificates with the same serial
>> number published into CT Logs which is to be considered a misissuance as
>> indicated in RFC 6962, "3.1. Log Entries":
>>
>>     The signature on the [precertificate] TBSCertificate indicates the
>>     certificate authority’s intent to issue a certificate. This intent
>>     is considered binding (i.e., *misissuance of the Precertificate is
>>     considered equal to misissuance of the final certificate*).
>>
>>
>> And additionally, revoking the misissued precertificate will revoke the
>> previously issued correct certificate.
>>
>> Note: I haven't verified if CT Logs would accept two different
>> precertificates with the same serial number, but I think they will.
>>  
>>
>>     of the
>>     running process, that there are no issuer/serialnumber collisions. There
>>     are other similar guards available as well, such as applying a unique
>>     database index preventing storage of certificates with duplicate
>>     issuer/serial.
>>
>>     And of course, the most effective guard is to use serial numbers with
>>     sufficient length, making the probability of collisions unlikely to
>>     happen anytime at all.
>>
>>     The code does what what it was designed to do. Do you see any issues
>>     with the code?
>>
>>
>> I think that the call to verify if the newly generated serial number is
>> about to collide with an existing one should be performed early, before
>> any signature is generated in the pre-certificate or the real certificate.
>>  
>>
>>
>>     Do you use short serial numbers?
>>     I do not recommend that you use shorter serial numbers than 64 bits,
>>     unless you have a very special use-case.
>>
>>     Regards,
>>     Tomas
>>
>>     PS2: In EJBCA 7.1.0 a new validation step will be added giving the
>>     possibility of running validation of a pre-sign-certificate, which is
>>     signed by a dummy key, before the CT pre-certificate is created. The
>>     purpose is not to look for or prevent collisions though, but can be used
>>     for other validation before anything CT related is generated.
>>
>>
>>     On 2019-03-12 13:19, Jaime Hablutzel wrote:
>>     > On Tue, Mar 12, 2019, 3:53 AM Tomas Gustavsson <to...@pr...
>>     <mailto:to...@pr...>
>>     > <mailto:to...@pr... <mailto:to...@pr...>>> wrote:
>>     >
>>     >     Hi Jaime,
>>     >
>>     >     Good point about CT pre-certs. With "no certificates" we mean
>>     the final
>>     >     certificate.
>>     >
>>     >
>>     > The final collisioning certificate is generated too. Take a look
>>     at the
>>     > source code before the call
>>     >
>>     to org.cesecore.certificates.certificate.CertificateCreateSessionBean#assertSerialNumberForIssuerOk.
>>     >
>>     >     The CT pre-certificate is by definition not a
>>     >     "certificate", it's a "pre-certificate" and can by construct
>>     (poison
>>     >     extension) not be used as a certificate.
>>     >
>>     >     Of course, the issuance of a pre-certificate has it's own
>>     consequences
>>     >     such as having to revoke it.
>>     >     Though, as you know, CT is only used for public trust issued
>>     >     certificates, and there it is not allowed to use 32 bit serial
>>     numbers.
>>     >     In fact more than 64 bit serial numbers are needed. This makes
>>     this
>>     >     discussion mostly academic.
>>     >
>>     >     Regards,
>>     >     Tomas
>>     >
>>     >
>>     >     On 2019-03-11 16:37, Jaime Hablutzel wrote:
>>     >     > Quoting
>>     >     >
>>     >   
>>      from https://groups.google.com/d/msg/mozilla.dev.security.policy/nnLVNfqgz7g/OVKywVZIBgAJ:
>>     >     >
>>     >     >     In addition to random serial numbers, EJBCA checks for
>>     collisions,
>>     >     >     so even in the very unlikely event of equal serial
>>     numbers being
>>     >     >     generated, *no certificates with duplicated serial numbers
>>     >     should be
>>     >     >     issued from a CA based on the EJBCA software*. By
>>     comparison,
>>     >     >     collisions do happen regularly in testing when using 32
>>     bit serial
>>     >     >     numbers (and are averted), so the underlying checks
>>     function as we
>>     >     >     expect. 
>>     >     >
>>     >     >
>>     >     > Where the highlighted text is not correct, because, as observed
>>     >     from the
>>     >     > trunk source around r31776, if a newly generated random
>>     serial number
>>     >     > (generated by
>>     >     > org.cesecore.certificates.ca
>>     <http://org.cesecore.certificates.ca>
>>     >   
>>      <http://org.cesecore.certificates.ca>.internal.SernoGeneratorRandom#getSerno)
>>     >     > results that is being used by an existing certificate, a new
>>     >     > collisioning certificate is still generated (and CT
>>     precertificate
>>     >     > published!) but it is discarded only before trying to store
>>     it in the
>>     >     > database, when the collision validation is performed
>>     >     >
>>     >   
>>      (org.cesecore.certificates.certificate.CertificateCreateSessionBean#assertSerialNumberForIssuerOk).
>>     >     >
>>     >     > It isn't the expected behaviour. Isn't it?.
>>     >     >
>>     >     > --
>>     >     > Jaime Hablutzel -  RPC 994690880
>>     >     >
>>     >     >
>>     >     > _______________________________________________
>>     >     > Ejbca-develop mailing list
>>     >     > Ejb...@li...
>>     <mailto:Ejb...@li...>
>>     >     <mailto:Ejb...@li...
>>     <mailto:Ejb...@li...>>
>>     >     > https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>     >     >
>>     >
>>     >
>>     >     _______________________________________________
>>     >     Ejbca-develop mailing list
>>     >     Ejb...@li...
>>     <mailto:Ejb...@li...>
>>     >     <mailto:Ejb...@li...
>>     <mailto:Ejb...@li...>>
>>     >     https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>     >
>>     >
>>     >
>>     > _______________________________________________
>>     > Ejbca-develop mailing list
>>     > Ejb...@li...
>>     <mailto:Ejb...@li...>
>>     > https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>     >
>>
>>
>>     _______________________________________________
>>     Ejbca-develop mailing list
>>     Ejb...@li...
>>     <mailto:Ejb...@li...>
>>     https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>
>>
>> -- 
>> Jaime Hablutzel -  RPC 994690880
>>
>>
>> _______________________________________________
>> Ejbca-develop mailing list
>> Ejb...@li...
>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>
> 
> 
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 

Re: [Ejbca-develop] EJBCA is checking for serial number collisions after generating the certificate

[Tomas G. <to...@pr...>]

> But the colliding precertificate is still published outside to the CT
> Logs, which could lead to the following scenario:

Yes this was concluded in the first email exchange already.

Do you agree that CT is never used when certificate serial numbers are
short?

Do you have an estimate on the risk of serial number collision when
using 16 or 20 byte serial numbers?

> I think that the call to verify if the newly generated serial number is
> about to collide with an existing one should be performed early, before
> any signature is generated in the pre-certificate or the real certificate.

This is a reasonable assumption if you are running on a single node
system with not too high level of concurrency.
However, we must consider CA systems running in a clustered environment,
with several nodes across multiple data centers, with a very high level
of concurrency (i.e. 100s of certificate per second issued). The only
really safe way I can see to check in a multi-node clustered environment
is to abort if it turns out another node has accidentally generated the
same serial number, and then to remediate this.

I could think of using a serial number that includes a nodeIDs and
timers (nanosecond?) + randomness. That is perhaps an area you could
look into if you are interested in this topic. Patches will be considered.

Reading on the mozilla list (and code), I understand it that some other
CAs only uses nodeID and random serial numbers to protect against
collisions, i.e. only randomness on each node.

Kind regards,
Tomas

On 2019-03-12 15:51, Jaime Hablutzel wrote:
> 
> 
> On Tue, Mar 12, 2019 at 7:58 AM Tomas Gustavsson <to...@pr...
> <mailto:to...@pr...>> wrote:
> 
> 
>     Now you are getting into semantics. I believe you read the code correct.
>     The definition used by me is a difference between "internally generated"
>     and "issued by the CA".
> 
>     The code is there to guard against any certificate with duplicate serial
>     numbers being "issued from the CA". This is done by verifying, after the
>     certificate has been created in memory, but before it is stored
>     anywhere, or returned to anything outside the internal RAM
> 
> 
> But the colliding precertificate is still published outside to the CT
> Logs, which could lead to the following scenario:
> 
> 1. A certificate is issued for a subject X with a random serial number A
> and it is appropriately stored and published to CT Logs.
> 2. A new certificate for subject Y is about to be generated and the
> random serial number generation process generates the same serial number
> A (very unlikely but not impossible).
> 3. A precertificate for the new certificate is signed and published to
> CT Logs.
> 4. The final certificate is signed but never stored in system because of
> the check made by
> org.cesecore.certificates.certificate.CertificateCreateSessionBean#assertSerialNumberForIssuerOk.
> 
> And now there are two different precertificates with the same serial
> number published into CT Logs which is to be considered a misissuance as
> indicated in RFC 6962, "3.1. Log Entries":
> 
>     The signature on the [precertificate] TBSCertificate indicates the
>     certificate authority’s intent to issue a certificate. This intent
>     is considered binding (i.e., *misissuance of the Precertificate is
>     considered equal to misissuance of the final certificate*).
> 
> 
> And additionally, revoking the misissued precertificate will revoke the
> previously issued correct certificate.
> 
> Note: I haven't verified if CT Logs would accept two different
> precertificates with the same serial number, but I think they will.
>  
> 
>     of the
>     running process, that there are no issuer/serialnumber collisions. There
>     are other similar guards available as well, such as applying a unique
>     database index preventing storage of certificates with duplicate
>     issuer/serial.
> 
>     And of course, the most effective guard is to use serial numbers with
>     sufficient length, making the probability of collisions unlikely to
>     happen anytime at all.
> 
>     The code does what what it was designed to do. Do you see any issues
>     with the code?
> 
> 
> I think that the call to verify if the newly generated serial number is
> about to collide with an existing one should be performed early, before
> any signature is generated in the pre-certificate or the real certificate.
>  
> 
> 
>     Do you use short serial numbers?
>     I do not recommend that you use shorter serial numbers than 64 bits,
>     unless you have a very special use-case.
> 
>     Regards,
>     Tomas
> 
>     PS2: In EJBCA 7.1.0 a new validation step will be added giving the
>     possibility of running validation of a pre-sign-certificate, which is
>     signed by a dummy key, before the CT pre-certificate is created. The
>     purpose is not to look for or prevent collisions though, but can be used
>     for other validation before anything CT related is generated.
> 
> 
>     On 2019-03-12 13:19, Jaime Hablutzel wrote:
>     > On Tue, Mar 12, 2019, 3:53 AM Tomas Gustavsson <to...@pr...
>     <mailto:to...@pr...>
>     > <mailto:to...@pr... <mailto:to...@pr...>>> wrote:
>     >
>     >     Hi Jaime,
>     >
>     >     Good point about CT pre-certs. With "no certificates" we mean
>     the final
>     >     certificate.
>     >
>     >
>     > The final collisioning certificate is generated too. Take a look
>     at the
>     > source code before the call
>     >
>     to org.cesecore.certificates.certificate.CertificateCreateSessionBean#assertSerialNumberForIssuerOk.
>     >
>     >     The CT pre-certificate is by definition not a
>     >     "certificate", it's a "pre-certificate" and can by construct
>     (poison
>     >     extension) not be used as a certificate.
>     >
>     >     Of course, the issuance of a pre-certificate has it's own
>     consequences
>     >     such as having to revoke it.
>     >     Though, as you know, CT is only used for public trust issued
>     >     certificates, and there it is not allowed to use 32 bit serial
>     numbers.
>     >     In fact more than 64 bit serial numbers are needed. This makes
>     this
>     >     discussion mostly academic.
>     >
>     >     Regards,
>     >     Tomas
>     >
>     >
>     >     On 2019-03-11 16:37, Jaime Hablutzel wrote:
>     >     > Quoting
>     >     >
>     >   
>      from https://groups.google.com/d/msg/mozilla.dev.security.policy/nnLVNfqgz7g/OVKywVZIBgAJ:
>     >     >
>     >     >     In addition to random serial numbers, EJBCA checks for
>     collisions,
>     >     >     so even in the very unlikely event of equal serial
>     numbers being
>     >     >     generated, *no certificates with duplicated serial numbers
>     >     should be
>     >     >     issued from a CA based on the EJBCA software*. By
>     comparison,
>     >     >     collisions do happen regularly in testing when using 32
>     bit serial
>     >     >     numbers (and are averted), so the underlying checks
>     function as we
>     >     >     expect. 
>     >     >
>     >     >
>     >     > Where the highlighted text is not correct, because, as observed
>     >     from the
>     >     > trunk source around r31776, if a newly generated random
>     serial number
>     >     > (generated by
>     >     > org.cesecore.certificates.ca
>     <http://org.cesecore.certificates.ca>
>     >   
>      <http://org.cesecore.certificates.ca>.internal.SernoGeneratorRandom#getSerno)
>     >     > results that is being used by an existing certificate, a new
>     >     > collisioning certificate is still generated (and CT
>     precertificate
>     >     > published!) but it is discarded only before trying to store
>     it in the
>     >     > database, when the collision validation is performed
>     >     >
>     >   
>      (org.cesecore.certificates.certificate.CertificateCreateSessionBean#assertSerialNumberForIssuerOk).
>     >     >
>     >     > It isn't the expected behaviour. Isn't it?.
>     >     >
>     >     > --
>     >     > Jaime Hablutzel -  RPC 994690880
>     >     >
>     >     >
>     >     > _______________________________________________
>     >     > Ejbca-develop mailing list
>     >     > Ejb...@li...
>     <mailto:Ejb...@li...>
>     >     <mailto:Ejb...@li...
>     <mailto:Ejb...@li...>>
>     >     > https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>     >     >
>     >
>     >
>     >     _______________________________________________
>     >     Ejbca-develop mailing list
>     >     Ejb...@li...
>     <mailto:Ejb...@li...>
>     >     <mailto:Ejb...@li...
>     <mailto:Ejb...@li...>>
>     >     https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>     >
>     >
>     >
>     > _______________________________________________
>     > Ejbca-develop mailing list
>     > Ejb...@li...
>     <mailto:Ejb...@li...>
>     > https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>     >
> 
> 
>     _______________________________________________
>     Ejbca-develop mailing list
>     Ejb...@li...
>     <mailto:Ejb...@li...>
>     https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 
> 
> -- 
> Jaime Hablutzel -  RPC 994690880
> 
> 
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 

Re: [Ejbca-develop] EJBCA is checking for serial number collisions after generating the certificate

[Jaime H. <hab...@gm...>]

On Tue, Mar 12, 2019 at 7:58 AM Tomas Gustavsson <to...@pr...> wrote:

>
> Now you are getting into semantics. I believe you read the code correct.
> The definition used by me is a difference between "internally generated"
> and "issued by the CA".
>
> The code is there to guard against any certificate with duplicate serial
> numbers being "issued from the CA". This is done by verifying, after the
> certificate has been created in memory, but before it is stored
> anywhere, or returned to anything outside the internal RAM


But the colliding precertificate is still published outside to the CT Logs,
which could lead to the following scenario:

1. A certificate is issued for a subject X with a random serial number A
and it is appropriately stored and published to CT Logs.
2. A new certificate for subject Y is about to be generated and the random
serial number generation process generates the same serial number A (very
unlikely but not impossible).
3. A precertificate for the new certificate is signed and published to CT
Logs.
4. The final certificate is signed but never stored in system because of
the check made by
org.cesecore.certificates.certificate.CertificateCreateSessionBean#assertSerialNumberForIssuerOk
.

And now there are two different precertificates with the same serial number
published into CT Logs which is to be considered a misissuance as indicated
in RFC 6962, "3.1. Log Entries":

The signature on the [precertificate] TBSCertificate indicates the
> certificate authority’s intent to issue a certificate. This intent
> is considered binding (i.e.,
> *misissuance of the Precertificate isconsidered equal to misissuance of
> the final certificate*).


And additionally, revoking the misissued precertificate will revoke the
previously issued correct certificate.

Note: I haven't verified if CT Logs would accept two different
precertificates with the same serial number, but I think they will.


> of the
> running process, that there are no issuer/serialnumber collisions. There
> are other similar guards available as well, such as applying a unique
> database index preventing storage of certificates with duplicate
> issuer/serial.
>
> And of course, the most effective guard is to use serial numbers with
> sufficient length, making the probability of collisions unlikely to
> happen anytime at all.
>
> The code does what what it was designed to do. Do you see any issues
> with the code?
>

I think that the call to verify if the newly generated serial number is
about to collide with an existing one should be performed early, before any
signature is generated in the pre-certificate or the real certificate.


>
> Do you use short serial numbers?
> I do not recommend that you use shorter serial numbers than 64 bits,
> unless you have a very special use-case.
>
> Regards,
> Tomas
>
> PS2: In EJBCA 7.1.0 a new validation step will be added giving the
> possibility of running validation of a pre-sign-certificate, which is
> signed by a dummy key, before the CT pre-certificate is created. The
> purpose is not to look for or prevent collisions though, but can be used
> for other validation before anything CT related is generated.
>
>
> On 2019-03-12 13:19, Jaime Hablutzel wrote:
> > On Tue, Mar 12, 2019, 3:53 AM Tomas Gustavsson <to...@pr...
> > <mailto:to...@pr...>> wrote:
> >
> >     Hi Jaime,
> >
> >     Good point about CT pre-certs. With "no certificates" we mean the
> final
> >     certificate.
> >
> >
> > The final collisioning certificate is generated too. Take a look at the
> > source code before the call
> >
> to org.cesecore.certificates.certificate.CertificateCreateSessionBean#assertSerialNumberForIssuerOk.
> >
> >     The CT pre-certificate is by definition not a
> >     "certificate", it's a "pre-certificate" and can by construct (poison
> >     extension) not be used as a certificate.
> >
> >     Of course, the issuance of a pre-certificate has it's own
> consequences
> >     such as having to revoke it.
> >     Though, as you know, CT is only used for public trust issued
> >     certificates, and there it is not allowed to use 32 bit serial
> numbers.
> >     In fact more than 64 bit serial numbers are needed. This makes this
> >     discussion mostly academic.
> >
> >     Regards,
> >     Tomas
> >
> >
> >     On 2019-03-11 16:37, Jaime Hablutzel wrote:
> >     > Quoting
> >     >
> >     from
> https://groups.google.com/d/msg/mozilla.dev.security.policy/nnLVNfqgz7g/OVKywVZIBgAJ
> :
> >     >
> >     >     In addition to random serial numbers, EJBCA checks for
> collisions,
> >     >     so even in the very unlikely event of equal serial numbers
> being
> >     >     generated, *no certificates with duplicated serial numbers
> >     should be
> >     >     issued from a CA based on the EJBCA software*. By comparison,
> >     >     collisions do happen regularly in testing when using 32 bit
> serial
> >     >     numbers (and are averted), so the underlying checks function
> as we
> >     >     expect.
> >     >
> >     >
> >     > Where the highlighted text is not correct, because, as observed
> >     from the
> >     > trunk source around r31776, if a newly generated random serial
> number
> >     > (generated by
> >     > org.cesecore.certificates.ca
> >     <http://org.cesecore.certificates.ca
> >.internal.SernoGeneratorRandom#getSerno)
> >     > results that is being used by an existing certificate, a new
> >     > collisioning certificate is still generated (and CT precertificate
> >     > published!) but it is discarded only before trying to store it in
> the
> >     > database, when the collision validation is performed
> >     >
> >
>  (org.cesecore.certificates.certificate.CertificateCreateSessionBean#assertSerialNumberForIssuerOk).
> >     >
> >     > It isn't the expected behaviour. Isn't it?.
> >     >
> >     > --
> >     > Jaime Hablutzel -  RPC 994690880
> >     >
> >     >
> >     > _______________________________________________
> >     > Ejbca-develop mailing list
> >     > Ejb...@li...
> >     <mailto:Ejb...@li...>
> >     > https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> >     >
> >
> >
> >     _______________________________________________
> >     Ejbca-develop mailing list
> >     Ejb...@li...
> >     <mailto:Ejb...@li...>
> >     https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> >
> >
> >
> > _______________________________________________
> > Ejbca-develop mailing list
> > Ejb...@li...
> > https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> >
>
>
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop


-- 
Jaime Hablutzel -  RPC 994690880

Re: [Ejbca-develop] EJBCA is checking for serial number collisions after generating the certificate

[Tomas G. <to...@pr...>]

Now you are getting into semantics. I believe you read the code correct.
The definition used by me is a difference between "internally generated"
and "issued by the CA".

The code is there to guard against any certificate with duplicate serial
numbers being "issued from the CA". This is done by verifying, after the
certificate has been created in memory, but before it is stored
anywhere, or returned to anything outside the internal RAM of the
running process, that there are no issuer/serialnumber collisions. There
are other similar guards available as well, such as applying a unique
database index preventing storage of certificates with duplicate
issuer/serial.

And of course, the most effective guard is to use serial numbers with
sufficient length, making the probability of collisions unlikely to
happen anytime at all.

The code does what what it was designed to do. Do you see any issues
with the code?

Do you use short serial numbers?
I do not recommend that you use shorter serial numbers than 64 bits,
unless you have a very special use-case.

Regards,
Tomas

PS2: In EJBCA 7.1.0 a new validation step will be added giving the
possibility of running validation of a pre-sign-certificate, which is
signed by a dummy key, before the CT pre-certificate is created. The
purpose is not to look for or prevent collisions though, but can be used
for other validation before anything CT related is generated.


