Menu
▾
▴
[Ejbca-develop] Problem Signing CSR Based on Elliptic Curve
|
From: Christian F. <pu...@fe...> - 2016-05-27 10:35:10
|
Hello,
EJBCA 6.3.1.1 throws an exception when trying to sign following request:
-----BEGIN CERTIFICATE REQUEST-----
MIHkMIGLAgEAMCkxFDASBgNVBAoMC2ZlbHNpbmcubmV0MREwDwYDVQQDDAhoc20t
MDAwMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCHNouS8915Fx4Clxs2hVkmM
ZEfxYJWGGNos7g2UHff6FIwaVD4iNWFtC9CO5Rpd4EAbvh/HesvYDVMW5TNYuu6g
ADAKBggqhkjOPQQDAgNIADBFAiEAukkckN3DWJkAee5cI8Iew/S8huzUvmHx3AuJ
vlcZAFgCICS8kGnWS0r8zvOPu5NmCYCAL/RbiQAR6f6wANhOjaEX
-----END CERTIFICATE REQUEST-----
Request contains following data:
---cut here---
Certificate Request:
Data:
Version: 0 (0x0)
Subject: O=felsing.net, CN=hsm-0003
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:19:72:96:7c:05:9c:f1:e4:1c:56:4c:d3:92:35:
86:87:7d:15:ab:50:2b:1f:eb:fa:30:9c:78:a9:9d:
6f:68:8e:66:a6:3b:1f:db:ea:33:83:10:1b:98:0d:
94:a3:a3:2c:7f:44:0a:ff:d4:3f:9e:5d:d9:99:c1:
8f:06:95:1b:df
ASN1 OID: prime256v1
NIST CURVE: P-256
Attributes:
a0:00
Signature Algorithm: ecdsa-with-SHA256
30:45:02:20:4d:fd:a8:e3:03:a5:cd:f8:27:c2:c2:b3:fb:66:
cb:2b:9c:c8:73:aa:4f:6c:27:7f:8f:63:10:41:da:a2:3b:23:
02:21:00:a0:10:33:a7:e8:04:2b:42:3c:f6:c6:b6:18:c2:ec:
74:21:b9:8c:54:fd:33:c0:76:41:37:16:4f:62:2a:57:37
---cut here---
---cut here---
Exception:
org.cesecore.certificates.certificate.CertificateCreateException:
org.bouncycastle.operator.OperatorCreationException: cannot create
signer: can't identify EC private key.
at
org.cesecore.certificates.certificate.CertificateCreateSessionBean.createCertificate(CertificateCreateSessionBean.java:510)
at
org.cesecore.certificates.certificate.CertificateCreateSessionBean.createCertificate(CertificateCreateSessionBean.java:199)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
at
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
at
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
at
org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInCallerTx(CMTTxInterceptor.java:258)
at
org.jboss.as.ejb3.tx.CMTTxInterceptor.required(CMTTxInterceptor.java:347)
at
org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:243)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:43)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:55)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:185)
at
org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:185)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
at
org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:73)
at
org.cesecore.certificates.certificate.CertificateCreateSessionLocal$$$view32.createCertificate(Unknown
Source)
at
org.ejbca.core.ejb.ca.sign.SignSessionBean.createCertificate(SignSessionBean.java:405)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
at
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
at
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
at
org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:280)
at
org.jboss.as.ejb3.tx.CMTTxInterceptor.required(CMTTxInterceptor.java:345)
at
org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:243)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:43)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:55)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:185)
at
org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:185)
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
at
org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:73)
at
org.ejbca.core.ejb.ca.sign.SignSessionLocal$$$view96.createCertificate(Unknown
Source)
at org.ejbca.ui.web.RequestHelper.pkcs10CertRequest(RequestHelper.java:236)
at org.ejbca.ui.web.RequestHelper.pkcs10CertRequest(RequestHelper.java:275)
at org.ejbca.ui.web.pub.RequestInstance.pkcs10Req(RequestInstance.java:650)
at org.ejbca.ui.web.pub.RequestInstance.doPost(RequestInstance.java:427)
at org.ejbca.ui.web.pub.CertReqServlet.doPost(CertReqServlet.java:117)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:754)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
at
org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:198)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
at org.owasp.filters.ClickjackFilter.doFilter(ClickjackFilter.java:36)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:420)
at
org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50)
at
org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50)
at
org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:150)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344)
at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:490)
at
org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:420)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.bouncycastle.operator.OperatorCreationException: cannot
create signer: can't identify EC private key.
at
org.bouncycastle.operator.jcajce.JcaContentSignerBuilder.build(Unknown
Source)
at
org.cesecore.certificates.ca.X509CA.generateCertificate(X509CA.java:1049)
at org.cesecore.certificates.ca.X509CA.generateCertificate(X509CA.java:652)
at
org.cesecore.certificates.certificate.CertificateCreateSessionBean.createCertificate(CertificateCreateSessionBean.java:396)
... 127 more
Caused by: java.security.InvalidKeyException: can't identify EC private key.
at
org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil.generatePrivateKeyParameter(Unknown
Source)
at
org.bouncycastle.jcajce.provider.asymmetric.ec.SignatureSpi.engineInitSign(Unknown
Source)
at java.security.Signature$Delegate.engineInitSign(Signature.java:1174)
at java.security.Signature.initSign(Signature.java:527)
... 131 more
---cut here---
I consider this problem is caused by BouncyCastle, but is has impact to
EJBCA.
best regards
Christian Felsing
|
