Menu
▾
▴
Re: [Ejbca-develop] EJBCA stacktraces when trying to import large CRL
|
From: <oh...@ya...> - 2019-06-28 14:56:08
|
Hi,
I think that I should've included an earlier part of the log also, so here it is:
10:49:49,858 INFO [org.cesecore.audit.impl.log4j.Log4jDevice] (default task-3) 2019-06-28 10:49:49-04:00;ACCESS_CONTROL;SUCCESS;ACCESSCONTROL;CORE;CN=SuperAdmin;;;;resource0=/administrator;resource1=/internalkeybinding/view
10:49:49,887 INFO [org.cesecore.audit.impl.log4j.Log4jDevice] (default task-3) 2019-06-28 10:49:49-04:00;ACCESS_CONTROL;SUCCESS;ACCESSCONTROL;CORE;CN=SuperAdmin;;;;resource0=/administrator
10:49:49,979 INFO [org.cesecore.certificates.ca.CaSessionBean] (default task-3) CA with id -713150820 does not exist.
10:49:49,980 ERROR [io.undertow.request] (default task-3) UT005023: Exception handling request to /ejbca/adminweb/keybind/keybindings.jsp: javax.servlet.ServletException: /keybind/keybindings.jsp(68,1) '#{internalKeyBindingMBean.internalKeyBindingGuiList}' java.lang.NullPointerException
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:683)
at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at org.ejbca.ui.web.admin.NoCacheFilter.doFilter(NoCacheFilter.java:68)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:216)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter(ExtensionsFilter.java:357)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:104)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.opentracing.contrib.jaxrs2.server.SpanFinishingFilter.doFilter(SpanFinishingFilter.java:55)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:360)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.apache.jasper.el.JspELException: /keybind/keybindings.jsp(68,1) '#{internalKeyBindingMBean.internalKeyBindingGuiList}' java.lang.NullPointerException
at org.apache.jasper.el.JspValueExpression.getValue(JspValueExpression.java:123)
at javax.faces.component.ComponentStateHelper.eval(ComponentStateHelper.java:200)
at javax.faces.component.ComponentStateHelper.eval(ComponentStateHelper.java:187)
at javax.faces.component.UIData.getValue(UIData.java:766)
at javax.faces.component.UIData.getDataModel(UIData.java:1880)
at javax.faces.component.UIData.setRowIndexWithoutRowStatePreserved(UIData.java:503)
at javax.faces.component.UIData.setRowIndex(UIData.java:492)
at com.sun.faces.renderkit.html_basic.TableRenderer.encodeBegin(TableRenderer.java:81)
at javax.faces.component.UIComponentBase.encodeBegin(UIComponentBase.java:892)
at javax.faces.component.UIData.encodeBegin(UIData.java:1184)
at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1903)
at javax.faces.render.Renderer.encodeChildren(Renderer.java:176)
at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:918)
at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1905)
On Friday, June 28, 2019, 10:45:14 AM EDT, <oh...@ya...> wrote:
Hi,
FYI, I just noticed that if I try to go to the Internal Key Bindings=>OCSP Bindings, it is causing an Internal Server error, and in the log I am getting:
10:14:49,360 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /ejbca/adminweb/keybind/keybindings.jsp: javax.servlet.ServletException: /keybind/keybindings.jsp(68,1) '#{internalKeyBindingMBean.internalKeyBindingGuiList}' java.lang.NullPointerException
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:683)
at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at org.ejbca.ui.web.admin.NoCacheFilter.doFilter(NoCacheFilter.java:68)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:216)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter(ExtensionsFilter.java:357)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:104)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.opentracing.contrib.jaxrs2.server.SpanFinishingFilter.doFilter(SpanFinishingFilter.java:55)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:360)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
at java.lang.Thread.run(Thread.java:748)
On Friday, June 28, 2019, 10:03:28 AM EDT, <oh...@ya...> wrote:
Also, in the EJBCA/JBOSS stdoutput I am seeing:
10:00:17,862 INFO [org.cesecore.audit.impl.log4j.Log4jDevice] (default task-3) 2019-06-28 10:00:17-04:00;ACCESS_CONTROL;SUCCESS;ACCESSCONTROL;CORE;ejbca;;;;resource0=/ca/1164433895
10:00:17,896 INFO [org.cesecore.certificates.crl.CrlStoreSessionBean] (default task-1) Error retrieving CRL for issuer 'CN=XXXCA-41,OU=PKI,OU=YYY,O=ZZZ,C=US' with CRL number 0.
Jim
On Friday, June 28, 2019, 9:49:42 AM EDT, <oh...@ya...> wrote:
Hi,
Actually, now I am not sure if this is the right command to *IMPORT* a CRL?
