search

JoshuaJeong / nhin-d

Automatically exported from code.google.com/p/nhin-d
0 stars 0 forks source link

Java RI does not support p7c extensions from the AIA extension #236

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Add a trust bundle for a domain that includes p7c CAs in the chain (Within 
config-ui)
2. Send an email which has the domain name from above
3. The email will not be delivered. The stack trace from below will be thrown.

What is the expected output? What do you see instead?
Expected output is a validation of the chain.
However the following error is thrown,
03 Apr 2014 10:38:51,527 [WARN ] {spooler-15} 
(org.nhindirect.stagent.trust.TrustChainValidator) Intermediate cert cannot be 
resolved from AIA extension.
ERROR=null

    at org.nhindirect.stagent.trust.TrustChainValidator.downloadCertFromAIA(TrustChainValidator.java:455)
    at org.nhindirect.stagent.trust.TrustChainValidator.getIntermediateCertsByAIA(TrustChainValidator.java:403)
    at org.nhindirect.stagent.trust.TrustChainValidator.resolveIssuers(TrustChainValidator.java:296)
    at org.nhindirect.stagent.trust.TrustChainValidator.resolveIssuers(TrustChainValidator.java:362)
    at org.nhindirect.stagent.trust.TrustChainValidator.resolveIntermediateIssuers(TrustChainValidator.java:233)
    at org.nhindirect.stagent.trust.TrustChainValidator.resolveIntermediateIssuers(TrustChainValidator.java:218)
    at org.nhindirect.stagent.trust.TrustChainValidator.isTrusted(TrustChainValidator.java:172)
    at org.nhindirect.stagent.trust.TrustModel.findTrustedCerts(TrustModel.java:273)
    at org.nhindirect.stagent.trust.TrustModel.enforce(TrustModel.java:254)
    at org.nhindirect.stagent.DefaultNHINDAgent.processMessage(DefaultNHINDAgent.java:1275)
    at org.nhindirect.stagent.DefaultNHINDAgent.processOutgoing(DefaultNHINDAgent.java:1215)
    at org.nhindirect.stagent.DefaultNHINDAgent.processOutgoing(DefaultNHINDAgent.java:1179)
    at org.nhindirect.gateway.smtp.DefaultSmtpAgent.processEnvelope(DefaultSmtpAgent.java:332)
    at org.nhindirect.gateway.smtp.DefaultSmtpAgent.processMessage(DefaultSmtpAgent.java:202)
    at org.nhindirect.gateway.smtp.james.mailet.NHINDSecurityAndTrustMailet.service(NHINDSecurityAndTrustMailet.java:238)
    at org.apache.james.mailetcontainer.impl.camel.CamelProcessor.process(CamelProcessor.java:65)
    at org.apache.camel.impl.converter.AsyncProcessorTypeConverter$ProcessorToAsyncProcessorBridge.process(AsyncProcessorTypeConverter.java:50)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:70)
    at org.apache.camel.processor.DelegateAsyncProcessor.processNext(DelegateAsyncProcessor.java:98)
    at org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:89)
    at org.apache.camel.processor.interceptor.TraceInterceptor.process(TraceInterceptor.java:99)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:70)
    at org.apache.camel.processor.RedeliveryErrorHandler.processErrorHandler(RedeliveryErrorHandler.java:299)
    at org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:208)
    at org.apache.camel.processor.DefaultChannel.process(DefaultChannel.java:256)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:70)
    at org.apache.camel.processor.DelegateAsyncProcessor.processNext(DelegateAsyncProcessor.java:98)
    at org.apache.camel.processor.ChoiceProcessor.process(ChoiceProcessor.java:80)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:70)
    at org.apache.camel.processor.DelegateAsyncProcessor.processNext(DelegateAsyncProcessor.java:98)
    at org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:89)
    at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:68)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:70)
    at org.apache.camel.processor.DelegateAsyncProcessor.processNext(DelegateAsyncProcessor.java:98)
    at org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:89)
    at org.apache.camel.processor.interceptor.TraceInterceptor.process(TraceInterceptor.java:99)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:70)
    at org.apache.camel.processor.RedeliveryErrorHandler.processErrorHandler(RedeliveryErrorHandler.java:299)
    at org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:208)
    at org.apache.camel.processor.DefaultChannel.process(DefaultChannel.java:256)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:70)
    at org.apache.camel.processor.Pipeline.process(Pipeline.java:143)
    at org.apache.camel.processor.Pipeline.process(Pipeline.java:78)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:70)
    at org.apache.camel.processor.RedeliveryErrorHandler.processErrorHandler(RedeliveryErrorHandler.java:299)
    at org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:208)
    at org.apache.camel.processor.UnitOfWorkProcessor.process(UnitOfWorkProcessor.java:99)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:70)