On 2019-03-12 13:19, Jaime Hablutzel wrote:
> On Tue, Mar 12, 2019, 3:53 AM Tomas Gustavsson <to...@pr...
> <mailto:to...@pr...>> wrote:
> 
>     Hi Jaime,
> 
>     Good point about CT pre-certs. With "no certificates" we mean the final
>     certificate. 
> 
> 
> The final collisioning certificate is generated too. Take a look at the
> source code before the call
> to org.cesecore.certificates.certificate.CertificateCreateSessionBean#assertSerialNumberForIssuerOk.
> 
>     The CT pre-certificate is by definition not a
>     "certificate", it's a "pre-certificate" and can by construct (poison
>     extension) not be used as a certificate.
> 
>     Of course, the issuance of a pre-certificate has it's own consequences
>     such as having to revoke it.
>     Though, as you know, CT is only used for public trust issued
>     certificates, and there it is not allowed to use 32 bit serial numbers.
>     In fact more than 64 bit serial numbers are needed. This makes this
>     discussion mostly academic.
> 
>     Regards,
>     Tomas
> 
> 
>     On 2019-03-11 16:37, Jaime Hablutzel wrote:
>     > Quoting
>     >
>     from https://groups.google.com/d/msg/mozilla.dev.security.policy/nnLVNfqgz7g/OVKywVZIBgAJ:
>     >
>     >     In addition to random serial numbers, EJBCA checks for collisions,
>     >     so even in the very unlikely event of equal serial numbers being
>     >     generated, *no certificates with duplicated serial numbers
>     should be
>     >     issued from a CA based on the EJBCA software*. By comparison,
>     >     collisions do happen regularly in testing when using 32 bit serial
>     >     numbers (and are averted), so the underlying checks function as we
>     >     expect. 
>     >
>     >
>     > Where the highlighted text is not correct, because, as observed
>     from the
>     > trunk source around r31776, if a newly generated random serial number
>     > (generated by
>     > org.cesecore.certificates.ca
>     <http://org.cesecore.certificates.ca>.internal.SernoGeneratorRandom#getSerno)
>     > results that is being used by an existing certificate, a new
>     > collisioning certificate is still generated (and CT precertificate
>     > published!) but it is discarded only before trying to store it in the
>     > database, when the collision validation is performed
>     >
>     (org.cesecore.certificates.certificate.CertificateCreateSessionBean#assertSerialNumberForIssuerOk).
>     >
>     > It isn't the expected behaviour. Isn't it?.
>     >
>     > --
>     > Jaime Hablutzel -  RPC 994690880
>     >
>     >
>     > _______________________________________________
>     > Ejbca-develop mailing list
>     > Ejb...@li...
>     <mailto:Ejb...@li...>
>     > https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>     >
> 
> 
>     _______________________________________________
>     Ejbca-develop mailing list
>     Ejb...@li...
>     <mailto:Ejb...@li...>
>     https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 
> 
> 
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 

Re: [Ejbca-develop] EJBCA is checking for serial number collisions after generating the certificate

[Jaime H. <hab...@gm...>]

On Tue, Mar 12, 2019, 3:53 AM Tomas Gustavsson <to...@pr...> wrote:

> Hi Jaime,
>
> Good point about CT pre-certs. With "no certificates" we mean the final
> certificate.


The final collisioning certificate is generated too. Take a look at the
source code before the call to org.cesecore.certificates.cer
tificate.CertificateCreateSessionBean#assertSerialNumberForIssuerOk.

The CT pre-certificate is by definition not a
> "certificate", it's a "pre-certificate" and can by construct (poison
> extension) not be used as a certificate.
>
> Of course, the issuance of a pre-certificate has it's own consequences
> such as having to revoke it.
> Though, as you know, CT is only used for public trust issued
> certificates, and there it is not allowed to use 32 bit serial numbers.
> In fact more than 64 bit serial numbers are needed. This makes this
> discussion mostly academic.
>
> Regards,
> Tomas
>
>
> On 2019-03-11 16:37, Jaime Hablutzel wrote:
> > Quoting
> > from
> https://groups.google.com/d/msg/mozilla.dev.security.policy/nnLVNfqgz7g/OVKywVZIBgAJ
> :
> >
> >     In addition to random serial numbers, EJBCA checks for collisions,
> >     so even in the very unlikely event of equal serial numbers being
> >     generated, *no certificates with duplicated serial numbers should be
> >     issued from a CA based on the EJBCA software*. By comparison,
> >     collisions do happen regularly in testing when using 32 bit serial
> >     numbers (and are averted), so the underlying checks function as we
> >     expect.
> >
> >
> > Where the highlighted text is not correct, because, as observed from the
> > trunk source around r31776, if a newly generated random serial number
> > (generated by
> > org.cesecore.certificates.ca.internal.SernoGeneratorRandom#getSerno)
> > results that is being used by an existing certificate, a new
> > collisioning certificate is still generated (and CT precertificate
> > published!) but it is discarded only before trying to store it in the
> > database, when the collision validation is performed
> >
> (org.cesecore.certificates.certificate.CertificateCreateSessionBean#assertSerialNumberForIssuerOk).
> >
> > It isn't the expected behaviour. Isn't it?.
> >
> > --
> > Jaime Hablutzel -  RPC 994690880
> >
> >
> > _______________________________________________
> > Ejbca-develop mailing list
> > Ejb...@li...
> > https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> >
>
>
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>

Re: [Ejbca-develop] EJBCA is checking for serial number collisions after generating the certificate

[Tomas G. <to...@pr...>]

Hi Jaime,

Good point about CT pre-certs. With "no certificates" we mean the final
certificate. The CT pre-certificate is by definition not a
"certificate", it's a "pre-certificate" and can by construct (poison
extension) not be used as a certificate.

Of course, the issuance of a pre-certificate has it's own consequences
such as having to revoke it.
Though, as you know, CT is only used for public trust issued
certificates, and there it is not allowed to use 32 bit serial numbers.
In fact more than 64 bit serial numbers are needed. This makes this
discussion mostly academic.

Regards,
Tomas


On 2019-03-11 16:37, Jaime Hablutzel wrote:
> Quoting
> from https://groups.google.com/d/msg/mozilla.dev.security.policy/nnLVNfqgz7g/OVKywVZIBgAJ:
> 
>     In addition to random serial numbers, EJBCA checks for collisions,
>     so even in the very unlikely event of equal serial numbers being
>     generated, *no certificates with duplicated serial numbers should be
>     issued from a CA based on the EJBCA software*. By comparison,
>     collisions do happen regularly in testing when using 32 bit serial
>     numbers (and are averted), so the underlying checks function as we
>     expect. 
> 
> 
> Where the highlighted text is not correct, because, as observed from the
> trunk source around r31776, if a newly generated random serial number
> (generated by
> org.cesecore.certificates.ca.internal.SernoGeneratorRandom#getSerno)
> results that is being used by an existing certificate, a new
> collisioning certificate is still generated (and CT precertificate
> published!) but it is discarded only before trying to store it in the
> database, when the collision validation is performed
> (org.cesecore.certificates.certificate.CertificateCreateSessionBean#assertSerialNumberForIssuerOk).
> 
> It isn't the expected behaviour. Isn't it?.
> 
> -- 
> Jaime Hablutzel -  RPC 994690880
> 
> 
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 

[Ejbca-develop] EJBCA is checking for serial number collisions after generating the certificate

[Jaime H. <hab...@gm...>]

Quoting from
https://groups.google.com/d/msg/mozilla.dev.security.policy/nnLVNfqgz7g/OVKywVZIBgAJ
:

In addition to random serial numbers, EJBCA checks for collisions, so even
> in the very unlikely event of equal serial numbers being generated, *no
> certificates with duplicated serial numbers should be issued from a CA
> based on the EJBCA software*. By comparison, collisions do happen
> regularly in testing when using 32 bit serial numbers (and are averted), so
> the underlying checks function as we expect.


Where the highlighted text is not correct, because, as observed from the
trunk source around r31776, if a newly generated random serial number
(generated by
org.cesecore.certificates.ca.internal.SernoGeneratorRandom#getSerno)
results that is being used by an existing certificate, a new collisioning
certificate is still generated (and CT precertificate published!) but it is
discarded only before trying to store it in the database, when the
collision validation is performed (
org.cesecore.certificates.certificate.CertificateCreateSessionBean#assertSerialNumberForIssuerOk
).

It isn't the expected behaviour. Isn't it?.

-- 
Jaime Hablutzel -  RPC 994690880

Re: [Ejbca-develop] Several problems after migration

[Tomas G. <to...@pr...>]

Hi,

Looks like everything is almost running right?

If you renew those OCSP key bindings your OCSP service will start
working. That sounded like your last remaining issue if I understand it
correctly.

Regards,
Tomas
---
Meet us at RSA Conference 2019
San Francisco, March 4-8
Booth #1935
FREE Expo pass code: XEU9PRIMEKEY

On 2019-02-25 09:48, Arnaud Defos wrote:
> Hi Tomas,
> 
> Thanks for your answer.
> 
> We made new tests, I will respond to your last questions and provide new
> the exact situation with logs:
> 
>>>>Did you check wildfly/standalone/tmp?
> 
> Yes, the directory is empty during the docker build, we try to clean
> /data /tmp /logs in wildfly/standalone, but the problem still exist.
> 
>>>> The: javax.ejb.EJBException: java.lang.StringIndexOutOfBoundsException:
> 
> You're right, this error message appears in 6.3.1.1 only when we access
> Internal Key Bindings> OcspKeyBinding> Click on Ocsp certificate Serial
> Number.
> 
> In version 6.3.1.1, two out of three certificates return the
> "StringIndexOutOfBoundsException" error when clicking on the serial
> number. However, their status is good at Active.
> 
> https://pasteboard.co/I2aUEfL.png
> 
> Following the upgrade in 6.10.1.2, we no longer have the same error and
> the same display. Two certificates are passed in Revoked and the click
> on the serial number displays the error below:
> 
> https://pasteboard.co/I2aUUG8.png
> 
> When we click on the Revoked serial number:
> 
> https://pasteboard.co/I2aIseO.png
> 
> The detail of the stack trace resulting from the server.log (To improve
> the reading of this thread I put the log in attachment mode)
> ->https://pastebin.com/i2mLQwzS
> 
> 
> 
>>>> Is something in the database. Some certificate in a chain is missing? I think this is an issue fixed in later releases.
> 
> Yes maybe, we find this in the server.log:
> 
> 2019-02-21 09:42:25,568 INFO 
> [org.cesecore.certificates.certificate.CertificateStoreSessionBean] (EJB
> default - 7) Reloading CA certificate cache.
> 2019-02-21 09:42:25,577 INFO 
> [org.cesecore.certificates.certificate.CertificateStoreSessionBean] (EJB
> default - 7) Reloaded CA certificate cache with 12 certificates
> 2019-02-21 09:42:47,635 WARN 
> [org.cesecore.certificates.ocsp.OcspResponseGeneratorSessionBean] (EJB
> default - 9) Unable to build certificate chain for OCSP signing
> certificate with Subject DN 'CN=OCSP Service 1 XXXXXXX SIGNATURE
> CA,OU=0002 XXXXXX,O=XXXXXXX,organizationIdentifier=XXXXXXXX,C=FR'. CA
> with Subject DN 'CN=XXXXXX - XXXXXXX SIGNATURE CA,OU=0002
> XXXXXXX,O=XXXXXX,organizationIdentifier=XXXXXX,C=FR' is missing in the
> database.
> 2019-02-21 09:42:47,635 WARN 
> [org.cesecore.certificates.ocsp.OcspResponseGeneratorSessionBean] (EJB
> default - 9) OcspKeyBinding OcspKeyBinding XXXXXX CA ( -1904656213) has
> a signing certificate, but no chain and will be ignored.
> 2019-02-21 09:42:47,641 WARN 
> [org.cesecore.certificates.ocsp.OcspResponseGeneratorSessionBean] (EJB
> default - 9) Unable to build certificate chain for OCSP signing
> certificate with Subject DN 'CN=OCSP Service 1 XXXXXXXXXX CA,OU=0002
> XXXXXX,O=XXXXXXX,organizationIdentifier=XXXXXXXX,C=FR'. CA with Subject
> DN 'CN=XXXXXX - XXXXXXX CA,OU=0002
> XXXXXX,O=XXXXXX,organizationIdentifier=XXXXXXXXX,C=FR' is missing in the
> database.
> 2019-02-21 09:42:47,641 WARN 
> [org.cesecore.certificates.ocsp.OcspResponseGeneratorSessionBean] (EJB
> default - 9) OcspKeyBinding OcspKeyBinding XXXXXX CA ( -1307162558) has
> a signing certificate, but no chain and will be ignored.
> 
> --------------------------------------------------------
> 
> Regarding the problem on End Entity Profiles, in version 6.10.1.2 we
> found the problem. We use a newrelic java agent and this increase the
> size during the compilation.
> 
> So, this point is OK.
> 
> Regards,
> 
> 
> Le mer. 13 févr. 2019 à 11:09, Tomas Gustavsson <to...@pr...
> <mailto:to...@pr...>> a écrit :
> 
> 
>     Hi,
> 
>     This one disturbs me the most right now. So let's take this first.
> 
> 
>         >> at java.lang.String.substring(String.java:1967)
>         >> at org.cesecore.util.CertTools.isDNReversed(CertTools.java:614)
>         >> at
>     org.cesecore.util.CertTools.stringToBCDNString(CertTools.java:467)
> 
>         Are from EJBCA 6.3, this error does not come from EJBCA 6.10. I
>     think
>         your container is not updated with a new ejbca.ear file.
> 
> 
>     > It was the good version of the ear, we checked the version in admin
>     >page.
> 
>     That code is not from EJBCA 6.10, that's just how it is. Do you still
>     get that or is it from an older log from the old version?
> 
>     /Tomas
> 
>     On 2019-02-11 13:35, Arnaud Defos wrote:
>     > Hi Tomas,
>     >
>     > Thanks for your anwser. Here are my comments :
>     >
>     > Le jeu. 7 févr. 2019 à 14:07, Tomas Gustavsson <to...@pr...
>     <mailto:to...@pr...>
>     > <mailto:to...@pr... <mailto:to...@pr...>>> a écrit :
>     >
>     >
>     >     Did you check wildfly/standalone/tmp?
>     >
>     >
>     > No, we will check it asap but I think it was empty before starting
>     ejbca.
>     >  
>     >
>     >
>     >     The issue:
>     >     org.apache.jasper.JasperException: JBWEB004062: Unable to
>     compile class
>     >     for JSP:
>     >     Is something in with the file system.
>     >
>     >
>     > Ok, maybe these informations will help you :
>     >  - we add custom profile in : profilemappings.properties :
>     >
>     "DN;2.5.4.97;200;2.5.4.97;200;OrganizationIdentifier;OrganizationIdentifier"
>     >  - we add custom component in dncomponents.properties :
>     > "organizationIdentifier=2.5.4.97"
>     >  - we add custom extension in certextensions.properties : 
>     > id1.oid=1.3.6.1.5.5.7.1.3
>     >
>     id1.classpath=org.cesecore.certificates.certificate.certextensions.BasicCertificateExtension
>     > id1.displayname=Custom qc statement 1
>     > id1.used=true
>     > id1.translatable=false
>     > id1.critical=false
>     > id1.property.encoding=RAW
>     > id1.property.dynamic=false
>     > id1.property.value=... (could send it if you want)
>     > id2.oid=1.3.6.1.5.5.7.1.3
>     >
>     id2.classpath=org.cesecore.certificates.certificate.certextensions.BasicCertificateExtension
>     > id2.displayname=Custom qc statement 2
>     > id2.used=true
>     > id2.translatable=false
>     > id2.critical=false
>     > id2.property.encoding=RAW
>     > id2.property.dynamic=false
>     > id2.property.value=... (could send it if you want)
>     >
>     >  - in $JBOSS_HOME/bin/standalone.conf : 
>     > we replace "-Xms64m -Xmx512m -XX:MaxPermSize=256m
>     > -Djava.net.preferIPv4Stack=true" by : "-Xms2048m -Xmx2048m
>     > -XX:MaxPermSize=384m -Djava.net.preferIPv4Stack=true"
>     >
>     > Is there something wrong ?
>     >  
>     >
>     >
>     >     The:
>     >     javax.ejb.EJBException: java.lang.StringIndexOutOfBoundsException:
>     >
>     >     Is something in the database. Some certificate in a chain is
>     missing?
>     >     I think this is an issue fixed in later releases.
>     >
>     >
>     > Maybe but how could we check it ? Which SQL commands could we launch ?
>     >  
>     >
>     >
>     >     The:
>     >     Caused by: java.lang.StringIndexOutOfBoundsException: String
>     index out
>     >     of range: -1
>     >     Is something other as well.
>     >
>     >     In fact the code the stacktraces you paste refer to:
>     >
>     >     >> at java.lang.String.substring(String.java:1967)
>     >     >> at org.cesecore.util.CertTools.isDNReversed(CertTools.java:614)
>     >     >> at
>     org.cesecore.util.CertTools.stringToBCDNString(CertTools.java:467)
>     >
>     >     Are from EJBCA 6.3, this error does not come from EJBCA 6.10.
>     I think
>     >     your container is not updated with a new ejbca.ear file.
>     >
>     >
>     > It was the good version of the ear, we checked the version in
>     admin page.
>     >
>     > Thanks for your answers & have a good day !
>     >
>     > Arnaud
>     >
>     >  
>     >
>     >
>     >     Regards,
>     >     Tomas
>     >
>     >
>     >
>     >     On 2019-02-07 12:05, Arnaud Defos wrote:
>     >     > For sure, we didn't modify anything in the code.
>     >     >
>     >     > We do not have the problem in staging environment (same
>     image) of
>     >     > container. It means the problem seems to be in database (too
>     much
>     >     data ?
>     >     > specific configuration ?).
>     >     >
>     >     > So ejbca 6.10.1.2 is working, but the migration/new version
>     seems to
>     >     > trigger these 3 problems...
>     >     >
>     >     > Difficult to solve for us.
>     >     >
>     >     > Le jeu. 7 févr. 2019 à 11:49, Tomas Gustavsson
>     <to...@pr... <mailto:to...@pr...>
>     >     <mailto:to...@pr... <mailto:to...@pr...>>
>     >     > <mailto:to...@pr... <mailto:to...@pr...>
>     <mailto:to...@pr... <mailto:to...@pr...>>>> a écrit :
>     >     >
>     >     >
>     >     >     Hmm, 6.10.1.2 is run bu hundreds of users successfully.
>     It has
>     >     to be
>     >     >     something specific to your installation. I do not talk about
>     >     the browser
>     >     >     cache. Perhaps you built in something in
>     >     wildfly/standalone/tmp in your
>     >     >     docket image.
>     >     >
>     >     >     Are you sure you have not modified EJBCA in any way?
>     >     >
>     >     >     This error:
>     >     >     >> JBWEB004061: An error occurred at line: 325 in the
>     >     generated java
>     >     >     file
>     >     >     >> The code of method _jspService(HttpServletRequest,
>     >     >     HttpServletResponse)
>     >     >     >> is exceeding the 65535 bytes limit
>     >     >
>     >     >     Happens if you add things to endentityprofiles.jsp,
>     because it
>     >     is almost
>     >     >     full by default, so if you add any code of your own it will
>     >     exceed the
>     >     >     limit.
>     >     >
>     >     >     Regards,
>     >     >     Tomas
>     >     >     ---
>     >     >     Meet us at RSA Conference 2019
>     >     >     San Francisco, March 4-8
>     >     >     Booth #1935
>     >     >     FREE Expo pass code: XEU9PRIMEKEY
>     >     >
>     >     >     On 2019-02-07 11:42, Arnaud Defos wrote:
>     >     >     > Hi Tomas,
>     >     >     >
>     >     >     > Thanks for your answer. We use wildfly 10.1.0. We delete
>     >     cache with
>     >     >     > admin page but it does not work. We use docker so the
>     image was
>     >     >     cleaned.
>     >     >     >
>     >     >     > Any ideas to resolve these 3 problems ?
>     >     >     >
>     >     >     > Have a good day !
>     >     >     >
>     >     >     > Le jeu. 31 janv. 2019 à 22:18, Tomas Gustavsson
>     >     <to...@pr... <mailto:to...@pr...>
>     <mailto:to...@pr... <mailto:to...@pr...>>
>     >     >     <mailto:to...@pr... <mailto:to...@pr...>
>     <mailto:to...@pr... <mailto:to...@pr...>>>
>     >     >     > <mailto:to...@pr... <mailto:to...@pr...>
>     <mailto:to...@pr... <mailto:to...@pr...>>
>     >     <mailto:to...@pr... <mailto:to...@pr...>
>     <mailto:to...@pr... <mailto:to...@pr...>>>>> a écrit :
>     >     >     >
>     >     >     >
>     >     >     >     What version of JBoss/WildFly are you using?
>     >     >     >
>     >     >     >     And yes, a new versio is planned rather soon. If you
>     >     want to test
>     >     >     >     something new you can also check out the docker
>     image on
>     >     >     dockerhub.
>     >     >     >
>     >     >     >     https://hub.docker.com/r/primekey/ejbca-ce
>     >     >     >
>     >     >     >     Regards,
>     >     >     >     Tomas
>     >     >     >
>     >     >     >
>     >     >     >     On 2019-01-31 22:15, Tomas Gustavsson wrote:
>     >     >     >     >
>     >     >     >     > I think you need to clean the JBoss temp directory.
>     >     Sometimes it
>     >     >     >     leaves
>     >     >     >     > behind old files, causing jsp errors (it tries
>     to use old
>     >     >     cached pages
>     >     >     >     > in temp with new ejbca version).
>     >     >     >     >
>     >     >     >     > Regards,
>     >     >     >     > Tomas
>     >     >     >     > ---
>     >     >     >     > Meet us at RSA Conference 2019
>     >     >     >     > San Francisco, March 4-8
>     >     >     >     > Booth #1935
>     >     >     >     > FREE Expo pass code: XEU9PRIMEKEY
>     >     >     >     >
>     >     >     >     > On 2019-01-29 14:51, Arnaud Defos wrote:
>     >     >     >     >> Hi,
>     >     >     >     >>
>     >     >     >     >> I try to upgrade from ejbca 6.3.1.1
>     to 6.10.1.2. When I
>     >     >     start ejbca
>     >     >     >     >> after doing all required steps, we have several
>     problems.
>     >     >     >     >>
>     >     >     >     >> _1st problem :_
>     >     >     >     >>
>     >     >     >     >> When I try to go to the "end entity profiles" page,
>     >     I've got
>     >     >     >     blank page
>     >     >     >     >> with "Internal server error". In log file, we
>     can see :
>     >     >     >     >> (default task-1) UT005023: Exception handling
>     request to
>     >     >     >     >>
>     >     >   
>     >   
>       /ejbca/adminweb/ra/editendentityprofiles/editendentityprofiles.jsp:
>     >     >     >     >> org.apache.jasper.JasperException: JBWEB004062:
>     Unable to
>     >     >     compile
>     >     >     >     class
>     >     >     >     >> for JSP: 
>     >     >     >     >>
>     >     >     >     >> JBWEB004061: An error occurred at line: 325 in the
>     >     >     generated java
>     >     >     >     file
>     >     >     >     >> The code of method _jspService(HttpServletRequest,
>     >     >     >     HttpServletResponse)
>     >     >     >     >> is exceeding the 65535 bytes limit
>     >     >     >     >>
>     >     >     >     >> Stacktrace:
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:95)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:198)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:449)
>     >     >     >     >> at
>     >     >   
>      org.apache.jasper.compiler.Compiler.compile(Compiler.java:359)
>     >     >     >     >> at
>     >     >   
>      org.apache.jasper.compiler.Compiler.compile(Compiler.java:334)
>     >     >     >     >> at
>     >     >   
>      org.apache.jasper.compiler.Compiler.compile(Compiler.java:321)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:652)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:358)
>     >     >     >     >> at
>     >     >     >   
>     >     >   
>     >   
>        org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:402)
>     >     >     >     >> at
>     >     >   
>      org.apache.jasper.servlet.JspServlet.service(JspServlet.java:346)
>     >     >     >     >> at
>     >     javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
>     >     >     >     >> at
>     >     >     >   
>     >     >   
>     >   
>        org.ejbca.ui.web.admin.NoCacheFilter.doFilter(NoCacheFilter.java:68)
>     >     >     >     >> at
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:204)
>     >     >     >     >> at
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >     >     >     >> at
>     >     >     >   
>     >     >   
>     >   
>        org.owasp.filters.ClickjackFilter.doFilter(ClickjackFilter.java:36)
>     >     >     >     >> at
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:104)
>     >     >     >     >> at
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >     >     >     >> at
>     >     >     >   
>     >     >   
>     >   
>        org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter.java:88)
>     >     >     >     >> at
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.ejbca.util.owaspcsrfguard.EncodingFilter.doFilter(EncodingFilter.java:51)
>     >     >     >     >> at
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
>     >     >     >     >> at
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.jsp.JspFileHandler.handleRequest(JspFileHandler.java:32)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
>     >     >     >     >> at
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>     >     >     >     >> at
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:805)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>     >     >     >     >> at java.lang.Thread.run(Thread.java:748)
>     >     >     >     >>
>     >     >     >     >> No problem with version 6.3.1.1.
>     >     >     >     >>
>     >     >     >     >> _2nd problem :
>     >     >     >     >> _
>     >     >     >     >>
>     >     >     >     >> When we go to When we go to Internal Key
>     Bindings ->
>     >     >     >     OcspKeyBinding, we
>     >     >     >     >> can see two certificates revoked whereas they
>     were active
>     >     >     before the
>     >     >     >     >> migration.
>     >     >     >     >>
>     >     >     >     >> _3rd problem :_
>     >     >     >     >>
>     >     >     >     >> When we go to Internal Key Bindings ->
>     OcspKeyBinding >
>     >     >     Click on one
>     >     >     >     >> serial number. We have got this error (in the
>     web page) :
>     >     >     >     >> An exception has occurred.
>     >     >     >     >> java.lang.StringIndexOutOfBoundsException: String
>     >     index out of
>     >     >     >     range: -1
>     >     >     >     >>
>     >     >     >     >> javax.ejb.EJBException:
>     >     >     java.lang.StringIndexOutOfBoundsException:
>     >     >     >     >> String index out of range: -1
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.as.ejb3.tx.CMTTxInterceptor.handleExceptionInNoTx(CMTTxInterceptor.java:213)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:265)
>     >     >     >     >> at
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:374)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:243)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:47)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:100)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:64)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >     >> at
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:636)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:61)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >     >> at
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.invocation.PrivilegedWithCombinerInterceptor.processInvocation(PrivilegedWithCombinerInterceptor.java:80)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
>     >     >     >     >> at
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:185)
>     >     >     >     >> at
>     >     >    ��>     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:73)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.cesecore.certificates.certificate.CertificateStoreSessionLocal$$$view55.findCertificateByIssuerAndSerno(Unknown
>     >     >     >     >> Source)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.ejbca.ui.web.admin.rainterface.RAInterfaceBean.loadCertificates(RAInterfaceBean.java:702)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.apache.jsp.viewcertificate_jsp._jspService(viewcertificate_jsp.java:242)
>     >     >     >     >> at
>     >     >   
>      org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
>     >     >     >     >> at
>     >     javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:433)
>     >     >     >     >> at
>     >     >     >   
>     >     >   
>     >   
>        org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:402)
>     >     >     >     >> at
>     >     >   
>      org.apache.jasper.servlet.JspServlet.service(JspServlet.java:346)
>     >     >     >     >> at
>     >     javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:198)
>     >     >     >     >> at
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >     >     >     >> at
>     >     >     >   
>     >     >   
>     >   
>        org.owasp.filters.ClickjackFilter.doFilter(ClickjackFilter.java:36)
>     >     >     >     >> at
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:109)
>     >     >     >     >> at
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
>     >     >     >     >> at
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.jsp.JspFileHandler.handleRequest(JspFileHandler.java:32)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
>     >     >     >     >> at
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>     >     >     >     >> at
>     >     >     >   
>     >     >   
>     >   
>        io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:805)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>     >     >     >     >> at java.lang.Thread.run(Thread.java:748)
>     >     >     >     >> Caused by:
>     java.lang.StringIndexOutOfBoundsException:
>     >     String
>     >     >     >     index out
>     >     >     >     >> of range: -1
>     >     >     >     >> at java.lang.String.substring(String.java:1967)
>     >     >     >     >> at
>     >     org.cesecore.util.CertTools.isDNReversed(CertTools.java:614)
>     >     >     >     >> at
>     >     >   
>      org.cesecore.util.CertTools.stringToBCDNString(CertTools.java:467)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>       ��org.cesecore.certificates.certificate.CertificateStoreSessionBean.findCertificateByIssuerAndSerno(CertificateStoreSessionBean.java:584)
>     >     >     >     >> at
>     sun.reflect.GeneratedMethodAccessor611.invoke(Unknown
>     >     >     Source)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>     >     >     >     >> at java.lang.reflect.Method.invoke(Method.java:498)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:82)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:93)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:73)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:83)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >     >> at
>     >     >     >     >>
>     >     >     >   
>     >     >   
>     >   
>        org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
>     >     >     >     >> at
>     >     >     >  
> 
> 
> 
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 


