Re: [Ejbca-develop] EJBCA Community 6.10.1.2 : Database problem while install

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

I have changed that to sha1sum in the script included in EJBCA. Didn't I
create an issue for that on github? 128 bytes pwd is excessive, and
perhaps I ran into the same issue, don't remember now.
For a one-time password 40 characters password is plenty enough imho, so
sha1sum is fine.

Cheers,
Tomas

On 2018-03-04 15:54, Christian Felsing via Ejbca-develop wrote:
> Tomas,
> 
> all configurable passwords are created by that snippet:
> 
> pwgen() {
>   NEW_PASSWORD=$(dd if=/dev/urandom bs=1 count=64 2> /dev/null |
> sha512sum | awk '{print $1}' | tr -d "\n")
>   if [ -z "$NEW_PASSWORD" ]; then
>     echo "Created empty password - very bad"
>     exit 1
>   fi
>   echo -n "${NEW_PASSWORD}"
> }
> 
> keystorepass=$(pwgen)
> truststorepass=$(pwgen)
> httpsserver_password=$(pwgen)
> cmskeystorepass=$(pwgen)
> 
> 
> at least sha512sum ends up with a password of 128 bytes. For complete
> script, see https://github.com/ip6li/ejbca-setup which is also enclosed
> in EJBCA itself. In EJBCA enclosed script is for EJBCA 6_5.0.5
> (bin/extra/ejbca-setup.sh).
> 
> Complete error message which occurs at phase ant runinstall:
> 
>      [java] Caused by: java.sql.SQLException: Data too long for column
> 'clearPassword' at row 1
>      [java] Query is: update UserData set cAId=?, cardNumber=?,
> certificateProfileId=?, clearPassword=?, endEntityProfileId=?,
> hardTokenIssuerId=?, keyStorePassword=?, passwordHash=?, rowVersion=?,
> status=?, subjectAltName=?, subjectDN=?, subjectEmail=?, timeCreated=?,
> timeModified=?, tokenType=?, type=?, extendedInformationData=?,
> rowProtection=? where username=? and rowVersion=?, parameters
> [1402720174,<null>,9,'OBF:185b1j6b1i291jkl1awr194y1sor19xc1k191s3g1irx1
> 9xg1san1j631igh1svw18jj1idp1iz018xp1a4h1kff1apq1hzj1awv19xg19q11j8x19c5
> 1t331j8z1rpc1ikq1ju81irz1iz21bi61ink19j21a4n1iut1i9a18jl1j1u1ail19bz1ap
> w19xg1idt1igj19xg1sho1s3k1abc1k171j8t1jro1jdg185b19q51ju41iur1jrm1jn11j
> kh1ju41irv1jrm19q9185b1jfu1ju21j691jyr1abq1s3i1shu19x61idn1igd19x61apm1
> 9bz1aip1iz018jh1i6o1irt1a4719j41iku1bi81j1s1iun1jri1ino1rpa1j631t3319bt
> 1j6519qd19x61awv1i271aps1kcz1a4d18xt1j1u1igh18jj1sw21idp1j8z1san19x61iu
> p1s3m1jyp19xa1soz194s1awz1jmx1hzh1j8r185b',1,0,<null>,'$2a$01$NZXr1YAF9
> b01pfDzgp1j2O5K2JDQq0OfzfXpBrwEwInJVhj0qYLyi',1,10,'dnsName=ejbca.examp
> le.com',...
> 
> Same happens with smaller passwords.
> 
> Christian
> 
> 
> 
> Am Sonntag, den 04.03.2018, 13:06 +0100 schrieb Tomas Gustavsson:
>> Hm, sounds more that it's something with the script. Using a password
>> longer than 250 characters sounds really excessive to me. What in the
>> script generates such a long password?
>>
>> When does the error occur?
>>
>> Do you use the script provided with EJBCA, or some external version? 
>>
>> Regards,
>> Tomas
>>
>>
>> On March 4, 2018 11:53:04 AM GMT+01:00, Christian Felsing via Ejbca-
>> develop <ejb...@li...> wrote:
>>> Hello,
>>>
>>> while testing ejbca-setup with 6.10.1.2 following problem occurs
>>> while
>>> install process:
>>>
>>> Data too long for column 'clearPassword' at row 1
>>>
>>> which is caused by a SQL declaration for clearPassword with a
>>> length of
>>> 250. Wildfly log shows a real length of 517. For now a very nasty
>>> hack
>>> in ejbca-setup fixes that:
>>>
>>> doPatch() {
>>>   if [ $EJBCA_RELEASE == "6_10_1_2" ]; then
>>>     cd ejbca || exit 1
>>>     sed -i.bak 's/<basic fetch="EAGER" name="clearPassword"><column
>>> name="clearPassword" column-definition="VARCHAR(250)
>>> BINARY"\/><\/basic>/<basic fetch="EAGER"
>>> name="clearPassword"><column
>>> name="clearPassword" column-definition="VARCHAR(1000)
>>> BINARY"\/><\/basic>/g' modules/ejbca-entity/resources/orm-ejbca-
>>> mysql.xml || exit 1
>>>     echo "patch for 6_10_1_2 applied"
>>>     cd ..
>>>   fi
>>> }
>>>
>>>
>>> Christian
>>>
>>>
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>>
>>> Ejbca-develop mailing list
>>> Ejb...@li...
>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 