    at org.apache.camel.processor.MulticastProcessor.doProcessSequential(MulticastProcessor.java:400)
    at org.apache.camel.processor.MulticastProcessor.doProcessSequential(MulticastProcessor.java:340)
    at org.apache.camel.processor.MulticastProcessor.process(MulticastProcessor.java:187)
    at org.apache.camel.processor.Splitter.process(Splitter.java:94)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:70)
    at org.apache.camel.processor.DelegateAsyncProcessor.processNext(DelegateAsyncProcessor.java:98)
    at org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:89)
    at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:68)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:70)
    at org.apache.camel.processor.DelegateAsyncProcessor.processNext(DelegateAsyncProcessor.java:98)
    at org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:89)
    at org.apache.camel.processor.interceptor.TraceInterceptor.process(TraceInterceptor.java:99)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:70)
    at org.apache.camel.processor.RedeliveryErrorHandler.processErrorHandler(RedeliveryErrorHandler.java:299)
    at org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:208)
    at org.apache.camel.processor.DefaultChannel.process(DefaultChannel.java:256)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:70)
    at org.apache.camel.processor.Pipeline.process(Pipeline.java:143)
    at org.apache.camel.processor.Pipeline.process(Pipeline.java:78)
    at org.apache.camel.processor.UnitOfWorkProcessor.process(UnitOfWorkProcessor.java:113)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:70)
    at org.apache.camel.processor.DelegateAsyncProcessor.processNext(DelegateAsyncProcessor.java:98)
    at org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:89)
    at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:68)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:70)
    at org.apache.camel.component.direct.DirectProducer.process(DirectProducer.java:61)
    at org.apache.camel.processor.UnitOfWorkProcessor.process(UnitOfWorkProcessor.java:99)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:91)
    at org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:85)
    at org.apache.camel.processor.UnitOfWorkProducer.process(UnitOfWorkProducer.java:63)
    at org.apache.camel.impl.ProducerCache$1.doInProducer(ProducerCache.java:333)
    at org.apache.camel.impl.ProducerCache$1.doInProducer(ProducerCache.java:303)
    at org.apache.camel.impl.ProducerCache.doInProducer(ProducerCache.java:208)
    at org.apache.camel.impl.ProducerCache.sendExchange(ProducerCache.java:303)
    at org.apache.camel.impl.ProducerCache.send(ProducerCache.java:154)
    at org.apache.camel.impl.DefaultProducerTemplate.send(DefaultProducerTemplate.java:110)
    at org.apache.camel.impl.DefaultProducerTemplate.sendBody(DefaultProducerTemplate.java:123)
    at org.apache.camel.impl.DefaultProducerTemplate.sendBody(DefaultProducerTemplate.java:130)
    at org.apache.james.mailetcontainer.impl.camel.CamelMailetProcessor.service(CamelMailetProcessor.java:62)
    at org.apache.james.mailetcontainer.lib.AbstractStateCompositeProcessor.service(AbstractStateCompositeProcessor.java:99)
    at org.apache.james.mailetcontainer.impl.JamesMailetContext.sendMail(JamesMailetContext.java:404)
    at org.apache.james.mailetcontainer.lib.AbstractStateMailetProcessor.toProcessor(AbstractStateMailetProcessor.java:162)
    at org.apache.james.mailetcontainer.impl.camel.CamelMailetProcessor.access$1000(CamelMailetProcessor.java:48)
    at org.apache.james.mailetcontainer.impl.camel.CamelMailetProcessor$MailetContainerRouteBuilder$StateChangedProcessor.process(CamelMailetProcessor.java:208)
    at org.apache.camel.impl.converter.AsyncProcessorTypeConverter$ProcessorToAsyncProcessorBridge.process(AsyncProcessorTypeConverter.java:50)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:70)
    at org.apache.camel.processor.DelegateAsyncProcessor.processNext(DelegateAsyncProcessor.java:98)
    at org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:89)
    at org.apache.camel.processor.interceptor.TraceInterceptor.process(TraceInterceptor.java:99)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:70)
    at org.apache.camel.processor.RedeliveryErrorHandler.processErrorHandler(RedeliveryErrorHandler.java:299)
    at org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:208)
    at org.apache.camel.processor.DefaultChannel.process(DefaultChannel.java:256)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:70)
    at org.apache.camel.processor.Pipeline.process(Pipeline.java:143)
    at org.apache.camel.processor.Pipeline.process(Pipeline.java:78)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:70)