...
 
[truncated message content]

Re: [Ejbca-develop] Several problems after migration

[Arnaud D. <arn...@gm...>]

Hi Tomas,

Thanks for your answer.

We made new tests, I will respond to your last questions and provide new
the exact situation with logs:

>>>Did you check wildfly/standalone/tmp?

Yes, the directory is empty during the docker build, we try to clean /data
/tmp /logs in wildfly/standalone, but the problem still exist.

>>> The: javax.ejb.EJBException: java.lang.StringIndexOutOfBoundsException:

You're right, this error message appears in 6.3.1.1 only when we access
Internal Key Bindings> OcspKeyBinding> Click on Ocsp certificate Serial
Number.

In version 6.3.1.1, two out of three certificates return the
"StringIndexOutOfBoundsException" error when clicking on the serial number.
However, their status is good at Active.

https://pasteboard.co/I2aUEfL.png

Following the upgrade in 6.10.1.2, we no longer have the same error and the
same display. Two certificates are passed in Revoked and the click on the
serial number displays the error below:

https://pasteboard.co/I2aUUG8.png

When we click on the Revoked serial number:

https://pasteboard.co/I2aIseO.png

The detail of the stack trace resulting from the server.log (To improve the
reading of this thread I put the log in attachment mode) ->
https://pastebin.com/i2mLQwzS



>>> Is something in the database. Some certificate in a chain is missing? I
think this is an issue fixed in later releases.

Yes maybe, we find this in the server.log:

2019-02-21 09:42:25,568 INFO
[org.cesecore.certificates.certificate.CertificateStoreSessionBean] (EJB
default - 7) Reloading CA certificate cache.
2019-02-21 09:42:25,577 INFO
[org.cesecore.certificates.certificate.CertificateStoreSessionBean] (EJB
default - 7) Reloaded CA certificate cache with 12 certificates
2019-02-21 09:42:47,635 WARN
[org.cesecore.certificates.ocsp.OcspResponseGeneratorSessionBean] (EJB
default - 9) Unable to build certificate chain for OCSP signing certificate
with Subject DN 'CN=OCSP Service 1 XXXXXXX SIGNATURE CA,OU=0002
XXXXXX,O=XXXXXXX,organizationIdentifier=XXXXXXXX,C=FR'. CA with Subject DN
'CN=XXXXXX - XXXXXXX SIGNATURE CA,OU=0002
XXXXXXX,O=XXXXXX,organizationIdentifier=XXXXXX,C=FR' is missing in the
database.
2019-02-21 09:42:47,635 WARN
[org.cesecore.certificates.ocsp.OcspResponseGeneratorSessionBean] (EJB
default - 9) OcspKeyBinding OcspKeyBinding XXXXXX CA ( -1904656213) has a
signing certificate, but no chain and will be ignored.
2019-02-21 09:42:47,641 WARN
[org.cesecore.certificates.ocsp.OcspResponseGeneratorSessionBean] (EJB
default - 9) Unable to build certificate chain for OCSP signing certificate
with Subject DN 'CN=OCSP Service 1 XXXXXXXXXX CA,OU=0002
XXXXXX,O=XXXXXXX,organizationIdentifier=XXXXXXXX,C=FR'. CA with Subject DN
'CN=XXXXXX - XXXXXXX CA,OU=0002
XXXXXX,O=XXXXXX,organizationIdentifier=XXXXXXXXX,C=FR' is missing in the
database.
2019-02-21 09:42:47,641 WARN
[org.cesecore.certificates.ocsp.OcspResponseGeneratorSessionBean] (EJB
default - 9) OcspKeyBinding OcspKeyBinding XXXXXX CA ( -1307162558) has a
signing certificate, but no chain and will be ignored.

--------------------------------------------------------

Regarding the problem on End Entity Profiles, in version 6.10.1.2 we found
the problem. We use a newrelic java agent and this increase the size during
the compilation.

So, this point is OK.

Regards,


Le mer. 13 févr. 2019 à 11:09, Tomas Gustavsson <to...@pr...> a
écrit :

>
> Hi,
>
> This one disturbs me the most right now. So let's take this first.
>
>
>     >> at java.lang.String.substring(String.java:1967)
>     >> at org.cesecore.util.CertTools.isDNReversed(CertTools.java:614)
>     >> at
> org.cesecore.util.CertTools.stringToBCDNString(CertTools.java:467)
>
>     Are from EJBCA 6.3, this error does not come from EJBCA 6.10. I think
>     your container is not updated with a new ejbca.ear file.
>
>
> > It was the good version of the ear, we checked the version in admin
> >page.
>
> That code is not from EJBCA 6.10, that's just how it is. Do you still
> get that or is it from an older log from the old version?
>
> /Tomas
>
> On 2019-02-11 13:35, Arnaud Defos wrote:
> > Hi Tomas,
> >
> > Thanks for your anwser. Here are my comments :
> >
> > Le jeu. 7 févr. 2019 à 14:07, Tomas Gustavsson <to...@pr...
> > <mailto:to...@pr...>> a écrit :
> >
> >
> >     Did you check wildfly/standalone/tmp?
> >
> >
> > No, we will check it asap but I think it was empty before starting ejbca.
> >
> >
> >
> >     The issue:
> >     org.apache.jasper.JasperException: JBWEB004062: Unable to compile
> class
> >     for JSP:
> >     Is something in with the file system.
> >
> >
> > Ok, maybe these informations will help you :
> >  - we add custom profile in : profilemappings.properties :
> >
> "DN;2.5.4.97;200;2.5.4.97;200;OrganizationIdentifier;OrganizationIdentifier"
> >  - we add custom component in dncomponents.properties :
> > "organizationIdentifier=2.5.4.97"
> >  - we add custom extension in certextensions.properties :
> > id1.oid=1.3.6.1.5.5.7.1.3
> >
> id1.classpath=org.cesecore.certificates.certificate.certextensions.BasicCertificateExtension
> > id1.displayname=Custom qc statement 1
> > id1.used=true
> > id1.translatable=false
> > id1.critical=false
> > id1.property.encoding=RAW
> > id1.property.dynamic=false
> > id1.property.value=... (could send it if you want)
> > id2.oid=1.3.6.1.5.5.7.1.3
> >
> id2.classpath=org.cesecore.certificates.certificate.certextensions.BasicCertificateExtension
> > id2.displayname=Custom qc statement 2
> > id2.used=true
> > id2.translatable=false
> > id2.critical=false
> > id2.property.encoding=RAW
> > id2.property.dynamic=false
> > id2.property.value=... (could send it if you want)
> >
> >  - in $JBOSS_HOME/bin/standalone.conf :
> > we replace "-Xms64m -Xmx512m -XX:MaxPermSize=256m
> > -Djava.net.preferIPv4Stack=true" by : "-Xms2048m -Xmx2048m
> > -XX:MaxPermSize=384m -Djava.net.preferIPv4Stack=true"
> >
> > Is there something wrong ?
> >
> >
> >
> >     The:
> >     javax.ejb.EJBException: java.lang.StringIndexOutOfBoundsException:
> >
> >     Is something in the database. Some certificate in a chain is missing?
> >     I think this is an issue fixed in later releases.
> >
> >
> > Maybe but how could we check it ? Which SQL commands could we launch ?
> >
> >
> >
> >     The:
> >     Caused by: java.lang.StringIndexOutOfBoundsException: String index
> out
> >     of range: -1
> >     Is something other as well.
> >
> >     In fact the code the stacktraces you paste refer to:
> >
> >     >> at java.lang.String.substring(String.java:1967)
> >     >> at org.cesecore.util.CertTools.isDNReversed(CertTools.java:614)
> >     >> at
> org.cesecore.util.CertTools.stringToBCDNString(CertTools.java:467)
> >
> >     Are from EJBCA 6.3, this error does not come from EJBCA 6.10. I think
> >     your container is not updated with a new ejbca.ear file.
> >
> >
> > It was the good version of the ear, we checked the version in admin page.
> >
> > Thanks for your answers & have a good day !
> >
> > Arnaud
> >
> >
> >
> >
> >     Regards,
> >     Tomas
> >
> >
> >
> >     On 2019-02-07 12:05, Arnaud Defos wrote:
> >     > For sure, we didn't modify anything in the code.
> >     >
> >     > We do not have the problem in staging environment (same image) of
> >     > container. It means the problem seems to be in database (too much
> >     data ?
> >     > specific configuration ?).
> >     >
> >     > So ejbca 6.10.1.2 is working, but the migration/new version seems
> to
> >     > trigger these 3 problems...
> >     >
> >     > Difficult to solve for us.
> >     >
> >     > Le jeu. 7 févr. 2019 à 11:49, Tomas Gustavsson <to...@pr...
> >     <mailto:to...@pr...>
> >     > <mailto:to...@pr... <mailto:to...@pr...>>> a écrit :
> >     >
> >     >
> >     >     Hmm, 6.10.1.2 is run bu hundreds of users successfully. It has
> >     to be
> >     >     something specific to your installation. I do not talk about
> >     the browser
> >     >     cache. Perhaps you built in something in
> >     wildfly/standalone/tmp in your
> >     >     docket image.
> >     >
> >     >     Are you sure you have not modified EJBCA in any way?
> >     >
> >     >     This error:
> >     >     >> JBWEB004061: An error occurred at line: 325 in the
> >     generated java
> >     >     file
> >     >     >> The code of method _jspService(HttpServletRequest,
> >     >     HttpServletResponse)
> >     >     >> is exceeding the 65535 bytes limit
> >     >
> >     >     Happens if you add things to endentityprofiles.jsp, because it
> >     is almost
> >     >     full by default, so if you add any code of your own it will
> >     exceed the
> >     >     limit.
> >     >
> >     >     Regards,
> >     >     Tomas
> >     >     ---
> >     >     Meet us at RSA Conference 2019
> >     >     San Francisco, March 4-8
> >     >     Booth #1935
> >     >     FREE Expo pass code: XEU9PRIMEKEY
> >     >
> >     >     On 2019-02-07 11:42, Arnaud Defos wrote:
> >     >     > Hi Tomas,
> >     >     >
> >     >     > Thanks for your answer. We use wildfly 10.1.0. We delete
> >     cache with
> >     >     > admin page but it does not work. We use docker so the image
> was
> >     >     cleaned.
> >     >     >
> >     >     > Any ideas to resolve these 3 problems ?
> >     >     >
> >     >     > Have a good day !
> >     >     >
> >     >     > Le jeu. 31 janv. 2019 à 22:18, Tomas Gustavsson
> >     <to...@pr... <mailto:to...@pr...>
> >     >     <mailto:to...@pr... <mailto:to...@pr...>>
> >     >     > <mailto:to...@pr... <mailto:to...@pr...>
> >     <mailto:to...@pr... <mailto:to...@pr...>>>> a écrit :
> >     >     >
> >     >     >
> >     >     >     What version of JBoss/WildFly are you using?
> >     >     >
> >     >     >     And yes, a new versio is planned rather soon. If you
> >     want to test
> >     >     >     something new you can also check out the docker image on
> >     >     dockerhub.
> >     >     >
> >     >     >     https://hub.docker.com/r/primekey/ejbca-ce
> >     >     >
> >     >     >     Regards,
> >     >     >     Tomas
> >     >     >
> >     >     >
> >     >     >     On 2019-01-31 22:15, Tomas Gustavsson wrote:
> >     >     >     >
> >     >     >     > I think you need to clean the JBoss temp directory.
> >     Sometimes it
> >     >     >     leaves
> >     >     >     > behind old files, causing jsp errors (it tries to use
> old
> >     >     cached pages
> >     >     >     > in temp with new ejbca version).
> >     >     >     >
> >     >     >     > Regards,
> >     >     >     > Tomas
> >     >     >     > ---
> >     >     >     > Meet us at RSA Conference 2019
> >     >     >     > San Francisco, March 4-8
> >     >     >     > Booth #1935
> >     >     >     > FREE Expo pass code: XEU9PRIMEKEY
> >     >     >     >
> >     >     >     > On 2019-01-29 14:51, Arnaud Defos wrote:
> >     >     >     >> Hi,
> >     >     >     >>
> >     >     >     >> I try to upgrade from ejbca 6.3.1.1 to 6.10.1.2. When
> I
> >     >     start ejbca
> >     >     >     >> after doing all required steps, we have several
> problems.
> >     >     >     >>
> >     >     >     >> _1st problem :_
> >     >     >     >>
> >     >     >     >> When I try to go to the "end entity profiles" page,
> >     I've got
> >     >     >     blank page
> >     >     >     >> with "Internal server error". In log file, we can see
> :
> >     >     >     >> (default task-1) UT005023: Exception handling request
> to
> >     >     >     >>
> >     >
> >      /ejbca/adminweb/ra/editendentityprofiles/editendentityprofiles.jsp:
> >     >     >     >> org.apache.jasper.JasperException: JBWEB004062:
> Unable to
> >     >     compile
> >     >     >     class
> >     >     >     >> for JSP:
> >     >     >     >>
> >     >     >     >> JBWEB004061: An error occurred at line: 325 in the
> >     >     generated java
> >     >     >     file
> >     >     >     >> The code of method _jspService(HttpServletRequest,
> >     >     >     HttpServletResponse)
> >     >     >     >> is exceeding the 65535 bytes limit
> >     >     >     >>
> >     >     >     >> Stacktrace:
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:95)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:198)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:449)
> >     >     >     >> at
> >     >     org.apache.jasper.compiler.Compiler.compile(Compiler.java:359)
> >     >     >     >> at
> >     >     org.apache.jasper.compiler.Compiler.compile(Compiler.java:334)
> >     >     >     >> at
> >     >     org.apache.jasper.compiler.Compiler.compile(Compiler.java:321)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:652)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:358)
> >     >     >     >> at
> >     >     >
> >     >
> >
>    org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:402)
> >     >     >     >> at
> >     >
>  org.apache.jasper.servlet.JspServlet.service(JspServlet.java:346)
> >     >     >     >> at
> >     javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
> >     >     >     >> at
> >     >     >
> >     >
> >
>    org.ejbca.ui.web.admin.NoCacheFilter.doFilter(NoCacheFilter.java:68)
> >     >     >     >> at
> >     >     >
> >     >
> >
>    io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:204)
> >     >     >     >> at
> >     >     >
> >     >
> >
>    io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >     >     >     >> at
> >     >     >
> >     >
> >       org.owasp.filters.ClickjackFilter.doFilter(ClickjackFilter.java:36)
> >     >     >     >> at
> >     >     >
> >     >
> >
>    io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:104)
> >     >     >     >> at
> >     >     >
> >     >
> >
>    io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >     >     >     >> at
> >     >     >
> >     >
> >
>    org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter.java:88)
> >     >     >     >> at
> >     >     >
> >     >
> >
>    io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.ejbca.util.owaspcsrfguard.EncodingFilter.doFilter(EncodingFilter.java:51)
> >     >     >     >> at
> >     >     >
> >     >
> >
>    io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> >     >     >     >> at
> >     >     >
> >     >
> >
>    io.undertow.jsp.JspFileHandler.handleRequest(JspFileHandler.java:32)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
> >     >     >     >> at
> >     >     >
> >     >
> >
>    io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
> >     >     >     >> at
> >     >     >
> >     >
> >
>    io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:805)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> >     >     >     >> at java.lang.Thread.run(Thread.java:748)
> >     >     >     >>
> >     >     >     >> No problem with version 6.3.1.1.
> >     >     >     >>
> >     >     >     >> _2nd problem :
> >     >     >     >> _
> >     >     >     >>
> >     >     >     >> When we go to When we go to Internal Key Bindings ->
> >     >     >     OcspKeyBinding, we
> >     >     >     >> can see two certificates revoked whereas they were
> active
> >     >     before the
> >     >     >     >> migration.
> >     >     >     >>
> >     >     >     >> _3rd problem :_
> >     >     >     >>
> >     >     >     >> When we go to Internal Key Bindings -> OcspKeyBinding
> >
> >     >     Click on one
> >     >     >     >> serial number. We have got this error (in the web
> page) :
> >     >     >     >> An exception has occurred.
> >     >     >     >> java.lang.StringIndexOutOfBoundsException: String
> >     index out of
> >     >     >     range: -1
> >     >     >     >>
> >     >     >     >> javax.ejb.EJBException:
> >     >     java.lang.StringIndexOutOfBoundsException:
> >     >     >     >> String index out of range: -1
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.as.ejb3.tx.CMTTxInterceptor.handleExceptionInNoTx(CMTTxInterceptor.java:213)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:265)
> >     >     >     >> at
> >     >     >
> >     >
> >
>    org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:374)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:243)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:47)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:100)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:64)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >     >> at
> >     >     >
> >     >
> >
>    org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:636)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:61)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >     >> at
> >     >     >
> >     >
> >
>    org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.invocation.PrivilegedWithCombinerInterceptor.processInvocation(PrivilegedWithCombinerInterceptor.java:80)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> >     >     >     >> at
> >     >     >
> >     >
> >
>    org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:185)
> >     >     >     >> at
> >     >    ��>     >>
> >     >     >
> >     >
> >
>    org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:73)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.cesecore.certificates.certificate.CertificateStoreSessionLocal$$$view55.findCertificateByIssuerAndSerno(Unknown
> >     >     >     >> Source)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.ejbca.ui.web.admin.rainterface.RAInterfaceBean.loadCertificates(RAInterfaceBean.java:702)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.apache.jsp.viewcertificate_jsp._jspService(viewcertificate_jsp.java:242)
> >     >     >     >> at
> >     >
>  org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
> >     >     >     >> at
> >     javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:433)
> >     >     >     >> at
> >     >     >
> >     >
> >
>    org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:402)
> >     >     >     >> at
> >     >
>  org.apache.jasper.servlet.JspServlet.service(JspServlet.java:346)
> >     >     >     >> at
> >     javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:198)
> >     >     >     >> at
> >     >     >
> >     >
> >
>    io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >     >     >     >> at
> >     >     >
> >     >
> >       org.owasp.filters.ClickjackFilter.doFilter(ClickjackFilter.java:36)
> >     >     >     >> at
> >     >     >
> >     >
> >
>    io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:109)
> >     >     >     >> at
> >     >     >
> >     >
> >
>    io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> >     >     >     >> at
> >     >     >
> >     >
> >
>    io.undertow.jsp.JspFileHandler.handleRequest(JspFileHandler.java:32)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
> >     >     >     >> at
> >     >     >
> >     >
> >
>    io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
> >     >     >     >> at
> >     >     >
> >     >
> >
>    io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:805)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> >     >     >     >> at java.lang.Thread.run(Thread.java:748)
> >     >     >     >> Caused by: java.lang.StringIndexOutOfBoundsException:
> >     String
> >     >     >     index out
> >     >     >     >> of range: -1
> >     >     >     >> at java.lang.String.substring(String.java:1967)
> >     >     >     >> at
> >     org.cesecore.util.CertTools.isDNReversed(CertTools.java:614)
> >     >     >     >> at
> >     >
>  org.cesecore.util.CertTools.stringToBCDNString(CertTools.java:467)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.cesecore.certificates.certificate.CertificateStoreSessionBean.findCertificateByIssuerAndSerno(CertificateStoreSessionBean.java:584)
> >     >     >     >> at
> sun.reflect.GeneratedMethodAccessor611.invoke(Unknown
> >     >     Source)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> >     >     >     >> at java.lang.reflect.Method.invoke(Method.java:498)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:82)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:93)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:73)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:83)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >     >> at
> >     >     >     >>
> >     >     >
> >     >
> >
>    org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
> >     >     >     >> at
> >     >     >

