Menu
▾
▴
Re: [Ejbca-develop] EJBCA isn't verifying PKCS #10 signature from EjbcaWS#certificateRequest
|
From: Tomas G. <to...@pr...> - 2015-05-01 14:54:49
|
Good catch. Seems to be a flaw? Created: https://jira.primekey.se/browse/ECA-4243 Regards, Tomas On 2015-04-30 20:21, Jaime Hablutzel Egoavil wrote: > On EJBCA 6.2.0 (r19221), the WS method > org.ejbca.core.protocol.ws.EjbcaWS#certificateRequest, called like this > from a client: > > ejbcaWS.certificateRequest(ejbcaUser, pkcs10inPemFormat, > CertificateHelper.CERT_REQ_TYPE_PKCS10, null, > CertificateHelper.RESPONSETYPE_CERTIFICATE); > > Isn't performing POP, I can see it is quickly transformed to a > org.cesecore.certificates.certificate.request.SimpleRequestMessage by > the method > org.cesecore.certificates.certificate.request.RequestMessageUtils#getSimpleRequestMessageFromType, > and this SimpleRequestMessage always return true when its method > #verify is called. > > Is this behaviour by design or is it a bug? > > > -- > Jaime Hablutzel -  RPC 994690880 > > > ------------------------------------------------------------------------------ > One dashboard for servers and applications across Physical-Virtual-Cloud > Widest out-of-the-box monitoring support with 50+ applications > Performance metrics, stats and reports that give you Actionable Insights > Deep dive visibility with transaction tracing using APM Insight. > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