I tried:
./ejbca.sh ca getcrl --caname XXXCA_41 -f /home/jl/ejbcabuild/CRL-DOWNLOADER/crls/XXXCA_41.crl
and the response I got was:
No CRL exists for CA XXXCA_41.
????
On Friday, June 28, 2019, 9:37:27 AM EDT, <oh...@ya...> wrote:
I think I found the command:
[root@ejbca bin]# ./ejbca.sh ca getcrl --help
GETCRL EJBCA CLI Commands Manual GETCRL
NAME
getcrl - Retrieves a CRL from a CA. Either the latest CRL or a CRL with a specified CRL number.
SYNOPSIS
getcrl <CA_NAME> <FILE_NAME> [OPTIONAL PARAMETERS]
getcrl --caname <CA_NAME> -f <FILE_NAME> [OPTIONAL PARAMETERS]
DESCRIPTION
Retrieves a CRL from a CA. Either the latest CRL or a CRL with a specified CRL number.
PARAMETERS
Mandatory parameters:
--caname <CA_NAME> (Switch is not required)
The CA to get the CRL for.
-f <FILE_NAME> (Switch is not required)
The file to export to.
Optional parameters:
--clipassword <CLI_PASSWORD>
Set the password explicitely in the command line with --clipassword=<password>
--verbose
Set this value for verbose output of parameter values.
-crlnumber <CRL_NUMBER>
Get CRL with the specified CRL number, instead of the latest. Used to read
historical CRLs.
-delta
Fetch the latest delta CRL. Default is regular CRL.
-p <User will be prompted, input will not be shown>
Set this flag to be prompted for the username password
-pem
Use PEM encoding. Default is DER encoding.
-u <CLI_USERNAME>
Username for the CLI user, if required.
I am going to try it now...
Jim
On Friday, June 28, 2019, 9:01:03 AM EDT, <oh...@ya...> wrote:
You will DEFINITELY be missed!
If you have time before you go, can you point me to how to use the CLI to import the CRL?
Thanks,
Jim
On Friday, June 28, 2019, 8:30:17 AM EDT, Tomas Gustavsson <to...@pr...> wrote:
I don't. Looks like the security filter (OWASP CSRFGuard) has a built in
size limit for uploads. As you are using the Web UI for this, you may
try the CLI instead as that does not go via the web interface.
Cheers,
Tomas
PS: I will be away on vacation after today and will not be active in
this list for a couple of weeks now.
On 2019-06-28 14:24, ohaya--- via Ejbca-develop wrote:
> Does anyone have any solution to this problem?
>
> Thanks,
> Jim
>
>
> On Thursday, June 27, 2019, 3:12:35 PM EDT, <oh...@ya...> wrote:
>
>
> Hi,
>
> I tried changing the <http-listener> in the standalone.xml to:
>
> <https-listener name="httpspub" socket-binding="httpspub"
> max-post-size="100000000" max-parameters="2048" ssl-context="httpspub"/>
> <https-listener name="httpspriv" socket-binding="httpspriv"
> max-post-size="100000000" max-parameters="2048" ssl-context="httpspriv"/>
>
> and now when I try to import the CRL, I get:
>
> 14:53:10,355 ERROR [io.undertow.request] (default task-1) UT005023:
> Exception handling request to /ejbca/adminweb/ca/cafunctions.jsp:
> java.lang.IllegalArgumentException: byte limit exceeded: -58
> at
> org.owasp.csrfguard.MultipartFormData.decrementLimit(MultipartFormData.java:1339)
> at
> org.owasp.csrfguard.MultipartFormData.readData(MultipartFormData.java:1305)
> at
> org.owasp.csrfguard.MultipartFormData.readPart(MultipartFormData.java:1145)
>
>
> On Thursday, June 27, 2019, 2:25:39 PM EDT, <oh...@ya...> wrote:
>
>
> Hi,
>
> I am trying to import a somewhat large (> 70MB) CRL into EJBCA, and when
> I try that it is throwing an exception and outputting the following
> stacktrace:
>
> 14:17:41,407 ERROR [stderr] (default task-1)
> io.undertow.server.RequestTooBigException: UT000020: Connection
> terminated as request was larger than 10485760
> 14:17:41,408 ERROR [stderr] (default task-1) at
> io.undertow.conduits.FixedLengthStreamSourceConduit.checkMaxSize(FixedLengthStreamSourceConduit.java:168)
> 14:17:41,408 ERROR
>
> How can I import this CRL into EJBCA?
>
> Thanks,
> Jim
>
>
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>
_______________________________________________
Ejbca-develop mailing list
Ejb...@li...
https://lists.sourceforge.net/lists/listinfo/ejbca-develop
|