Re: [Ejbca-develop] Several problems after migration

[Tomas G. <to...@pr...>]

Hi,

This one disturbs me the most right now. So let's take this first.


    >> at java.lang.String.substring(String.java:1967)
    >> at org.cesecore.util.CertTools.isDNReversed(CertTools.java:614)
    >> at org.cesecore.util.CertTools.stringToBCDNString(CertTools.java:467)

    Are from EJBCA 6.3, this error does not come from EJBCA 6.10. I think
    your container is not updated with a new ejbca.ear file.


> It was the good version of the ear, we checked the version in admin
>page.

That code is not from EJBCA 6.10, that's just how it is. Do you still
get that or is it from an older log from the old version?

/Tomas

On 2019-02-11 13:35, Arnaud Defos wrote:
> Hi Tomas,
> 
> Thanks for your anwser. Here are my comments :
> 
> Le jeu. 7 févr. 2019 à 14:07, Tomas Gustavsson <to...@pr...
> <mailto:to...@pr...>> a écrit :
> 
> 
>     Did you check wildfly/standalone/tmp?
> 
> 
> No, we will check it asap but I think it was empty before starting ejbca.
>  
> 
> 
>     The issue:
>     org.apache.jasper.JasperException: JBWEB004062: Unable to compile class
>     for JSP:
>     Is something in with the file system.
> 
> 
> Ok, maybe these informations will help you :
>  - we add custom profile in : profilemappings.properties :
> "DN;2.5.4.97;200;2.5.4.97;200;OrganizationIdentifier;OrganizationIdentifier"
>  - we add custom component in dncomponents.properties :
> "organizationIdentifier=2.5.4.97"
>  - we add custom extension in certextensions.properties : 
> id1.oid=1.3.6.1.5.5.7.1.3
> id1.classpath=org.cesecore.certificates.certificate.certextensions.BasicCertificateExtension
> id1.displayname=Custom qc statement 1
> id1.used=true
> id1.translatable=false
> id1.critical=false
> id1.property.encoding=RAW
> id1.property.dynamic=false
> id1.property.value=... (could send it if you want)
> id2.oid=1.3.6.1.5.5.7.1.3
> id2.classpath=org.cesecore.certificates.certificate.certextensions.BasicCertificateExtension
> id2.displayname=Custom qc statement 2
> id2.used=true
> id2.translatable=false
> id2.critical=false
> id2.property.encoding=RAW
> id2.property.dynamic=false
> id2.property.value=... (could send it if you want)
> 
>  - in $JBOSS_HOME/bin/standalone.conf : 
> we replace "-Xms64m -Xmx512m -XX:MaxPermSize=256m
> -Djava.net.preferIPv4Stack=true" by : "-Xms2048m -Xmx2048m
> -XX:MaxPermSize=384m -Djava.net.preferIPv4Stack=true"
> 
> Is there something wrong ?
>  
> 
> 
>     The:
>     javax.ejb.EJBException: java.lang.StringIndexOutOfBoundsException:
> 
>     Is something in the database. Some certificate in a chain is missing?
>     I think this is an issue fixed in later releases.
> 
> 
> Maybe but how could we check it ? Which SQL commands could we launch ?
>  
> 
> 
>     The:
>     Caused by: java.lang.StringIndexOutOfBoundsException: String index out
>     of range: -1
>     Is something other as well.
> 
>     In fact the code the stacktraces you paste refer to:
> 
>     >> at java.lang.String.substring(String.java:1967)
>     >> at org.cesecore.util.CertTools.isDNReversed(CertTools.java:614)
>     >> at org.cesecore.util.CertTools.stringToBCDNString(CertTools.java:467)
> 
>     Are from EJBCA 6.3, this error does not come from EJBCA 6.10. I think
>     your container is not updated with a new ejbca.ear file.
> 
> 
> It was the good version of the ear, we checked the version in admin page.
> 
> Thanks for your answers & have a good day !
> 
> Arnaud
> 
>  
> 
> 
>     Regards,
>     Tomas
> 
> 
> 
>     On 2019-02-07 12:05, Arnaud Defos wrote:
>     > For sure, we didn't modify anything in the code.
>     >
>     > We do not have the problem in staging environment (same image) of
>     > container. It means the problem seems to be in database (too much
>     data ?
>     > specific configuration ?).
>     >
>     > So ejbca 6.10.1.2 is working, but the migration/new version seems to
>     > trigger these 3 problems...
>     >
>     > Difficult to solve for us.
>     >
>     > Le jeu. 7 févr. 2019 à 11:49, Tomas Gustavsson <to...@pr...
>     <mailto:to...@pr...>
>     > <mailto:to...@pr... <mailto:to...@pr...>>> a écrit :
>     >
>     >
>     >     Hmm, 6.10.1.2 is run bu hundreds of users successfully. It has
>     to be
>     >     something specific to your installation. I do not talk about
>     the browser
>     >     cache. Perhaps you built in something in
>     wildfly/standalone/tmp in your
>     >     docket image.
>     >
>     >     Are you sure you have not modified EJBCA in any way?
>     >
>     >     This error:
>     >     >> JBWEB004061: An error occurred at line: 325 in the
>     generated java
>     >     file
>     >     >> The code of method _jspService(HttpServletRequest,
>     >     HttpServletResponse)
>     >     >> is exceeding the 65535 bytes limit
>     >
>     >     Happens if you add things to endentityprofiles.jsp, because it
>     is almost
>     >     full by default, so if you add any code of your own it will
>     exceed the
>     >     limit.
>     >
>     >     Regards,
>     >     Tomas
>     >     ---
>     >     Meet us at RSA Conference 2019
>     >     San Francisco, March 4-8
>     >     Booth #1935
>     >     FREE Expo pass code: XEU9PRIMEKEY
>     >
>     >     On 2019-02-07 11:42, Arnaud Defos wrote:
>     >     > Hi Tomas,
>     >     >
>     >     > Thanks for your answer. We use wildfly 10.1.0. We delete
>     cache with
>     >     > admin page but it does not work. We use docker so the image was
>     >     cleaned.
>     >     >
>     >     > Any ideas to resolve these 3 problems ?
>     >     >
>     >     > Have a good day !
>     >     >
>     >     > Le jeu. 31 janv. 2019 à 22:18, Tomas Gustavsson
>     <to...@pr... <mailto:to...@pr...>
>     >     <mailto:to...@pr... <mailto:to...@pr...>>
>     >     > <mailto:to...@pr... <mailto:to...@pr...>
>     <mailto:to...@pr... <mailto:to...@pr...>>>> a écrit :
>     >     >
>     >     >
>     >     >     What version of JBoss/WildFly are you using?
>     >     >
>     >     >     And yes, a new versio is planned rather soon. If you
>     want to test
>     >     >     something new you can also check out the docker image on
>     >     dockerhub.
>     >     >
>     >     >     https://hub.docker.com/r/primekey/ejbca-ce
>     >     >
>     >     >     Regards,
>     >     >     Tomas
>     >     >
>     >     >
>     >     >     On 2019-01-31 22:15, Tomas Gustavsson wrote:
>     >     >     >
>     >     >     > I think you need to clean the JBoss temp directory.
>     Sometimes it
>     >     >     leaves
>     >     >     > behind old files, causing jsp errors (it tries to use old
>     >     cached pages
>     >     >     > in temp with new ejbca version).
>     >     >     >
>     >     >     > Regards,
>     >     >     > Tomas
>     >     >     > ---
>     >     >     > Meet us at RSA Conference 2019
>     >     >     > San Francisco, March 4-8
>     >     >     > Booth #1935
>     >     >     > FREE Expo pass code: XEU9PRIMEKEY
>     >     >     >
>     >     >     > On 2019-01-29 14:51, Arnaud Defos wrote:
>     >     >     >> Hi,
>     >     >     >>
>     >     >     >> I try to upgrade from ejbca 6.3.1.1 to 6.10.1.2. When I
>     >     start ejbca
>     >     >     >> after doing all required steps, we have several problems.
>     >     >     >>
>     >     >     >> _1st problem :_
>     >     >     >>
>     >     >     >> When I try to go to the "end entity profiles" page,
>     I've got
>     >     >     blank page
>     >     >     >> with "Internal server error". In log file, we can see :
>     >     >     >> (default task-1) UT005023: Exception handling request to
>     >     >     >>
>     >   
>      /ejbca/adminweb/ra/editendentityprofiles/editendentityprofiles.jsp:
>     >     >     >> org.apache.jasper.JasperException: JBWEB004062: Unable to
>     >     compile
>     >     >     class
>     >     >     >> for JSP: 
>     >     >     >>
>     >     >     >> JBWEB004061: An error occurred at line: 325 in the
>     >     generated java
>     >     >     file
>     >     >     >> The code of method _jspService(HttpServletRequest,
>     >     >     HttpServletResponse)
>     >     >     >> is exceeding the 65535 bytes limit
>     >     >     >>
>     >     >     >> Stacktrace:
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:95)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:198)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:449)
>     >     >     >> at
>     >     org.apache.jasper.compiler.Compiler.compile(Compiler.java:359)
>     >     >     >> at
>     >     org.apache.jasper.compiler.Compiler.compile(Compiler.java:334)
>     >     >     >> at
>     >     org.apache.jasper.compiler.Compiler.compile(Compiler.java:321)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:652)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:358)
>     >     >     >> at
>     >     >   
>     >   
>       org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:402)
>     >     >     >> at
>     >     org.apache.jasper.servlet.JspServlet.service(JspServlet.java:346)
>     >     >     >> at
>     javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
>     >     >     >> at
>     >     >   
>     >   
>       org.ejbca.ui.web.admin.NoCacheFilter.doFilter(NoCacheFilter.java:68)
>     >     >     >> at
>     >     >   
>     >   
>       io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:204)
>     >     >     >> at
>     >     >   
>     >   
>       io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >     >     >> at
>     >     >   
>     >   
>       org.owasp.filters.ClickjackFilter.doFilter(ClickjackFilter.java:36)
>     >     >     >> at
>     >     >   
>     >   
>       io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:104)
>     >     >     >> at
>     >     >   
>     >   
>       io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >     >     >> at
>     >     >   
>     >   
>       org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter.java:88)
>     >     >     >> at
>     >     >   
>     >   
>       io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.ejbca.util.owaspcsrfguard.EncodingFilter.doFilter(EncodingFilter.java:51)
>     >     >     >> at
>     >     >   
>     >   
>       io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
>     >     >     >> at
>     >     >   
>     >   
>       io.undertow.jsp.JspFileHandler.handleRequest(JspFileHandler.java:32)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
>     >     >     >> at
>     >     >   
>     >   
>       io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>     >     >     >> at
>     >     >   
>     >   
>       io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:805)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>     >     >     >> at java.lang.Thread.run(Thread.java:748)
>     >     >     >>
>     >     >     >> No problem with version 6.3.1.1.
>     >     >     >>
>     >     >     >> _2nd problem :
>     >     >     >> _
>     >     >     >>
>     >     >     >> When we go to When we go to Internal Key Bindings ->
>     >     >     OcspKeyBinding, we
>     >     >     >> can see two certificates revoked whereas they were active
>     >     before the
>     >     >     >> migration.
>     >     >     >>
>     >     >     >> _3rd problem :_
>     >     >     >>
>     >     >     >> When we go to Internal Key Bindings -> OcspKeyBinding >
>     >     Click on one
>     >     >     >> serial number. We have got this error (in the web page) :
>     >     >     >> An exception has occurred.
>     >     >     >> java.lang.StringIndexOutOfBoundsException: String
>     index out of
>     >     >     range: -1
>     >     >     >>
>     >     >     >> javax.ejb.EJBException:
>     >     java.lang.StringIndexOutOfBoundsException:
>     >     >     >> String index out of range: -1
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.as.ejb3.tx.CMTTxInterceptor.handleExceptionInNoTx(CMTTxInterceptor.java:213)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:265)
>     >     >     >> at
>     >     >   
>     >   
>       org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:374)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:243)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:47)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:100)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:64)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >> at
>     >     >   
>     >   
>       org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:636)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:61)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >> at
>     >     >   
>     >   
>       org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.invocation.PrivilegedWithCombinerInterceptor.processInvocation(PrivilegedWithCombinerInterceptor.java:80)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
>     >     >     >> at
>     >     >   
>     >   
>       org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:185)
>     >     >     >> at
>     >    ��>     >>
>     >     >   
>     >   
>       org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:73)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.cesecore.certificates.certificate.CertificateStoreSessionLocal$$$view55.findCertificateByIssuerAndSerno(Unknown
>     >     >     >> Source)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.ejbca.ui.web.admin.rainterface.RAInterfaceBean.loadCertificates(RAInterfaceBean.java:702)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.apache.jsp.viewcertificate_jsp._jspService(viewcertificate_jsp.java:242)
>     >     >     >> at
>     >     org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
>     >     >     >> at
>     javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:433)
>     >     >     >> at
>     >     >   
>     >   
>       org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:402)
>     >     >     >> at
>     >     org.apache.jasper.servlet.JspServlet.service(JspServlet.java:346)
>     >     >     >> at
>     javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:198)
>     >     >     >> at
>     >     >   
>     >   
>       io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >     >     >> at
>     >     >   
>     >   
>       org.owasp.filters.ClickjackFilter.doFilter(ClickjackFilter.java:36)
>     >     >     >> at
>     >     >   
>     >   
>       io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:109)
>     >     >     >> at
>     >     >   
>     >   
>       io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
>     >     >     >> at
>     >     >   
>     >   
>       io.undertow.jsp.JspFileHandler.handleRequest(JspFileHandler.java:32)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
>     >     >     >> at
>     >     >   
>     >   
>       io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>     >     >     >> at
>     >     >   
>     >   
>       io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:805)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>     >     >     >> at java.lang.Thread.run(Thread.java:748)
>     >     >     >> Caused by: java.lang.StringIndexOutOfBoundsException:
>     String
>     >     >     index out
>     >     >     >> of range: -1
>     >     >     >> at java.lang.String.substring(String.java:1967)
>     >     >     >> at
>     org.cesecore.util.CertTools.isDNReversed(CertTools.java:614)
>     >     >     >> at
>     >     org.cesecore.util.CertTools.stringToBCDNString(CertTools.java:467)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.cesecore.certificates.certificate.CertificateStoreSessionBean.findCertificateByIssuerAndSerno(CertificateStoreSessionBean.java:584)
>     >     >     >> at sun.reflect.GeneratedMethodAccessor611.invoke(Unknown
>     >     Source)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>     >     >     >> at java.lang.reflect.Method.invoke(Method.java:498)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:82)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:93)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:73)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:83)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:52)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.as.ejb3.component.interceptors.NonPooledEJBComponentInstanceAssociatingInterceptor.processInvocation(NonPooledEJBComponentInstanceAssociatingInterceptor.java:59)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >     >> at
>     >     >     >>
>     >     >   
>     >   
>       org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:263)
>     >     >     >> ... 95 more
>     >     >     >>
>     >     >     >> This problem appear in both versions (6.3.1.1 and
>     6.10.1.2).
>     >     >     >>
>     >     >     >> Maybe the 2nd and the 3rd problem are linked. We can see
>     >     that id of
>     >     >     >> these certificates are negative, how is it possible ?
>     >     >     >>
>     >     >     >> Do we need to upgrade from 6.3.1.1 to 6.5.0.5 before
>     going to
>     >     >     6.10.1.2 ?
>     >     >     >>
>     >     >     >> Is there a new community edition scheduled ?
>     >     >     >>
>     >     >     >> Thanks for your answer !
>     >     >     >>
>     >     >     >> Best regards,
>     >     >     >>
>     >     >     >> Arnaud
>     >     >     >>
>     >     >     >>
>     >     >     >>
>     >     >     >>
>     >     >     >> _______________________________________________
>     >     >     >> Ejbca-develop mailing list
>     >     >     >> Ejb...@li...
>     <mailto:Ejb...@li...>
>     >     <mailto:Ejb...@li...
>     <mailto:Ejb...@li...>>
>     >     >     <mailto:Ejb...@li...
>     <mailto:Ejb...@li...>
>     >     <mailto:Ejb...@li...
>     <mailto:Ejb...@li...>>>
>     >     >     >>
>     https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>     >     >     >>
>     >     >
>     >     >
>     >     >     _______________________________________________
>     >     >     Ejbca-develop mailing list
>     >     >     Ejb...@li...
>     <mailto:Ejb...@li...>
>     >     <mailto:Ejb...@li...
>     <mailto:Ejb...@li...>>
>     >     >     <mailto:Ejb...@li...
>     <mailto:Ejb...@li...>
>     >     <mailto:Ejb...@li...
>     <mailto:Ejb...@li...>>>
>     >     >     https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>     >     >
>     >     >
>     >     >
>     >     > _______________________________________________
>     >     > Ejbca-develop mailing list
>     >     > Ejb...@li...
>     <mailto:Ejb...@li...>
>     >     <mailto:Ejb...@li...
>     <mailto:Ejb...@li...>>
>     >     > https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>     >     >
>     >
>     >
>     >     _______________________________________________
>     >     Ejbca-develop mailing list
>     >     Ejb...@li...
>     <mailto:Ejb...@li...>
>     >     <mailto:Ejb...@li...
>     <mailto:Ejb...@li...>>
>     >     https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>     >
>     >
>     >
>     > _______________________________________________
>     > Ejbca-develop mailing list
>     > Ejb...@li...
>     <mailto:Ejb...@li...>
>     > https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>     >
> 
> 
>     _______________________________________________
>     Ejbca-develop mailing list
>     Ejb...@li...
>     <mailto:Ejb...@li...>
>     https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 
> 
> 
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 

Re: [Ejbca-develop] Several problems after migration

[Arnaud D. <arn...@gm...>]

Hi Tomas,

Thanks for your anwser. Here are my comments :

Le jeu. 7 févr. 2019 à 14:07, Tomas Gustavsson <to...@pr...> a écrit :

>
> Did you check wildfly/standalone/tmp?
>

No, we will check it asap but I think it was empty before starting ejbca.


>
> The issue:
> org.apache.jasper.JasperException: JBWEB004062: Unable to compile class
> for JSP:
> Is something in with the file system.
>

Ok, maybe these informations will help you :
 - we add custom profile in : profilemappings.properties :
"DN;2.5.4.97;200;2.5.4.97;200;OrganizationIdentifier;OrganizationIdentifier"
 - we add custom component in dncomponents.properties :
"organizationIdentifier=2.5.4.97"
 - we add custom extension in certextensions.properties :
id1.oid=1.3.6.1.5.5.7.1.3
id1.classpath=org.cesecore.certificates.certificate.certextensions.BasicCertificateExtension
id1.displayname=Custom qc statement 1
id1.used=true
id1.translatable=false
id1.critical=false
id1.property.encoding=RAW
id1.property.dynamic=false
id1.property.value=... (could send it if you want)
id2.oid=1.3.6.1.5.5.7.1.3
id2.classpath=org.cesecore.certificates.certificate.certextensions.BasicCertificateExtension
id2.displayname=Custom qc statement 2
id2.used=true
id2.translatable=false
id2.critical=false
id2.property.encoding=RAW
id2.property.dynamic=false
id2.property.value=... (could send it if you want)

 - in $JBOSS_HOME/bin/standalone.conf :
we replace "-Xms64m -Xmx512m -XX:MaxPermSize=256m
-Djava.net.preferIPv4Stack=true" by : "-Xms2048m -Xmx2048m
-XX:MaxPermSize=384m -Djava.net.preferIPv4Stack=true"

Is there something wrong ?


>
> The:
> javax.ejb.EJBException: java.lang.StringIndexOutOfBoundsException:
>
> Is something in the database. Some certificate in a chain is missing?
> I think this is an issue fixed in later releases.
>

Maybe but how could we check it ? Which SQL commands could we launch ?


>
> The:
> Caused by: java.lang.StringIndexOutOfBoundsException: String index out
> of range: -1
> Is something other as well.
>
> In fact the code the stacktraces you paste refer to:
>
> >> at java.lang.String.substring(String.java:1967)
> >> at org.cesecore.util.CertTools.isDNReversed(CertTools.java:614)
> >> at org.cesecore.util.CertTools.stringToBCDNString(CertTools.java:467)
>
> Are from EJBCA 6.3, this error does not come from EJBCA 6.10. I think
> your container is not updated with a new ejbca.ear file.
>

It was the good version of the ear, we checked the version in admin page.

Thanks for your answers & have a good day !

Arnaud



>
> Regards,
> Tomas
>
>
>
> On 2019-02-07 12:05, Arnaud Defos wrote:
> > For sure, we didn't modify anything in the code.
> >
> > We do not have the problem in staging environment (same image) of
> > container. It means the problem seems to be in database (too much data ?
> > specific configuration ?).
> >
> > So ejbca 6.10.1.2 is working, but the migration/new version seems to
> > trigger these 3 problems...
> >
> > Difficult to solve for us.
> >
> > Le jeu. 7 févr. 2019 à 11:49, Tomas Gustavsson <to...@pr...
> > <mailto:to...@pr...>> a écrit :
> >
> >
> >     Hmm, 6.10.1.2 is run bu hundreds of users successfully. It has to be
> >     something specific to your installation. I do not talk about the
> browser
> >     cache. Perhaps you built in something in wildfly/standalone/tmp in
> your
> >     docket image.
> >
> >     Are you sure you have not modified EJBCA in any way?
> >
> >     This error:
> >     >> JBWEB004061: An error occurred at line: 325 in the generated java
> >     file
> >     >> The code of method _jspService(HttpServletRequest,
> >     HttpServletResponse)
> >     >> is exceeding the 65535 bytes limit
> >
> >     Happens if you add things to endentityprofiles.jsp, because it is
> almost
> >     full by default, so if you add any code of your own it will exceed
> the
> >     limit.
> >
> >     Regards,
> >     Tomas
> >     ---
> >     Meet us at RSA Conference 2019
> >     San Francisco, March 4-8
> >     Booth #1935
> >     FREE Expo pass code: XEU9PRIMEKEY
> >
> >     On 2019-02-07 11:42, Arnaud Defos wrote:
> >     > Hi Tomas,
> >     >
> >     > Thanks for your answer. We use wildfly 10.1.0. We delete cache with
> >     > admin page but it does not work. We use docker so the image was
> >     cleaned.
> >     >
> >     > Any ideas to resolve these 3 problems ?
> >     >
> >     > Have a good day !
> >     >
> >     > Le jeu. 31 janv. 2019 à 22:18, Tomas Gustavsson <to...@pr...
> >     <mailto:to...@pr...>
> >     > <mailto:to...@pr... <mailto:to...@pr...>>> a écrit :
> >     >
> >     >
> >     >     What version of JBoss/WildFly are you using?
> >     >
> >     >     And yes, a new versio is planned rather soon. If you want to
> test
> >     >     something new you can also check out the docker image on
> >     dockerhub.
> >     >
> >     >     https://hub.docker.com/r/primekey/ejbca-ce
> >     >
> >     >     Regards,
> >     >     Tomas
> >     >
> >     >
> >     >     On 2019-01-31 22:15, Tomas Gustavsson wrote:
> >     >     >
> >     >     > I think you need to clean the JBoss temp directory.
> Sometimes it
> >     >     leaves
> >     >     > behind old files, causing jsp errors (it tries to use old
> >     cached pages
> >     >     > in temp with new ejbca version).
> >     >     >
> >     >     > Regards,
> >     >     > Tomas
> >     >     > ---
> >     >     > Meet us at RSA Conference 2019
> >     >     > San Francisco, March 4-8
> >     >     > Booth #1935
> >     >     > FREE Expo pass code: XEU9PRIMEKEY
> >     >     >
> >     >     > On 2019-01-29 14:51, Arnaud Defos wrote:
> >     >     >> Hi,
> >     >     >>
> >     >     >> I try to upgrade from ejbca 6.3.1.1 to 6.10.1.2. When I
> >     start ejbca
> >     >     >> after doing all required steps, we have several problems.
> >     >     >>
> >     >     >> _1st problem :_
> >     >     >>
> >     >     >> When I try to go to the "end entity profiles" page, I've got
> >     >     blank page
> >     >     >> with "Internal server error". In log file, we can see :
> >     >     >> (default task-1) UT005023: Exception handling request to
> >     >     >>
> >     /ejbca/adminweb/ra/editendentityprofiles/editendentityprofiles.jsp:
> >     >     >> org.apache.jasper.JasperException: JBWEB004062: Unable to
> >     compile
> >     >     class
> >     >     >> for JSP:
> >     >     >>
> >     >     >> JBWEB004061: An error occurred at line: 325 in the
> >     generated java
> >     >     file
> >     >     >> The code of method _jspService(HttpServletRequest,
> >     >     HttpServletResponse)
> >     >     >> is exceeding the 65535 bytes limit
> >     >     >>
> >     >     >> Stacktrace:
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:95)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:198)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:449)
> >     >     >> at
> >     org.apache.jasper.compiler.Compiler.compile(Compiler.java:359)
> >     >     >> at
> >     org.apache.jasper.compiler.Compiler.compile(Compiler.java:334)
> >     >     >> at
> >     org.apache.jasper.compiler.Compiler.compile(Compiler.java:321)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:652)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:358)
> >     >     >> at
> >     >
> >
>   org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:402)
> >     >     >> at
> >     org.apache.jasper.servlet.JspServlet.service(JspServlet.java:346)
> >     >     >> at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
> >     >     >> at
> >     >
> >      org.ejbca.ui.web.admin.NoCacheFilter.doFilter(NoCacheFilter.java:68)
> >     >     >> at
> >     >
> >
>   io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:204)
> >     >     >> at
> >     >
> >
>   io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >     >     >> at
> >     >
> >      org.owasp.filters.ClickjackFilter.doFilter(ClickjackFilter.java:36)
> >     >     >> at
> >     >
> >
>   io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:104)
> >     >     >> at
> >     >
> >
>   io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >     >     >> at
> >     >
> >
>   org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter.java:88)
> >     >     >> at
> >     >
> >
>   io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.ejbca.util.owaspcsrfguard.EncodingFilter.doFilter(EncodingFilter.java:51)
> >     >     >> at
> >     >
> >
>   io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> >     >     >> at
> >     >
> >      io.undertow.jsp.JspFileHandler.handleRequest(JspFileHandler.java:32)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
> >     >     >> at
> >     >
> >
>   io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
> >     >     >> at
> >     >
> >
>   io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:805)
> >     >     >> at
> >     >     >>
> >     >
> >
>   java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> >     >     >> at
> >     >     >>
> >     >
> >
>   java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> >     >     >> at java.lang.Thread.run(Thread.java:748)
> >     >     >>
> >     >     >> No problem with version 6.3.1.1.
> >     >     >>
> >     >     >> _2nd problem :
> >     >     >> _
> >     >     >>
> >     >     >> When we go to When we go to Internal Key Bindings ->
> >     >     OcspKeyBinding, we
> >     >     >> can see two certificates revoked whereas they were active
> >     before the
> >     >     >> migration.
> >     >     >>
> >     >     >> _3rd problem :_
> >     >     >>
> >     >     >> When we go to Internal Key Bindings -> OcspKeyBinding >
> >     Click on one
> >     >     >> serial number. We have got this error (in the web page) :
> >     >     >> An exception has occurred.
> >     >     >> java.lang.StringIndexOutOfBoundsException: String index out
> of
> >     >     range: -1
> >     >     >>
> >     >     >> javax.ejb.EJBException:
> >     java.lang.StringIndexOutOfBoundsException:
> >     >     >> String index out of range: -1
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.as.ejb3.tx.CMTTxInterceptor.handleExceptionInNoTx(CMTTxInterceptor.java:213)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:265)
> >     >     >> at
> >     >
> >
>   org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:374)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:243)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:47)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:100)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:64)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >> at
> >     >
> >
>   org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:636)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:61)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >> at
> >     >
> >
>   org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.invocation.PrivilegedWithCombinerInterceptor.processInvocation(PrivilegedWithCombinerInterceptor.java:80)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> >     >     >> at
> >     >
> >
>   org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:185)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:73)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.cesecore.certificates.certificate.CertificateStoreSessionLocal$$$view55.findCertificateByIssuerAndSerno(Unknown
> >     >     >> Source)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.ejbca.ui.web.admin.rainterface.RAInterfaceBean.loadCertificates(RAInterfaceBean.java:702)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.apache.jsp.viewcertificate_jsp._jspService(viewcertificate_jsp.java:242)
> >     >     >> at
> >     org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
> >     >     >> at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:433)
> >     >     >> at
> >     >
> >
>   org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:402)
> >     >     >> at
> >     org.apache.jasper.servlet.JspServlet.service(JspServlet.java:346)
> >     >     >> at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:198)
> >     >     >> at
> >     >
> >
>   io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >     >     >> at
> >     >
> >      org.owasp.filters.ClickjackFilter.doFilter(ClickjackFilter.java:36)
> >     >     >> at
> >     >
> >
>   io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:109)
> >     >     >> at
> >     >
> >
>   io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> >     >     >> at
> >     >
> >      io.undertow.jsp.JspFileHandler.handleRequest(JspFileHandler.java:32)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
> >     >     >> at
> >     >     >>
> >     >
> >
>   io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
> >     >     >> at
> >     >
> >
>   io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
> >     >     >> at
> >     >
> >
>   io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:805)
> >     >     >> at
> >     >     >>
> >     >
> >
>   java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> >     >     >> at
> >     >     >>
> >     >
> >
>   java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> >     >     >> at java.lang.Thread.run(Thread.java:748)
> >     >     >> Caused by: java.lang.StringIndexOutOfBoundsException: String
> >     >     index out
> >     >     >> of range: -1
> >     >     >> at java.lang.String.substring(String.java:1967)
> >     >     >> at
> org.cesecore.util.CertTools.isDNReversed(CertTools.java:614)
> >     >     >> at
> >     org.cesecore.util.CertTools.stringToBCDNString(CertTools.java:467)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.cesecore.certificates.certificate.CertificateStoreSessionBean.findCertificateByIssuerAndSerno(CertificateStoreSessionBean.java:584)
> >     >     >> at sun.reflect.GeneratedMethodAccessor611.invoke(Unknown
> >     Source)
> >     >     >> at
> >     >     >>
> >     >
> >
>   sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> >     >     >> at java.lang.reflect.Method.invoke(Method.java:498)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:82)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:93)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:73)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:83)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:52)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.as.ejb3.component.interceptors.NonPooledEJBComponentInstanceAssociatingInterceptor.processInvocation(NonPooledEJBComponentInstanceAssociatingInterceptor.java:59)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >     >> at
> >     >     >>
> >     >
> >
>   org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:263)
> >     >     >> ... 95 more
> >     >     >>
> >     >     >> This problem appear in both versions (6.3.1.1 and 6.10.1.2).
> >     >     >>
> >     >     >> Maybe the 2nd and the 3rd problem are linked. We can see
> >     that id of
> >     >     >> these certificates are negative, how is it possible ?
> >     >     >>
> >     >     >> Do we need to upgrade from 6.3.1.1 to 6.5.0.5 before going
> to
> >     >     6.10.1.2 ?
> >     >     >>
> >     >     >> Is there a new community edition scheduled ?
> >     >     >>
> >     >     >> Thanks for your answer !
> >     >     >>
> >     >     >> Best regards,
> >     >     >>
> >     >     >> Arnaud
> >     >     >>
> >     >     >>
> >     >     >>
> >     >     >>
> >     >     >> _______________________________________________
> >     >     >> Ejbca-develop mailing list
> >     >     >> Ejb...@li...
> >     <mailto:Ejb...@li...>
> >     >     <mailto:Ejb...@li...
> >     <mailto:Ejb...@li...>>
> >     >     >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> >     >     >>
> >     >
> >     >
> >     >     _______________________________________________
> >     >     Ejbca-develop mailing list
> >     >     Ejb...@li...
> >     <mailto:Ejb...@li...>
> >     >     <mailto:Ejb...@li...
> >     <mailto:Ejb...@li...>>
> >     >     https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> >     >
> >     >
> >     >
> >     > _______________________________________________
> >     > Ejbca-develop mailing list
> >     > Ejb...@li...
> >     <mailto:Ejb...@li...>
> >     > https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> >     >
> >
> >
> >     _______________________________________________
> >     Ejbca-develop mailing list
> >     Ejb...@li...
> >     <mailto:Ejb...@li...>
> >     https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> >
> >
> >
> > _______________________________________________
> > Ejbca-develop mailing list
> > Ejb...@li...
> > https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> >
>
>
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>

Re: [Ejbca-develop] Several problems after migration

[Tomas G. <to...@pr...>]

Did you check wildfly/standalone/tmp?

The issue:
org.apache.jasper.JasperException: JBWEB004062: Unable to compile class
for JSP:
Is something in with the file system.

The:
javax.ejb.EJBException: java.lang.StringIndexOutOfBoundsException:

Is something in the database. Some certificate in a chain is missing?
I think this is an issue fixed in later releases.

The:
Caused by: java.lang.StringIndexOutOfBoundsException: String index out
of range: -1
Is something other as well.

In fact the code the stacktraces you paste refer to:

>> at java.lang.String.substring(String.java:1967)
>> at org.cesecore.util.CertTools.isDNReversed(CertTools.java:614)
>> at org.cesecore.util.CertTools.stringToBCDNString(CertTools.java:467)

Are from EJBCA 6.3, this error does not come from EJBCA 6.10. I think
your container is not updated with a new ejbca.ear file.

Regards,
Tomas



On 2019-02-07 12:05, Arnaud Defos wrote:
> For sure, we didn't modify anything in the code.
> 
> We do not have the problem in staging environment (same image) of
> container. It means the problem seems to be in database (too much data ?
> specific configuration ?).
> 
> So ejbca 6.10.1.2 is working, but the migration/new version seems to
> trigger these 3 problems...
> 
> Difficult to solve for us.
> 
> Le jeu. 7 févr. 2019 à 11:49, Tomas Gustavsson <to...@pr...
> <mailto:to...@pr...>> a écrit :
> 
> 
>     Hmm, 6.10.1.2 is run bu hundreds of users successfully. It has to be
>     something specific to your installation. I do not talk about the browser
>     cache. Perhaps you built in something in wildfly/standalone/tmp in your
>     docket image.
> 
>     Are you sure you have not modified EJBCA in any way?
> 
>     This error:
>     >> JBWEB004061: An error occurred at line: 325 in the generated java
>     file
>     >> The code of method _jspService(HttpServletRequest,
>     HttpServletResponse)
>     >> is exceeding the 65535 bytes limit
> 
>     Happens if you add things to endentityprofiles.jsp, because it is almost
>     full by default, so if you add any code of your own it will exceed the
>     limit.
> 
>     Regards,
>     Tomas
>     ---
>     Meet us at RSA Conference 2019
>     San Francisco, March 4-8
>     Booth #1935
>     FREE Expo pass code: XEU9PRIMEKEY
> 
>     On 2019-02-07 11:42, Arnaud Defos wrote:
>     > Hi Tomas,
>     >
>     > Thanks for your answer. We use wildfly 10.1.0. We delete cache with
>     > admin page but it does not work. We use docker so the image was
>     cleaned.
>     >
>     > Any ideas to resolve these 3 problems ?
>     >
>     > Have a good day !
>     >
>     > Le jeu. 31 janv. 2019 à 22:18, Tomas Gustavsson <to...@pr...
>     <mailto:to...@pr...>
>     > <mailto:to...@pr... <mailto:to...@pr...>>> a écrit :
>     >
>     >
>     >     What version of JBoss/WildFly are you using?
>     >
>     >     And yes, a new versio is planned rather soon. If you want to test
>     >     something new you can also check out the docker image on
>     dockerhub.
>     >
>     >     https://hub.docker.com/r/primekey/ejbca-ce
>     >
>     >     Regards,
>     >     Tomas
>     >
>     >
>     >     On 2019-01-31 22:15, Tomas Gustavsson wrote:
>     >     >
>     >     > I think you need to clean the JBoss temp directory. Sometimes it
>     >     leaves
>     >     > behind old files, causing jsp errors (it tries to use old
>     cached pages
>     >     > in temp with new ejbca version).
>     >     >
>     >     > Regards,
>     >     > Tomas
>     >     > ---
>     >     > Meet us at RSA Conference 2019
>     >     > San Francisco, March 4-8
>     >     > Booth #1935
>     >     > FREE Expo pass code: XEU9PRIMEKEY
>     >     >
>     >     > On 2019-01-29 14:51, Arnaud Defos wrote:
>     >     >> Hi,
>     >     >>
>     >     >> I try to upgrade from ejbca 6.3.1.1 to 6.10.1.2. When I
>     start ejbca
>     >     >> after doing all required steps, we have several problems.
>     >     >>
>     >     >> _1st problem :_
>     >     >>
>     >     >> When I try to go to the "end entity profiles" page, I've got
>     >     blank page
>     >     >> with "Internal server error". In log file, we can see :
>     >     >> (default task-1) UT005023: Exception handling request to
>     >     >>
>     /ejbca/adminweb/ra/editendentityprofiles/editendentityprofiles.jsp:
>     >     >> org.apache.jasper.JasperException: JBWEB004062: Unable to
>     compile
>     >     class
>     >     >> for JSP: 
>     >     >>
>     >     >> JBWEB004061: An error occurred at line: 325 in the
>     generated java
>     >     file
>     >     >> The code of method _jspService(HttpServletRequest,
>     >     HttpServletResponse)
>     >     >> is exceeding the 65535 bytes limit
>     >     >>
>     >     >> Stacktrace:
>     >     >> at
>     >     >>
>     >   
>      org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:95)
>     >     >> at
>     >     >>
>     >   
>      org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:198)
>     >     >> at
>     >     >>
>     >   
>      org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:449)
>     >     >> at
>     org.apache.jasper.compiler.Compiler.compile(Compiler.java:359)
>     >     >> at
>     org.apache.jasper.compiler.Compiler.compile(Compiler.java:334)
>     >     >> at
>     org.apache.jasper.compiler.Compiler.compile(Compiler.java:321)
>     >     >> at
>     >     >>
>     >   
>      org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:652)
>     >     >> at
>     >     >>
>     >   
>      org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:358)
>     >     >> at
>     >   
>      org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:402)
>     >     >> at
>     org.apache.jasper.servlet.JspServlet.service(JspServlet.java:346)
>     >     >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
>     >     >> at
>     >   
>      org.ejbca.ui.web.admin.NoCacheFilter.doFilter(NoCacheFilter.java:68)
>     >     >> at
>     >   
>      io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >     >> at
>     >     >>
>     >   
>      org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:204)
>     >     >> at
>     >   
>      io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >     >> at
>     >   
>      org.owasp.filters.ClickjackFilter.doFilter(ClickjackFilter.java:36)
>     >     >> at
>     >   
>      io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >     >> at
>     >     >>
>     >   
>      org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:104)
>     >     >> at
>     >   
>      io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >     >> at
>     >   
>      org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter.java:88)
>     >     >> at
>     >   
>      io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >     >> at
>     >     >>
>     >   
>      org.ejbca.util.owaspcsrfguard.EncodingFilter.doFilter(EncodingFilter.java:51)
>     >     >> at
>     >   
>      io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
>     >     >> at
>     >   
>      io.undertow.jsp.JspFileHandler.handleRequest(JspFileHandler.java:32)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
>     >     >> at
>     >     >>
>     >   
>      org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >     >> at
>     >     >>
>     >   
>      org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
>     >     >> at
>     >   
>      io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>     >     >> at
>     >   
>      io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:805)
>     >     >> at
>     >     >>
>     >   
>      java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>     >     >> at
>     >     >>
>     >   
>      java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>     >     >> at java.lang.Thread.run(Thread.java:748)
>     >     >>
>     >     >> No problem with version 6.3.1.1.
>     >     >>
>     >     >> _2nd problem :
>     >     >> _
>     >     >>
>     >     >> When we go to When we go to Internal Key Bindings ->
>     >     OcspKeyBinding, we
>     >     >> can see two certificates revoked whereas they were active
>     before the
>     >     >> migration.
>     >     >>
>     >     >> _3rd problem :_
>     >     >>
>     >     >> When we go to Internal Key Bindings -> OcspKeyBinding >
>     Click on one
>     >     >> serial number. We have got this error (in the web page) :
>     >     >> An exception has occurred.
>     >     >> java.lang.StringIndexOutOfBoundsException: String index out of
>     >     range: -1
>     >     >>
>     >     >> javax.ejb.EJBException:
>     java.lang.StringIndexOutOfBoundsException:
>     >     >> String index out of range: -1
>     >     >> at
>     >     >>
>     >   
>      org.jboss.as.ejb3.tx.CMTTxInterceptor.handleExceptionInNoTx(CMTTxInterceptor.java:213)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:265)
>     >     >> at
>     >   
>      org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:374)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:243)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:47)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:100)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:64)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >> at
>     >   
>      org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356)
>     >     >> at
>     >     >>
>     >   
>      org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:636)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:61)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >> at
>     >   
>      org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.invocation.PrivilegedWithCombinerInterceptor.processInvocation(PrivilegedWithCombinerInterceptor.java:80)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
>     >     >> at
>     >   
>      org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:185)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:73)
>     >     >> at
>     >     >>
>     >   
>      org.cesecore.certificates.certificate.CertificateStoreSessionLocal$$$view55.findCertificateByIssuerAndSerno(Unknown
>     >     >> Source)
>     >     >> at
>     >     >>
>     >   
>      org.ejbca.ui.web.admin.rainterface.RAInterfaceBean.loadCertificates(RAInterfaceBean.java:702)
>     >     >> at
>     >     >>
>     >   
>      org.apache.jsp.viewcertificate_jsp._jspService(viewcertificate_jsp.java:242)
>     >     >> at
>     org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
>     >     >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>     >     >> at
>     >     >>
>     >   
>      org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:433)
>     >     >> at
>     >   
>      org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:402)
>     >     >> at
>     org.apache.jasper.servlet.JspServlet.service(JspServlet.java:346)
>     >     >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
>     >     >> at
>     >     >>
>     >   
>      org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:198)
>     >     >> at
>     >   
>      io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >     >> at
>     >   
>      org.owasp.filters.ClickjackFilter.doFilter(ClickjackFilter.java:36)
>     >     >> at
>     >   
>      io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >     >> at
>     >     >>
>     >   
>      org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:109)
>     >     >> at
>     >   
>      io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
>     >     >> at
>     >   
>      io.undertow.jsp.JspFileHandler.handleRequest(JspFileHandler.java:32)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
>     >     >> at
>     >     >>
>     >   
>      org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >     >> at
>     >     >>
>     >   
>      org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
>     >     >> at
>     >     >>
>     >   
>      io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
>     >     >> at
>     >   
>      io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>     >     >> at
>     >   
>      io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:805)
>     >     >> at
>     >     >>
>     >   
>      java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>     >     >> at
>     >     >>
>     >   
>      java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>     >     >> at java.lang.Thread.run(Thread.java:748)
>     >     >> Caused by: java.lang.StringIndexOutOfBoundsException: String
>     >     index out
>     >     >> of range: -1
>     >     >> at java.lang.String.substring(String.java:1967)
>     >     >> at org.cesecore.util.CertTools.isDNReversed(CertTools.java:614)
>     >     >> at
>     org.cesecore.util.CertTools.stringToBCDNString(CertTools.java:467)
>     >     >> at
>     >     >>
>     >   
>      org.cesecore.certificates.certificate.CertificateStoreSessionBean.findCertificateByIssuerAndSerno(CertificateStoreSessionBean.java:584)
>     >     >> at sun.reflect.GeneratedMethodAccessor611.invoke(Unknown
>     Source)
>     >     >> at
>     >     >>
>     >   
>      sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>     >     >> at java.lang.reflect.Method.invoke(Method.java:498)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:82)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:93)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:73)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:83)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:52)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.as.ejb3.component.interceptors.NonPooledEJBComponentInstanceAssociatingInterceptor.processInvocation(NonPooledEJBComponentInstanceAssociatingInterceptor.java:59)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >     >> at
>     >     >>
>     >   
>      org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:263)
>     >     >> ... 95 more
>     >     >>
>     >     >> This problem appear in both versions (6.3.1.1 and 6.10.1.2).
>     >     >>
>     >     >> Maybe the 2nd and the 3rd problem are linked. We can see
>     that id of
>     >     >> these certificates are negative, how is it possible ?
>     >     >>
>     >     >> Do we need to upgrade from 6.3.1.1 to 6.5.0.5 before going to
>     >     6.10.1.2 ?
>     >     >>
>     >     >> Is there a new community edition scheduled ?
>     >     >>
>     >     >> Thanks for your answer !
>     >     >>
>     >     >> Best regards,
>     >     >>
>     >     >> Arnaud
>     >     >>
>     >     >>
>     >     >>
>     >     >>
>     >     >> _______________________________________________
>     >     >> Ejbca-develop mailing list
>     >     >> Ejb...@li...
>     <mailto:Ejb...@li...>
>     >     <mailto:Ejb...@li...
>     <mailto:Ejb...@li...>>
>     >     >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>     >     >>
>     >
>     >
>     >     _______________________________________________
>     >     Ejbca-develop mailing list
>     >     Ejb...@li...
>     <mailto:Ejb...@li...>
>     >     <mailto:Ejb...@li...
>     <mailto:Ejb...@li...>>
>     >     https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>     >
>     >
>     >
>     > _______________________________________________
>     > Ejbca-develop mailing list
>     > Ejb...@li...
>     <mailto:Ejb...@li...>
>     > https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>     >
> 
> 
>     _______________________________________________
>     Ejbca-develop mailing list
>     Ejb...@li...
>     <mailto:Ejb...@li...>
>     https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 
> 
> 
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 

Re: [Ejbca-develop] Several problems after migration

[Arnaud D. <arn...@gm...>]

For sure, we didn't modify anything in the code.

We do not have the problem in staging environment (same image) of
container. It means the problem seems to be in database (too much data ?
specific configuration ?).

So ejbca 6.10.1.2 is working, but the migration/new version seems to
trigger these 3 problems...

Difficult to solve for us.

Le jeu. 7 févr. 2019 à 11:49, Tomas Gustavsson <to...@pr...> a écrit :

>
> Hmm, 6.10.1.2 is run bu hundreds of users successfully. It has to be
> something specific to your installation. I do not talk about the browser
> cache. Perhaps you built in something in wildfly/standalone/tmp in your
> docket image.
>
> Are you sure you have not modified EJBCA in any way?
>
> This error:
> >> JBWEB004061: An error occurred at line: 325 in the generated java file
> >> The code of method _jspService(HttpServletRequest, HttpServletResponse)
> >> is exceeding the 65535 bytes limit
>
> Happens if you add things to endentityprofiles.jsp, because it is almost
> full by default, so if you add any code of your own it will exceed the
> limit.
>
> Regards,
> Tomas
> ---
> Meet us at RSA Conference 2019
> San Francisco, March 4-8
> Booth #1935
> FREE Expo pass code: XEU9PRIMEKEY
>
> On 2019-02-07 11:42, Arnaud Defos wrote:
> > Hi Tomas,
> >
> > Thanks for your answer. We use wildfly 10.1.0. We delete cache with
> > admin page but it does not work. We use docker so the image was cleaned.
> >
> > Any ideas to resolve these 3 problems ?
> >
> > Have a good day !
> >
> > Le jeu. 31 janv. 2019 à 22:18, Tomas Gustavsson <to...@pr...
> > <mailto:to...@pr...>> a écrit :
> >
> >
> >     What version of JBoss/WildFly are you using?
> >
> >     And yes, a new versio is planned rather soon. If you want to test
> >     something new you can also check out the docker image on dockerhub.
> >
> >     https://hub.docker.com/r/primekey/ejbca-ce
> >
> >     Regards,
> >     Tomas
> >
> >
> >     On 2019-01-31 22:15, Tomas Gustavsson wrote:
> >     >
> >     > I think you need to clean the JBoss temp directory. Sometimes it
> >     leaves
> >     > behind old files, causing jsp errors (it tries to use old cached
> pages
> >     > in temp with new ejbca version).
> >     >
> >     > Regards,
> >     > Tomas
> >     > ---
> >     > Meet us at RSA Conference 2019
> >     > San Francisco, March 4-8
> >     > Booth #1935
> >     > FREE Expo pass code: XEU9PRIMEKEY
> >     >
> >     > On 2019-01-29 14:51, Arnaud Defos wrote:
> >     >> Hi,
> >     >>
> >     >> I try to upgrade from ejbca 6.3.1.1 to 6.10.1.2. When I start
> ejbca
> >     >> after doing all required steps, we have several problems.
> >     >>
> >     >> _1st problem :_
> >     >>
> >     >> When I try to go to the "end entity profiles" page, I've got
> >     blank page
> >     >> with "Internal server error". In log file, we can see :
> >     >> (default task-1) UT005023: Exception handling request to
> >     >>
> /ejbca/adminweb/ra/editendentityprofiles/editendentityprofiles.jsp:
> >     >> org.apache.jasper.JasperException: JBWEB004062: Unable to compile
> >     class
> >     >> for JSP:
> >     >>
> >     >> JBWEB004061: An error occurred at line: 325 in the generated java
> >     file
> >     >> The code of method _jspService(HttpServletRequest,
> >     HttpServletResponse)
> >     >> is exceeding the 65535 bytes limit
> >     >>
> >     >> Stacktrace:
> >     >> at
> >     >>
> >
>  org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:95)
> >     >> at
> >     >>
> >
>  org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:198)
> >     >> at
> >     >>
> >
>  org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:449)
> >     >> at org.apache.jasper.compiler.Compiler.compile(Compiler.java:359)
> >     >> at org.apache.jasper.compiler.Compiler.compile(Compiler.java:334)
> >     >> at org.apache.jasper.compiler.Compiler.compile(Compiler.java:321)
> >     >> at
> >     >>
> >
>  org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:652)
> >     >> at
> >     >>
> >
>  org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:358)
> >     >> at
> >
>  org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:402)
> >     >> at
> org.apache.jasper.servlet.JspServlet.service(JspServlet.java:346)
> >     >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
> >     >> at
> >     org.ejbca.ui.web.admin.NoCacheFilter.doFilter(NoCacheFilter.java:68)
> >     >> at
> >
>  io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >     >> at
> >     >>
> >
>  org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:204)
> >     >> at
> >
>  io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >     >> at
> >     org.owasp.filters.ClickjackFilter.doFilter(ClickjackFilter.java:36)
> >     >> at
> >
>  io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >     >> at
> >     >>
> >
>  org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:104)
> >     >> at
> >
>  io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >     >> at
> >     org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter.java:88)
> >     >> at
> >
>  io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >     >> at
> >     >>
> >
>  org.ejbca.util.owaspcsrfguard.EncodingFilter.doFilter(EncodingFilter.java:51)
> >     >> at
> >
>  io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> >     >> at
> >     io.undertow.jsp.JspFileHandler.handleRequest(JspFileHandler.java:32)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> >     >> at
> >     >>
> >
>  org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> >     >> at
> >     >>
> >
>  io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
> >     >> at
> >     >>
> >
>  io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >     >> at
> >     >>
> >
>  io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
> >     >> at
> >     >>
> >
>  io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
> >     >> at
> >     >>
> >
>  io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
> >     >> at
> >     >>
> >
>  io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
> >     >> at
> >     >>
> >
>  io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> >     >> at
> >     >>
> >
>  io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >     >> at
> >     >>
> >
>  org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> >     >> at
> >     >>
> >
>  io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >     >> at
> >     >>
> >
>  io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
> >     >> at
> >     io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
> >     >> at
> >
>  io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:805)
> >     >> at
> >     >>
> >
>  java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> >     >> at
> >     >>
> >
>  java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> >     >> at java.lang.Thread.run(Thread.java:748)
> >     >>
> >     >> No problem with version 6.3.1.1.
> >     >>
> >     >> _2nd problem :
> >     >> _
> >     >>
> >     >> When we go to When we go to Internal Key Bindings ->
> >     OcspKeyBinding, we
> >     >> can see two certificates revoked whereas they were active before
> the
> >     >> migration.
> >     >>
> >     >> _3rd problem :_
> >     >>
> >     >> When we go to Internal Key Bindings -> OcspKeyBinding > Click on
> one
> >     >> serial number. We have got this error (in the web page) :
> >     >> An exception has occurred.
> >     >> java.lang.StringIndexOutOfBoundsException: String index out of
> >     range: -1
> >     >>
> >     >> javax.ejb.EJBException: java.lang.StringIndexOutOfBoundsException:
> >     >> String index out of range: -1
> >     >> at
> >     >>
> >
>  org.jboss.as.ejb3.tx.CMTTxInterceptor.handleExceptionInNoTx(CMTTxInterceptor.java:213)
> >     >> at
> >     >>
> >
>  org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:265)
> >     >> at
> >
>  org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:374)
> >     >> at
> >     >>
> >
>  org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:243)
> >     >> at
> >     >>
> >
>  org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >> at
> >     >>
> >
>  org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
> >     >> at
> >     >>
> >
>  org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >> at
> >     >>
> >
>  org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:47)
> >     >> at
> >     >>
> >
>  org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >> at
> >     >>
> >
>  org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:100)
> >     >> at
> >     >>
> >
>  org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >> at
> >     >>
> >
>  org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22)
> >     >> at
> >     >>
> >
>  org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >> at
> >     >>
> >
>  org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
> >     >> at
> >     >>
> >
>  org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >> at
> >     >>
> >
>  org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67)
> >     >> at
> >     >>
> >
>  org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >> at
> >     >>
> >
>  org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
> >     >> at
> >     >>
> >
>  org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >> at
> >     >>
> >
>  org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54)
> >     >> at
> >     >>
> >
>  org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >> at
> >     >>
> >
>  org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:64)
> >     >> at
> >     >>
> >
>  org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >> at
> >
>  org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356)
> >     >> at
> >     >>
> >
>  org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:636)
> >     >> at
> >     >>
> >
>  org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:61)
> >     >> at
> >     >>
> >
>  org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >> at
> >
>  org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356)
> >     >> at
> >     >>
> >
>  org.jboss.invocation.PrivilegedWithCombinerInterceptor.processInvocation(PrivilegedWithCombinerInterceptor.java:80)
> >     >> at
> >     >>
> >
>  org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >> at
> >     >>
> >
>  org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> >     >> at
> >
>  org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198)
> >     >> at
> >     >>
> >
>  org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:185)
> >     >> at
> >     >>
> >
>  org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >> at
> >     >>
> >
>  org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> >     >> at
> >     >>
> >
>  org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:73)
> >     >> at
> >     >>
> >
>  org.cesecore.certificates.certificate.CertificateStoreSessionLocal$$$view55.findCertificateByIssuerAndSerno(Unknown
> >     >> Source)
> >     >> at
> >     >>
> >
>  org.ejbca.ui.web.admin.rainterface.RAInterfaceBean.loadCertificates(RAInterfaceBean.java:702)
> >     >> at
> >     >>
> >
>  org.apache.jsp.viewcertificate_jsp._jspService(viewcertificate_jsp.java:242)
> >     >> at
> org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
> >     >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> >     >> at
> >     >>
> >
>  org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:433)
> >     >> at
> >
>  org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:402)
> >     >> at
> org.apache.jasper.servlet.JspServlet.service(JspServlet.java:346)
> >     >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
> >     >> at
> >     >>
> >
>  org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:198)
> >     >> at
> >
>  io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >     >> at
> >     org.owasp.filters.ClickjackFilter.doFilter(ClickjackFilter.java:36)
> >     >> at
> >
>  io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >     >> at
> >     >>
> >
>  org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:109)
> >     >> at
> >
>  io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> >     >> at
> >     io.undertow.jsp.JspFileHandler.handleRequest(JspFileHandler.java:32)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> >     >> at
> >     >>
> >
>  org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> >     >> at
> >     >>
> >
>  io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
> >     >> at
> >     >>
> >
>  io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >     >> at
> >     >>
> >
>  io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
> >     >> at
> >     >>
> >
>  io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
> >     >> at
> >     >>
> >
>  io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
> >     >> at
> >     >>
> >
>  io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
> >     >> at
> >     >>
> >
>  io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> >     >> at
> >     >>
> >
>  io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >     >> at
> >     >>
> >
>  org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> >     >> at
> >     >>
> >
>  io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >     >> at
> >     >>
> >
>  io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
> >     >> at
> >     >>
> >
>  io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
> >     >> at
> >     io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
> >     >> at
> >
>  io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:805)
> >     >> at
> >     >>
> >
>  java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> >     >> at
> >     >>
> >
>  java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> >     >> at java.lang.Thread.run(Thread.java:748)
> >     >> Caused by: java.lang.StringIndexOutOfBoundsException: String
> >     index out
> >     >> of range: -1
> >     >> at java.lang.String.substring(String.java:1967)
> >     >> at org.cesecore.util.CertTools.isDNReversed(CertTools.java:614)
> >     >> at
> org.cesecore.util.CertTools.stringToBCDNString(CertTools.java:467)
> >     >> at
> >     >>
> >
>  org.cesecore.certificates.certificate.CertificateStoreSessionBean.findCertificateByIssuerAndSerno(CertificateStoreSessionBean.java:584)
> >     >> at sun.reflect.GeneratedMethodAccessor611.invoke(Unknown Source)
> >     >> at
> >     >>
> >
>  sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> >     >> at java.lang.reflect.Method.invoke(Method.java:498)
> >     >> at
> >     >>
> >
>  org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52)
> >     >> at
> >     >>
> >
>  org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >> at
> >     >>
> >
>  org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437)
> >     >> at
> >     >>
> >
>  org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:82)
> >     >> at
> >     >>
> >
>  org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:93)
> >     >> at
> >     >>
> >
>  org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63)
> >     >> at
> >     >>
> >
>  org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >> at
> >     >>
> >
>  org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43)
> >     >> at
> >     >>
> >
>  org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >> at
> >     >>
> >
>  org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47)
> >     >> at
> >     >>
> >
>  org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >> at
> >     >>
> >
>  org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437)
> >     >> at
> >     >>
> >
>  org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:73)
> >     >> at
> >     >>
> >
>  org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:83)
> >     >> at
> >     >>
> >
>  org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >> at
> >     >>
> >
>  org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45)
> >     >> at
> >     >>
> >
>  org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >> at
> >     >>
> >
>  org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
> >     >> at
> >     >>
> >
>  org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >> at
> >     >>
> >
>  org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> >     >> at
> >     >>
> >
>  org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:52)
> >     >> at
> >     >>
> >
>  org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >> at
> >     >>
> >
>  org.jboss.as.ejb3.component.interceptors.NonPooledEJBComponentInstanceAssociatingInterceptor.processInvocation(NonPooledEJBComponentInstanceAssociatingInterceptor.java:59)
> >     >> at
> >     >>
> >
>  org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >     >> at
> >     >>
> >
>  org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:263)
> >     >> ... 95 more
> >     >>
> >     >> This problem appear in both versions (6.3.1.1 and 6.10.1.2).
> >     >>
> >     >> Maybe the 2nd and the 3rd problem are linked. We can see that id
> of
> >     >> these certificates are negative, how is it possible ?
> >     >>
> >     >> Do we need to upgrade from 6.3.1.1 to 6.5.0.5 before going to
> >     6.10.1.2 ?
> >     >>
> >     >> Is there a new community edition scheduled ?
> >     >>
> >     >> Thanks for your answer !
> >     >>
> >     >> Best regards,
> >     >>
> >     >> Arnaud
> >     >>
> >     >>
> >     >>
> >     >>
> >     >> _______________________________________________
> >     >> Ejbca-develop mailing list
> >     >> Ejb...@li...
> >     <mailto:Ejb...@li...>
> >     >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> >     >>
> >
> >
> >     _______________________________________________
> >     Ejbca-develop mailing list
> >     Ejb...@li...
> >     <mailto:Ejb...@li...>
> >     https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> >
> >
> >
> > _______________________________________________
> > Ejbca-develop mailing list
> > Ejb...@li...
> > https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> >
>
>
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>

Re: [Ejbca-develop] Several problems after migration

[Tomas G. <to...@pr...>]

Hmm, 6.10.1.2 is run bu hundreds of users successfully. It has to be
something specific to your installation. I do not talk about the browser
cache. Perhaps you built in something in wildfly/standalone/tmp in your
docket image.

Are you sure you have not modified EJBCA in any way?

This error:
>> JBWEB004061: An error occurred at line: 325 in the generated java file
>> The code of method _jspService(HttpServletRequest, HttpServletResponse)
>> is exceeding the 65535 bytes limit

Happens if you add things to endentityprofiles.jsp, because it is almost
full by default, so if you add any code of your own it will exceed the
limit.

Regards,
Tomas
---
Meet us at RSA Conference 2019
San Francisco, March 4-8
Booth #1935
FREE Expo pass code: XEU9PRIMEKEY

On 2019-02-07 11:42, Arnaud Defos wrote:
> Hi Tomas,
> 
> Thanks for your answer. We use wildfly 10.1.0. We delete cache with
> admin page but it does not work. We use docker so the image was cleaned.
> 
> Any ideas to resolve these 3 problems ?
> 
> Have a good day !
> 
> Le jeu. 31 janv. 2019 à 22:18, Tomas Gustavsson <to...@pr...
> <mailto:to...@pr...>> a écrit :
> 
> 
>     What version of JBoss/WildFly are you using?
> 
>     And yes, a new versio is planned rather soon. If you want to test
>     something new you can also check out the docker image on dockerhub.
> 
>     https://hub.docker.com/r/primekey/ejbca-ce
> 
>     Regards,
>     Tomas
> 
> 
>     On 2019-01-31 22:15, Tomas Gustavsson wrote:
>     >
>     > I think you need to clean the JBoss temp directory. Sometimes it
>     leaves
>     > behind old files, causing jsp errors (it tries to use old cached pages
>     > in temp with new ejbca version).
>     >
>     > Regards,
>     > Tomas
>     > ---
>     > Meet us at RSA Conference 2019
>     > San Francisco, March 4-8
>     > Booth #1935
>     > FREE Expo pass code: XEU9PRIMEKEY
>     >
>     > On 2019-01-29 14:51, Arnaud Defos wrote:
>     >> Hi,
>     >>
>     >> I try to upgrade from ejbca 6.3.1.1 to 6.10.1.2. When I start ejbca
>     >> after doing all required steps, we have several problems.
>     >>
>     >> _1st problem :_
>     >>
>     >> When I try to go to the "end entity profiles" page, I've got
>     blank page
>     >> with "Internal server error". In log file, we can see :
>     >> (default task-1) UT005023: Exception handling request to
>     >> /ejbca/adminweb/ra/editendentityprofiles/editendentityprofiles.jsp:
>     >> org.apache.jasper.JasperException: JBWEB004062: Unable to compile
>     class
>     >> for JSP: 
>     >>
>     >> JBWEB004061: An error occurred at line: 325 in the generated java
>     file
>     >> The code of method _jspService(HttpServletRequest,
>     HttpServletResponse)
>     >> is exceeding the 65535 bytes limit
>     >>
>     >> Stacktrace:
>     >> at
>     >>
>     org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:95)
>     >> at
>     >>
>     org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:198)
>     >> at
>     >>
>     org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:449)
>     >> at org.apache.jasper.compiler.Compiler.compile(Compiler.java:359)
>     >> at org.apache.jasper.compiler.Compiler.compile(Compiler.java:334)
>     >> at org.apache.jasper.compiler.Compiler.compile(Compiler.java:321)
>     >> at
>     >>
>     org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:652)
>     >> at
>     >>
>     org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:358)
>     >> at
>     org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:402)
>     >> at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:346)
>     >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>     >> at
>     >>
>     io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
>     >> at
>     >>
>     io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
>     >> at
>     org.ejbca.ui.web.admin.NoCacheFilter.doFilter(NoCacheFilter.java:68)
>     >> at
>     io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >> at
>     >>
>     io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >> at
>     >>
>     org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:204)
>     >> at
>     io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >> at
>     >>
>     io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >> at
>     org.owasp.filters.ClickjackFilter.doFilter(ClickjackFilter.java:36)
>     >> at
>     io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >> at
>     >>
>     io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >> at
>     >>
>     org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:104)
>     >> at
>     io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >> at
>     >>
>     io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >> at
>     org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter.java:88)
>     >> at
>     io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >> at
>     >>
>     io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >> at
>     >>
>     org.ejbca.util.owaspcsrfguard.EncodingFilter.doFilter(EncodingFilter.java:51)
>     >> at
>     io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >> at
>     >>
>     io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >> at
>     >>
>     io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
>     >> at
>     >>
>     io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
>     >> at
>     io.undertow.jsp.JspFileHandler.handleRequest(JspFileHandler.java:32)
>     >> at
>     >>
>     io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
>     >> at
>     >>
>     org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>     >> at
>     >>
>     io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >> at
>     >>
>     io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
>     >> at
>     >>
>     io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
>     >> at
>     >>
>     io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >> at
>     >>
>     io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
>     >> at
>     >>
>     io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>     >> at
>     >>
>     io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>     >> at
>     >>
>     io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
>     >> at
>     >>
>     io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
>     >> at
>     >>
>     io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>     >> at
>     >>
>     io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>     >> at
>     >>
>     io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
>     >> at
>     >>
>     io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >> at
>     >>
>     org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>     >> at
>     >>
>     io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >> at
>     >>
>     io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >> at
>     >>
>     io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
>     >> at
>     >>
>     io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
>     >> at
>     >>
>     io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
>     >> at
>     >>
>     io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
>     >> at
>     >>
>     io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
>     >> at
>     >>
>     io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
>     >> at
>     >>
>     io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >> at
>     >>
>     io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >> at
>     >>
>     io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >> at
>     >>
>     io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >> at
>     >>
>     io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >> at
>     >>
>     io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >> at
>     >>
>     io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
>     >> at
>     >>
>     io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
>     >> at
>     >>
>     io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
>     >> at
>     io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>     >> at
>     io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:805)
>     >> at
>     >>
>     java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>     >> at
>     >>
>     java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>     >> at java.lang.Thread.run(Thread.java:748)
>     >>
>     >> No problem with version 6.3.1.1.
>     >>
>     >> _2nd problem :
>     >> _
>     >>
>     >> When we go to When we go to Internal Key Bindings ->
>     OcspKeyBinding, we
>     >> can see two certificates revoked whereas they were active before the
>     >> migration.
>     >>
>     >> _3rd problem :_
>     >>
>     >> When we go to Internal Key Bindings -> OcspKeyBinding > Click on one
>     >> serial number. We have got this error (in the web page) :
>     >> An exception has occurred.
>     >> java.lang.StringIndexOutOfBoundsException: String index out of
>     range: -1
>     >>
>     >> javax.ejb.EJBException: java.lang.StringIndexOutOfBoundsException:
>     >> String index out of range: -1
>     >> at
>     >>
>     org.jboss.as.ejb3.tx.CMTTxInterceptor.handleExceptionInNoTx(CMTTxInterceptor.java:213)
>     >> at
>     >>
>     org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:265)
>     >> at
>     org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:374)
>     >> at
>     >>
>     org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:243)
>     >> at
>     >>
>     org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >> at
>     >>
>     org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
>     >> at
>     >>
>     org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >> at
>     >>
>     org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:47)
>     >> at
>     >>
>     org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >> at
>     >>
>     org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:100)
>     >> at
>     >>
>     org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >> at
>     >>
>     org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22)
>     >> at
>     >>
>     org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >> at
>     >>
>     org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
>     >> at
>     >>
>     org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >> at
>     >>
>     org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67)
>     >> at
>     >>
>     org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >> at
>     >>
>     org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
>     >> at
>     >>
>     org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >> at
>     >>
>     org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54)
>     >> at
>     >>
>     org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >> at
>     >>
>     org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:64)
>     >> at
>     >>
>     org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >> at
>     org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356)
>     >> at
>     >>
>     org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:636)
>     >> at
>     >>
>     org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:61)
>     >> at
>     >>
>     org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >> at
>     org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356)
>     >> at
>     >>
>     org.jboss.invocation.PrivilegedWithCombinerInterceptor.processInvocation(PrivilegedWithCombinerInterceptor.java:80)
>     >> at
>     >>
>     org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >> at
>     >>
>     org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
>     >> at
>     org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198)
>     >> at
>     >>
>     org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:185)
>     >> at
>     >>
>     org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >> at
>     >>
>     org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
>     >> at
>     >>
>     org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:73)
>     >> at
>     >>
>     org.cesecore.certificates.certificate.CertificateStoreSessionLocal$$$view55.findCertificateByIssuerAndSerno(Unknown
>     >> Source)
>     >> at
>     >>
>     org.ejbca.ui.web.admin.rainterface.RAInterfaceBean.loadCertificates(RAInterfaceBean.java:702)
>     >> at
>     >>
>     org.apache.jsp.viewcertificate_jsp._jspService(viewcertificate_jsp.java:242)
>     >> at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
>     >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>     >> at
>     >>
>     org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:433)
>     >> at
>     org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:402)
>     >> at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:346)
>     >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>     >> at
>     >>
>     io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
>     >> at
>     >>
>     io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
>     >> at
>     >>
>     org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:198)
>     >> at
>     io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >> at
>     >>
>     io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >> at
>     org.owasp.filters.ClickjackFilter.doFilter(ClickjackFilter.java:36)
>     >> at
>     io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >> at
>     >>
>     io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >> at
>     >>
>     org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:109)
>     >> at
>     io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>     >> at
>     >>
>     io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>     >> at
>     >>
>     io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
>     >> at
>     >>
>     io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
>     >> at
>     io.undertow.jsp.JspFileHandler.handleRequest(JspFileHandler.java:32)
>     >> at
>     >>
>     io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
>     >> at
>     >>
>     org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>     >> at
>     >>
>     io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >> at
>     >>
>     io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
>     >> at
>     >>
>     io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
>     >> at
>     >>
>     io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >> at
>     >>
>     io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
>     >> at
>     >>
>     io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>     >> at
>     >>
>     io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>     >> at
>     >>
>     io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
>     >> at
>     >>
>     io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
>     >> at
>     >>
>     io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>     >> at
>     >>
>     io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>     >> at
>     >>
>     io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
>     >> at
>     >>
>     io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >> at
>     >>
>     org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>     >> at
>     >>
>     io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >> at
>     >>
>     io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>     >> at
>     >>
>     io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
>     >> at
>     >>
>     io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
>     >> at
>     >>
>     io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
>     >> at
>     >>
>     io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
>     >> at
>     >>
>     io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
>     >> at
>     >>
>     io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
>     >> at
>     >>
>     io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >> at
>     >>
>     io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >> at
>     >>
>     io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >> at
>     >>
>     io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >> at
>     >>
>     io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >> at
>     >>
>     io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>     >> at
>     >>
>     io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
>     >> at
>     >>
>     io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
>     >> at
>     >>
>     io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
>     >> at
>     io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>     >> at
>     io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:805)
>     >> at
>     >>
>     java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>     >> at
>     >>
>     java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>     >> at java.lang.Thread.run(Thread.java:748)
>     >> Caused by: java.lang.StringIndexOutOfBoundsException: String
>     index out
>     >> of range: -1
>     >> at java.lang.String.substring(String.java:1967)
>     >> at org.cesecore.util.CertTools.isDNReversed(CertTools.java:614)
>     >> at org.cesecore.util.CertTools.stringToBCDNString(CertTools.java:467)
>     >> at
>     >>
>     org.cesecore.certificates.certificate.CertificateStoreSessionBean.findCertificateByIssuerAndSerno(CertificateStoreSessionBean.java:584)
>     >> at sun.reflect.GeneratedMethodAccessor611.invoke(Unknown Source)
>     >> at
>     >>
>     sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>     >> at java.lang.reflect.Method.invoke(Method.java:498)
>     >> at
>     >>
>     org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52)
>     >> at
>     >>
>     org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >> at
>     >>
>     org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437)
>     >> at
>     >>
>     org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:82)
>     >> at
>     >>
>     org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:93)
>     >> at
>     >>
>     org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63)
>     >> at
>     >>
>     org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >> at
>     >>
>     org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43)
>     >> at
>     >>
>     org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >> at
>     >>
>     org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47)
>     >> at
>     >>
>     org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >> at
>     >>
>     org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437)
>     >> at
>     >>
>     org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:73)
>     >> at
>     >>
>     org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:83)
>     >> at
>     >>
>     org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >> at
>     >>
>     org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45)
>     >> at
>     >>
>     org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >> at
>     >>
>     org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
>     >> at
>     >>
>     org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >> at
>     >>
>     org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
>     >> at
>     >>
>     org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:52)
>     >> at
>     >>
>     org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >> at
>     >>
>     org.jboss.as.ejb3.component.interceptors.NonPooledEJBComponentInstanceAssociatingInterceptor.processInvocation(NonPooledEJBComponentInstanceAssociatingInterceptor.java:59)
>     >> at
>     >>
>     org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>     >> at
>     >>
>     org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:263)
>     >> ... 95 more
>     >>
>     >> This problem appear in both versions (6.3.1.1 and 6.10.1.2).
>     >>
>     >> Maybe the 2nd and the 3rd problem are linked. We can see that id of
>     >> these certificates are negative, how is it possible ?
>     >>
>     >> Do we need to upgrade from 6.3.1.1 to 6.5.0.5 before going to
>     6.10.1.2 ?
>     >>
>     >> Is there a new community edition scheduled ?
>     >>
>     >> Thanks for your answer !
>     >>
>     >> Best regards,
>     >>
>     >> Arnaud
>     >>
>     >>
>     >>
>     >>
>     >> _______________________________________________
>     >> Ejbca-develop mailing list
>     >> Ejb...@li...
>     <mailto:Ejb...@li...>
>     >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>     >>
> 
> 
>     _______________________________________________
>     Ejbca-develop mailing list
>     Ejb...@li...
>     <mailto:Ejb...@li...>
>     https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 
> 
> 
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 

Re: [Ejbca-develop] Several problems after migration

[Arnaud D. <arn...@gm...>]

Hi Tomas,

Thanks for your answer. We use wildfly 10.1.0. We delete cache with admin
page but it does not work. We use docker so the image was cleaned.

Any ideas to resolve these 3 problems ?

Have a good day !

Le jeu. 31 janv. 2019 à 22:18, Tomas Gustavsson <to...@pr...> a
écrit :

>
> What version of JBoss/WildFly are you using?
>
> And yes, a new versio is planned rather soon. If you want to test
> something new you can also check out the docker image on dockerhub.
>
> https://hub.docker.com/r/primekey/ejbca-ce
>
> Regards,
> Tomas
>
>
> On 2019-01-31 22:15, Tomas Gustavsson wrote:
> >
> > I think you need to clean the JBoss temp directory. Sometimes it leaves
> > behind old files, causing jsp errors (it tries to use old cached pages
> > in temp with new ejbca version).
> >
> > Regards,
> > Tomas
> > ---
> > Meet us at RSA Conference 2019
> > San Francisco, March 4-8
> > Booth #1935
> > FREE Expo pass code: XEU9PRIMEKEY
> >
> > On 2019-01-29 14:51, Arnaud Defos wrote:
> >> Hi,
> >>
> >> I try to upgrade from ejbca 6.3.1.1 to 6.10.1.2. When I start ejbca
> >> after doing all required steps, we have several problems.
> >>
> >> _1st problem :_
> >>
> >> When I try to go to the "end entity profiles" page, I've got blank page
> >> with "Internal server error". In log file, we can see :
> >> (default task-1) UT005023: Exception handling request to
> >> /ejbca/adminweb/ra/editendentityprofiles/editendentityprofiles.jsp:
> >> org.apache.jasper.JasperException: JBWEB004062: Unable to compile class
> >> for JSP:
> >>
> >> JBWEB004061: An error occurred at line: 325 in the generated java file
> >> The code of method _jspService(HttpServletRequest, HttpServletResponse)
> >> is exceeding the 65535 bytes limit
> >>
> >> Stacktrace:
> >> at
> >>
> org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:95)
> >> at
> >>
> org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:198)
> >> at
> >>
> org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:449)
> >> at org.apache.jasper.compiler.Compiler.compile(Compiler.java:359)
> >> at org.apache.jasper.compiler.Compiler.compile(Compiler.java:334)
> >> at org.apache.jasper.compiler.Compiler.compile(Compiler.java:321)
> >> at
> >>
> org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:652)
> >> at
> >>
> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:358)
> >> at
> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:402)
> >> at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:346)
> >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> >> at
> >>
> io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
> >> at
> >>
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
> >> at org.ejbca.ui.web.admin.NoCacheFilter.doFilter(NoCacheFilter.java:68)
> >> at
> io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >> at
> >>
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >> at
> >>
> org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:204)
> >> at
> io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >> at
> >>
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >> at org.owasp.filters.ClickjackFilter.doFilter(ClickjackFilter.java:36)
> >> at
> io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >> at
> >>
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >> at
> >>
> org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:104)
> >> at
> io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >> at
> >>
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >> at org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter.java:88)
> >> at
> io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >> at
> >>
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >> at
> >>
> org.ejbca.util.owaspcsrfguard.EncodingFilter.doFilter(EncodingFilter.java:51)
> >> at
> io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >> at
> >>
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >> at
> >>
> io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> >> at
> >>
> io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> >> at io.undertow.jsp.JspFileHandler.handleRequest(JspFileHandler.java:32)
> >> at
> >>
> io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> >> at
> >>
> org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> >> at
> >>
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >> at
> >>
> io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
> >> at
> >>
> io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
> >> at
> >>
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >> at
> >>
> io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
> >> at
> >>
> io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> >> at
> >>
> io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> >> at
> >>
> io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
> >> at
> >>
> io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
> >> at
> >>
> io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
> >> at
> >>
> io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
> >> at
> >>
> io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> >> at
> >>
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >> at
> >>
> org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> >> at
> >>
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >> at
> >>
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >> at
> >>
> io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
> >> at
> >>
> io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
> >> at
> >>
> io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
> >> at
> >>
> io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
> >> at
> >>
> io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
> >> at
> >>
> io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> >> at
> >>
> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >> at
> >>
> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >> at
> >>
> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >> at
> >>
> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >> at
> >>
> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >> at
> >>
> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >> at
> >>
> io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
> >> at
> >>
> io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
> >> at
> >>
> io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
> >> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
> >> at
> io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:805)
> >> at
> >>
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> >> at
> >>
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> >> at java.lang.Thread.run(Thread.java:748)
> >>
> >> No problem with version 6.3.1.1.
> >>
> >> _2nd problem :
> >> _
> >>
> >> When we go to When we go to Internal Key Bindings -> OcspKeyBinding, we
> >> can see two certificates revoked whereas they were active before the
> >> migration.
> >>
> >> _3rd problem :_
> >>
> >> When we go to Internal Key Bindings -> OcspKeyBinding > Click on one
> >> serial number. We have got this error (in the web page) :
> >> An exception has occurred.
> >> java.lang.StringIndexOutOfBoundsException: String index out of range: -1
> >>
> >> javax.ejb.EJBException: java.lang.StringIndexOutOfBoundsException:
> >> String index out of range: -1
> >> at
> >>
> org.jboss.as.ejb3.tx.CMTTxInterceptor.handleExceptionInNoTx(CMTTxInterceptor.java:213)
> >> at
> >>
> org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:265)
> >> at
> org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:374)
> >> at
> >>
> org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:243)
> >> at
> >>
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >> at
> >>
> org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
> >> at
> >>
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >> at
> >>
> org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:47)
> >> at
> >>
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >> at
> >>
> org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:100)
> >> at
> >>
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >> at
> >>
> org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22)
> >> at
> >>
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >> at
> >>
> org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
> >> at
> >>
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >> at
> >>
> org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67)
> >> at
> >>
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >> at
> >>
> org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
> >> at
> >>
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >> at
> >>
> org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54)
> >> at
> >>
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >> at
> >>
> org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:64)
> >> at
> >>
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >> at
> org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356)
> >> at
> >>
> org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:636)
> >> at
> >>
> org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:61)
> >> at
> >>
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >> at
> org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356)
> >> at
> >>
> org.jboss.invocation.PrivilegedWithCombinerInterceptor.processInvocation(PrivilegedWithCombinerInterceptor.java:80)
> >> at
> >>
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >> at
> >>
> org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> >> at
> org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198)
> >> at
> >>
> org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:185)
> >> at
> >>
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >> at
> >>
> org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> >> at
> >>
> org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:73)
> >> at
> >>
> org.cesecore.certificates.certificate.CertificateStoreSessionLocal$$$view55.findCertificateByIssuerAndSerno(Unknown
> >> Source)
> >> at
> >>
> org.ejbca.ui.web.admin.rainterface.RAInterfaceBean.loadCertificates(RAInterfaceBean.java:702)
> >> at
> >>
> org.apache.jsp.viewcertificate_jsp._jspService(viewcertificate_jsp.java:242)
> >> at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
> >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> >> at
> >>
> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:433)
> >> at
> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:402)
> >> at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:346)
> >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> >> at
> >>
> io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
> >> at
> >>
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
> >> at
> >>
> org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:198)
> >> at
> io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >> at
> >>
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >> at org.owasp.filters.ClickjackFilter.doFilter(ClickjackFilter.java:36)
> >> at
> io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >> at
> >>
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >> at
> >>
> org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:109)
> >> at
> io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> >> at
> >>
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> >> at
> >>
> io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> >> at
> >>
> io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> >> at io.undertow.jsp.JspFileHandler.handleRequest(JspFileHandler.java:32)
> >> at
> >>
> io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> >> at
> >>
> org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> >> at
> >>
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >> at
> >>
> io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
> >> at
> >>
> io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
> >> at
> >>
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >> at
> >>
> io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
> >> at
> >>
> io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> >> at
> >>
> io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> >> at
> >>
> io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
> >> at
> >>
> io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
> >> at
> >>
> io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
> >> at
> >>
> io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
> >> at
> >>
> io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> >> at
> >>
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >> at
> >>
> org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> >> at
> >>
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >> at
> >>
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> >> at
> >>
> io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
> >> at
> >>
> io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
> >> at
> >>
> io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
> >> at
> >>
> io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
> >> at
> >>
> io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
> >> at
> >>
> io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> >> at
> >>
> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >> at
> >>
> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >> at
> >>
> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >> at
> >>
> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >> at
> >>
> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >> at
> >>
> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> >> at
> >>
> io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
> >> at
> >>
> io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
> >> at
> >>
> io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
> >> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
> >> at
> io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:805)
> >> at
> >>
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> >> at
> >>
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> >> at java.lang.Thread.run(Thread.java:748)
> >> Caused by: java.lang.StringIndexOutOfBoundsException: String index out
> >> of range: -1
> >> at java.lang.String.substring(String.java:1967)
> >> at org.cesecore.util.CertTools.isDNReversed(CertTools.java:614)
> >> at org.cesecore.util.CertTools.stringToBCDNString(CertTools.java:467)
> >> at
> >>
> org.cesecore.certificates.certificate.CertificateStoreSessionBean.findCertificateByIssuerAndSerno(CertificateStoreSessionBean.java:584)
> >> at sun.reflect.GeneratedMethodAccessor611.invoke(Unknown Source)
> >> at
> >>
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> >> at java.lang.reflect.Method.invoke(Method.java:498)
> >> at
> >>
> org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52)
> >> at
> >>
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >> at
> >>
> org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437)
> >> at
> >>
> org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:82)
> >> at
> >>
> org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:93)
> >> at
> >>
> org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63)
> >> at
> >>
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >> at
> >>
> org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43)
> >> at
> >>
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >> at
> >>
> org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47)
> >> at
> >>
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >> at
> >>
> org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437)
> >> at
> >>
> org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:73)
> >> at
> >>
> org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:83)
> >> at
> >>
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >> at
> >>
> org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45)
> >> at
> >>
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >> at
> >>
> org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
> >> at
> >>
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >> at
> >>
> org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> >> at
> >>
> org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:52)
> >> at
> >>
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >> at
> >>
> org.jboss.as.ejb3.component.interceptors.NonPooledEJBComponentInstanceAssociatingInterceptor.processInvocation(NonPooledEJBComponentInstanceAssociatingInterceptor.java:59)
> >> at
> >>
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> >> at
> >>
> org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:263)
> >> ... 95 more
> >>
> >> This problem appear in both versions (6.3.1.1 and 6.10.1.2).
> >>
> >> Maybe the 2nd and the 3rd problem are linked. We can see that id of
> >> these certificates are negative, how is it possible ?
> >>
> >> Do we need to upgrade from 6.3.1.1 to 6.5.0.5 before going to 6.10.1.2 ?
> >>
> >> Is there a new community edition scheduled ?
> >>
> >> Thanks for your answer !
> >>
> >> Best regards,
> >>
> >> Arnaud
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> Ejbca-develop mailing list
> >> Ejb...@li...
> >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> >>
>
>
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>

Re: [Ejbca-develop] Several problems after migration

[Tomas G. <to...@pr...>]

What version of JBoss/WildFly are you using?

And yes, a new versio is planned rather soon. If you want to test
something new you can also check out the docker image on dockerhub.

https://hub.docker.com/r/primekey/ejbca-ce

Regards,
Tomas


On 2019-01-31 22:15, Tomas Gustavsson wrote:
> 
> I think you need to clean the JBoss temp directory. Sometimes it leaves
> behind old files, causing jsp errors (it tries to use old cached pages
> in temp with new ejbca version).
> 
> Regards,
> Tomas
> ---
> Meet us at RSA Conference 2019
> San Francisco, March 4-8
> Booth #1935
> FREE Expo pass code: XEU9PRIMEKEY
> 
> On 2019-01-29 14:51, Arnaud Defos wrote:
>> Hi,
>>
>> I try to upgrade from ejbca 6.3.1.1 to 6.10.1.2. When I start ejbca
>> after doing all required steps, we have several problems.
>>
>> _1st problem :_
>>
>> When I try to go to the "end entity profiles" page, I've got blank page
>> with "Internal server error". In log file, we can see :
>> (default task-1) UT005023: Exception handling request to
>> /ejbca/adminweb/ra/editendentityprofiles/editendentityprofiles.jsp:
>> org.apache.jasper.JasperException: JBWEB004062: Unable to compile class
>> for JSP: 
>>
>> JBWEB004061: An error occurred at line: 325 in the generated java file
>> The code of method _jspService(HttpServletRequest, HttpServletResponse)
>> is exceeding the 65535 bytes limit
>>
>> Stacktrace:
>> at
>> org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:95)
>> at
>> org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:198)
>> at
>> org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:449)
>> at org.apache.jasper.compiler.Compiler.compile(Compiler.java:359)
>> at org.apache.jasper.compiler.Compiler.compile(Compiler.java:334)
>> at org.apache.jasper.compiler.Compiler.compile(Compiler.java:321)
>> at
>> org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:652)
>> at
>> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:358)
>> at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:402)
>> at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:346)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>> at
>> io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
>> at
>> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
>> at org.ejbca.ui.web.admin.NoCacheFilter.doFilter(NoCacheFilter.java:68)
>> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>> at
>> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>> at
>> org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:204)
>> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>> at
>> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>> at org.owasp.filters.ClickjackFilter.doFilter(ClickjackFilter.java:36)
>> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>> at
>> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>> at
>> org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:104)
>> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>> at
>> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>> at org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter.java:88)
>> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>> at
>> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>> at
>> org.ejbca.util.owaspcsrfguard.EncodingFilter.doFilter(EncodingFilter.java:51)
>> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>> at
>> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>> at
>> io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
>> at
>> io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
>> at io.undertow.jsp.JspFileHandler.handleRequest(JspFileHandler.java:32)
>> at
>> io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
>> at
>> org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>> at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> at
>> io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
>> at
>> io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
>> at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> at
>> io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
>> at
>> io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>> at
>> io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>> at
>> io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
>> at
>> io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
>> at
>> io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>> at
>> io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>> at
>> io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
>> at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> at
>> org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>> at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> at
>> io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
>> at
>> io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
>> at
>> io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
>> at
>> io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
>> at
>> io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
>> at
>> io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
>> at
>> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>> at
>> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>> at
>> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>> at
>> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>> at
>> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>> at
>> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>> at
>> io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
>> at
>> io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
>> at
>> io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
>> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:805)
>> at
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>> at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>> at java.lang.Thread.run(Thread.java:748)
>>
>> No problem with version 6.3.1.1.
>>
>> _2nd problem :
>> _
>>
>> When we go to When we go to Internal Key Bindings -> OcspKeyBinding, we
>> can see two certificates revoked whereas they were active before the
>> migration.
>>
>> _3rd problem :_
>>
>> When we go to Internal Key Bindings -> OcspKeyBinding > Click on one
>> serial number. We have got this error (in the web page) :
>> An exception has occurred.
>> java.lang.StringIndexOutOfBoundsException: String index out of range: -1
>>
>> javax.ejb.EJBException: java.lang.StringIndexOutOfBoundsException:
>> String index out of range: -1
>> at
>> org.jboss.as.ejb3.tx.CMTTxInterceptor.handleExceptionInNoTx(CMTTxInterceptor.java:213)
>> at
>> org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:265)
>> at org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:374)
>> at
>> org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:243)
>> at
>> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>> at
>> org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
>> at
>> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>> at
>> org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:47)
>> at
>> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>> at
>> org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:100)
>> at
>> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>> at
>> org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22)
>> at
>> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>> at
>> org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
>> at
>> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>> at
>> org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67)
>> at
>> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>> at
>> org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
>> at
>> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>> at
>> org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54)
>> at
>> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>> at
>> org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:64)
>> at
>> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>> at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356)
>> at
>> org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:636)
>> at
>> org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:61)
>> at
>> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>> at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356)
>> at
>> org.jboss.invocation.PrivilegedWithCombinerInterceptor.processInvocation(PrivilegedWithCombinerInterceptor.java:80)
>> at
>> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>> at
>> org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
>> at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198)
>> at
>> org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:185)
>> at
>> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>> at
>> org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
>> at
>> org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:73)
>> at
>> org.cesecore.certificates.certificate.CertificateStoreSessionLocal$$$view55.findCertificateByIssuerAndSerno(Unknown
>> Source)
>> at
>> org.ejbca.ui.web.admin.rainterface.RAInterfaceBean.loadCertificates(RAInterfaceBean.java:702)
>> at
>> org.apache.jsp.viewcertificate_jsp._jspService(viewcertificate_jsp.java:242)
>> at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>> at
>> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:433)
>> at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:402)
>> at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:346)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>> at
>> io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
>> at
>> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
>> at
>> org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:198)
>> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>> at
>> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>> at org.owasp.filters.ClickjackFilter.doFilter(ClickjackFilter.java:36)
>> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>> at
>> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>> at
>> org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:109)
>> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>> at
>> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>> at
>> io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
>> at
>> io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
>> at io.undertow.jsp.JspFileHandler.handleRequest(JspFileHandler.java:32)
>> at
>> io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
>> at
>> org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>> at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> at
>> io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
>> at
>> io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
>> at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> at
>> io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
>> at
>> io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>> at
>> io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>> at
>> io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
>> at
>> io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
>> at
>> io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>> at
>> io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>> at
>> io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
>> at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> at
>> org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>> at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> at
>> io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
>> at
>> io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
>> at
>> io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
>> at
>> io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
>> at
>> io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
>> at
>> io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
>> at
>> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>> at
>> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>> at
>> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>> at
>> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>> at
>> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>> at
>> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
>> at
>> io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
>> at
>> io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
>> at
>> io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
>> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:805)
>> at
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>> at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>> at java.lang.Thread.run(Thread.java:748)
>> Caused by: java.lang.StringIndexOutOfBoundsException: String index out
>> of range: -1
>> at java.lang.String.substring(String.java:1967)
>> at org.cesecore.util.CertTools.isDNReversed(CertTools.java:614)
>> at org.cesecore.util.CertTools.stringToBCDNString(CertTools.java:467)
>> at
>> org.cesecore.certificates.certificate.CertificateStoreSessionBean.findCertificateByIssuerAndSerno(CertificateStoreSessionBean.java:584)
>> at sun.reflect.GeneratedMethodAccessor611.invoke(Unknown Source)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:498)
>> at
>> org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52)
>> at
>> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>> at
>> org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437)
>> at
>> org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:82)
>> at
>> org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:93)
>> at
>> org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63)
>> at
>> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>> at
>> org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43)
>> at
>> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>> at
>> org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47)
>> at
>> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>> at
>> org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437)
>> at
>> org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:73)
>> at
>> org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:83)
>> at
>> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>> at
>> org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45)
>> at
>> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>> at
>> org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
>> at
>> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>> at
>> org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
>> at
>> org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:52)
>> at
>> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>> at
>> org.jboss.as.ejb3.component.interceptors.NonPooledEJBComponentInstanceAssociatingInterceptor.processInvocation(NonPooledEJBComponentInstanceAssociatingInterceptor.java:59)
>> at
>> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
>> at
>> org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:263)
>> ... 95 more
>>
>> This problem appear in both versions (6.3.1.1 and 6.10.1.2).
>>
>> Maybe the 2nd and the 3rd problem are linked. We can see that id of
>> these certificates are negative, how is it possible ?
>>
>> Do we need to upgrade from 6.3.1.1 to 6.5.0.5 before going to 6.10.1.2 ?
>>
>> Is there a new community edition scheduled ?
>>
>> Thanks for your answer !
>>
>> Best regards,
>>
>> Arnaud
>>
>>
>>
>>
>> _______________________________________________
>> Ejbca-develop mailing list
>> Ejb...@li...
>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>

Re: [Ejbca-develop] Several problems after migration

[Tomas G. <to...@pr...>]

I think you need to clean the JBoss temp directory. Sometimes it leaves
behind old files, causing jsp errors (it tries to use old cached pages
in temp with new ejbca version).

Regards,
Tomas
---
Meet us at RSA Conference 2019
San Francisco, March 4-8
Booth #1935
FREE Expo pass code: XEU9PRIMEKEY

On 2019-01-29 14:51, Arnaud Defos wrote:
> Hi,
> 
> I try to upgrade from ejbca 6.3.1.1 to 6.10.1.2. When I start ejbca
> after doing all required steps, we have several problems.
> 
> _1st problem :_
> 
> When I try to go to the "end entity profiles" page, I've got blank page
> with "Internal server error". In log file, we can see :
> (default task-1) UT005023: Exception handling request to
> /ejbca/adminweb/ra/editendentityprofiles/editendentityprofiles.jsp:
> org.apache.jasper.JasperException: JBWEB004062: Unable to compile class
> for JSP: 
> 
> JBWEB004061: An error occurred at line: 325 in the generated java file
> The code of method _jspService(HttpServletRequest, HttpServletResponse)
> is exceeding the 65535 bytes limit
> 
> Stacktrace:
> at
> org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:95)
> at
> org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:198)
> at
> org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:449)
> at org.apache.jasper.compiler.Compiler.compile(Compiler.java:359)
> at org.apache.jasper.compiler.Compiler.compile(Compiler.java:334)
> at org.apache.jasper.compiler.Compiler.compile(Compiler.java:321)
> at
> org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:652)
> at
> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:358)
> at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:402)
> at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:346)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> at
> io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
> at
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
> at org.ejbca.ui.web.admin.NoCacheFilter.doFilter(NoCacheFilter.java:68)
> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:204)
> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at org.owasp.filters.ClickjackFilter.doFilter(ClickjackFilter.java:36)
> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:104)
> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter.java:88)
> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> org.ejbca.util.owaspcsrfguard.EncodingFilter.doFilter(EncodingFilter.java:51)
> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at
> io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at io.undertow.jsp.JspFileHandler.handleRequest(JspFileHandler.java:32)
> at
> io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at
> org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at
> io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
> at
> io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at
> io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
> at
> io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> at
> io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> at
> io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
> at
> io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
> at
> io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
> at
> io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
> at
> io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at
> org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at
> io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
> at
> io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
> at
> io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
> at
> io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
> at
> io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
> at
> io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> at
> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> at
> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> at
> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> at
> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> at
> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> at
> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> at
> io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
> at
> io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
> at
> io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:805)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at java.lang.Thread.run(Thread.java:748)
> 
> No problem with version 6.3.1.1.
> 
> _2nd problem :
> _
> 
> When we go to When we go to Internal Key Bindings -> OcspKeyBinding, we
> can see two certificates revoked whereas they were active before the
> migration.
> 
> _3rd problem :_
> 
> When we go to Internal Key Bindings -> OcspKeyBinding > Click on one
> serial number. We have got this error (in the web page) :
> An exception has occurred.
> java.lang.StringIndexOutOfBoundsException: String index out of range: -1
> 
> javax.ejb.EJBException: java.lang.StringIndexOutOfBoundsException:
> String index out of range: -1
> at
> org.jboss.as.ejb3.tx.CMTTxInterceptor.handleExceptionInNoTx(CMTTxInterceptor.java:213)
> at
> org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:265)
> at org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:374)
> at
> org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:243)
> at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> at
> org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
> at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> at
> org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:47)
> at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> at
> org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:100)
> at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> at
> org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22)
> at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> at
> org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
> at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> at
> org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67)
> at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> at
> org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
> at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> at
> org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54)
> at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> at
> org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:64)
> at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356)
> at
> org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:636)
> at
> org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:61)
> at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356)
> at
> org.jboss.invocation.PrivilegedWithCombinerInterceptor.processInvocation(PrivilegedWithCombinerInterceptor.java:80)
> at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> at
> org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198)
> at
> org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:185)
> at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> at
> org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> at
> org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:73)
> at
> org.cesecore.certificates.certificate.CertificateStoreSessionLocal$$$view55.findCertificateByIssuerAndSerno(Unknown
> Source)
> at
> org.ejbca.ui.web.admin.rainterface.RAInterfaceBean.loadCertificates(RAInterfaceBean.java:702)
> at
> org.apache.jsp.viewcertificate_jsp._jspService(viewcertificate_jsp.java:242)
> at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> at
> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:433)
> at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:402)
> at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:346)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> at
> io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
> at
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
> at
> org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:198)
> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at org.owasp.filters.ClickjackFilter.doFilter(ClickjackFilter.java:36)
> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:109)
> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at
> io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at io.undertow.jsp.JspFileHandler.handleRequest(JspFileHandler.java:32)
> at
> io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at
> org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at
> io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
> at
> io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at
> io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
> at
> io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> at
> io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> at
> io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
> at
> io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
> at
> io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
> at
> io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
> at
> io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at
> org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at
> io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
> at
> io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
> at
> io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
> at
> io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
> at
> io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
> at
> io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> at
> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> at
> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> at
> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> at
> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> at
> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> at
> io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
> at
> io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
> at
> io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
> at
> io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:805)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at java.lang.Thread.run(Thread.java:748)
> Caused by: java.lang.StringIndexOutOfBoundsException: String index out
> of range: -1
> at java.lang.String.substring(String.java:1967)
> at org.cesecore.util.CertTools.isDNReversed(CertTools.java:614)
> at org.cesecore.util.CertTools.stringToBCDNString(CertTools.java:467)
> at
> org.cesecore.certificates.certificate.CertificateStoreSessionBean.findCertificateByIssuerAndSerno(CertificateStoreSessionBean.java:584)
> at sun.reflect.GeneratedMethodAccessor611.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at
> org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52)
> at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> at
> org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437)
> at
> org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:82)
> at
> org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:93)
> at
> org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63)
> at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> at
> org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43)
> at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> at
> org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47)
> at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> at
> org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437)
> at
> org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:73)
> at
> org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:83)
> at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> at
> org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45)
> at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> at
> org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
> at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> at
> org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> at
> org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:52)
> at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> at
> org.jboss.as.ejb3.component.interceptors.NonPooledEJBComponentInstanceAssociatingInterceptor.processInvocation(NonPooledEJBComponentInstanceAssociatingInterceptor.java:59)
> at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
> at
> org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:263)
> ... 95 more
> 
> This problem appear in both versions (6.3.1.1 and 6.10.1.2).
> 
> Maybe the 2nd and the 3rd problem are linked. We can see that id of
> these certificates are negative, how is it possible ?
> 
> Do we need to upgrade from 6.3.1.1 to 6.5.0.5 before going to 6.10.1.2 ?
> 
> Is there a new community edition scheduled ?
> 
> Thanks for your answer !
> 
> Best regards,
> 
> Arnaud
> 
> 
> 
> 
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 

[Ejbca-develop] Several problems after migration

[Arnaud D. <arn...@gm...>]

Hi,

I try to upgrade from ejbca 6.3.1.1 to 6.10.1.2. When I start ejbca after
doing all required steps, we have several problems.

*1st problem :*

When I try to go to the "end entity profiles" page, I've got blank page
with "Internal server error". In log file, we can see :
(default task-1) UT005023: Exception handling request to
/ejbca/adminweb/ra/editendentityprofiles/editendentityprofiles.jsp:
org.apache.jasper.JasperException: JBWEB004062: Unable to compile class for
JSP:

JBWEB004061: An error occurred at line: 325 in the generated java file
The code of method _jspService(HttpServletRequest, HttpServletResponse) is
exceeding the 65535 bytes limit

Stacktrace:
at
org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:95)
at
org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:198)
at
org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:449)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:359)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:334)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:321)
at
org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:652)
at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:358)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:402)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:346)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at org.ejbca.ui.web.admin.NoCacheFilter.doFilter(NoCacheFilter.java:68)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at
org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:204)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at org.owasp.filters.ClickjackFilter.doFilter(ClickjackFilter.java:36)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at
org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:104)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter.java:88)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at
org.ejbca.util.owaspcsrfguard.EncodingFilter.doFilter(EncodingFilter.java:51)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.jsp.JspFileHandler.handleRequest(JspFileHandler.java:32)
at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at
io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
at
io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at
io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at
io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
at
io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
at
io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
at
io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
at
io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
at
io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:805)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)

No problem with version 6.3.1.1.


*2nd problem :*

When we go to When we go to Internal Key Bindings -> OcspKeyBinding, we can
see two certificates revoked whereas they were active before the migration.

*3rd problem :*

When we go to Internal Key Bindings -> OcspKeyBinding > Click on one serial
number. We have got this error (in the web page) :
An exception has occurred.
java.lang.StringIndexOutOfBoundsException: String index out of range: -1

javax.ejb.EJBException: java.lang.StringIndexOutOfBoundsException: String
index out of range: -1
at
org.jboss.as.ejb3.tx.CMTTxInterceptor.handleExceptionInNoTx(CMTTxInterceptor.java:213)
at
org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:265)
at org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:374)
at
org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:243)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at
org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at
org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:47)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at
org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:100)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at
org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at
org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at
org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at
org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at
org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at
org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:64)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356)
at
org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:636)
at
org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:61)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356)
at
org.jboss.invocation.PrivilegedWithCombinerInterceptor.processInvocation(PrivilegedWithCombinerInterceptor.java:80)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198)
at
org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:185)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
at
org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:73)
at
org.cesecore.certificates.certificate.CertificateStoreSessionLocal$$$view55.findCertificateByIssuerAndSerno(Unknown
Source)
at
org.ejbca.ui.web.admin.rainterface.RAInterfaceBean.loadCertificates(RAInterfaceBean.java:702)
at
org.apache.jsp.viewcertificate_jsp._jspService(viewcertificate_jsp.java:242)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:433)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:402)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:346)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at
org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:198)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at org.owasp.filters.ClickjackFilter.doFilter(ClickjackFilter.java:36)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at
org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:109)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.jsp.JspFileHandler.handleRequest(JspFileHandler.java:32)
at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at
io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
at
io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at
io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at
io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
at
io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
at
io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
at
io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
at
io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
at
io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:805)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.StringIndexOutOfBoundsException: String index out of
range: -1
at java.lang.String.substring(String.java:1967)
at org.cesecore.util.CertTools.isDNReversed(CertTools.java:614)
at org.cesecore.util.CertTools.stringToBCDNString(CertTools.java:467)
at
org.cesecore.certificates.certificate.CertificateStoreSessionBean.findCertificateByIssuerAndSerno(CertificateStoreSessionBean.java:584)
at sun.reflect.GeneratedMethodAccessor611.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437)
at
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:82)
at
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:93)
at
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at
org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at
org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437)
at
org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:73)
at
org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:83)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at
org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at
org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
at
org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:52)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at
org.jboss.as.ejb3.component.interceptors.NonPooledEJBComponentInstanceAssociatingInterceptor.processInvocation(NonPooledEJBComponentInstanceAssociatingInterceptor.java:59)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at
org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:263)
... 95 more

This problem appear in both versions (6.3.1.1 and 6.10.1.2).

Maybe the 2nd and the 3rd problem are linked. We can see that id of these
certificates are negative, how is it possible ?

Do we need to upgrade from 6.3.1.1 to 6.5.0.5 before going to 6.10.1.2 ?

Is there a new community edition scheduled ?

Thanks for your answer !

Best regards,

Arnaud