    at org.apache.camel.processor.DelegateAsyncProcessor.processNext(DelegateAsyncProcessor.java:98)
    at org.apache.camel.processor.ChoiceProcessor.process(ChoiceProcessor.java:80)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:70)
    at org.apache.camel.processor.DelegateAsyncProcessor.processNext(DelegateAsyncProcessor.java:98)
    at org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:89)
    at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:68)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:70)
    at org.apache.camel.processor.DelegateAsyncProcessor.processNext(DelegateAsyncProcessor.java:98)
    at org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:89)
    at org.apache.camel.processor.interceptor.TraceInterceptor.process(TraceInterceptor.java:99)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:70)
    at org.apache.camel.processor.RedeliveryErrorHandler.processErrorHandler(RedeliveryErrorHandler.java:299)
    at org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:208)
    at org.apache.camel.processor.DefaultChannel.process(DefaultChannel.java:256)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:70)
    at org.apache.camel.processor.Pipeline.process(Pipeline.java:143)
    at org.apache.camel.processor.Pipeline.process(Pipeline.java:78)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:70)
    at org.apache.camel.processor.RedeliveryErrorHandler.processErrorHandler(RedeliveryErrorHandler.java:299)
    at org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:208)
    at org.apache.camel.processor.UnitOfWorkProcessor.process(UnitOfWorkProcessor.java:99)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:70)
    at org.apache.camel.processor.MulticastProcessor.doProcessSequential(MulticastProcessor.java:400)
    at org.apache.camel.processor.MulticastProcessor.doProcessSequential(MulticastProcessor.java:340)
    at org.apache.camel.processor.MulticastProcessor.process(MulticastProcessor.java:187)
    at org.apache.camel.processor.Splitter.process(Splitter.java:94)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:70)
    at org.apache.camel.processor.DelegateAsyncProcessor.processNext(DelegateAsyncProcessor.java:98)
    at org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:89)
    at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:68)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:70)
    at org.apache.camel.processor.DelegateAsyncProcessor.processNext(DelegateAsyncProcessor.java:98)
    at org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:89)
    at org.apache.camel.processor.interceptor.TraceInterceptor.process(TraceInterceptor.java:99)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:70)
    at org.apache.camel.processor.RedeliveryErrorHandler.processErrorHandler(RedeliveryErrorHandler.java:299)
    at org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:208)
    at org.apache.camel.processor.DefaultChannel.process(DefaultChannel.java:256)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:70)
    at org.apache.camel.processor.Pipeline.process(Pipeline.java:143)
    at org.apache.camel.processor.Pipeline.process(Pipeline.java:78)
    at org.apache.camel.processor.UnitOfWorkProcessor.process(UnitOfWorkProcessor.java:113)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:70)
    at org.apache.camel.processor.DelegateAsyncProcessor.processNext(DelegateAsyncProcessor.java:98)
    at org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:89)
    at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:68)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:70)
    at org.apache.camel.component.direct.DirectProducer.process(DirectProducer.java:61)
    at org.apache.camel.processor.UnitOfWorkProcessor.process(UnitOfWorkProcessor.java:99)
    at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:91)
    at org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:85)
    at org.apache.camel.processor.UnitOfWorkProducer.process(UnitOfWorkProducer.java:63)
    at org.apache.camel.impl.ProducerCache$1.doInProducer(ProducerCache.java:333)
    at org.apache.camel.impl.ProducerCache$1.doInProducer(ProducerCache.java:303)
    at org.apache.camel.impl.ProducerCache.doInProducer(ProducerCache.java:208)
    at org.apache.camel.impl.ProducerCache.sendExchange(ProducerCache.java:303)
    at org.apache.camel.impl.ProducerCache.send(ProducerCache.java:154)
    at org.apache.camel.impl.DefaultProducerTemplate.send(DefaultProducerTemplate.java:110)
    at org.apache.camel.impl.DefaultProducerTemplate.sendBody(DefaultProducerTemplate.java:123)
    at org.apache.camel.impl.DefaultProducerTemplate.sendBody(DefaultProducerTemplate.java:130)
    at org.apache.james.mailetcontainer.impl.camel.CamelMailetProcessor.service(CamelMailetProcessor.java:62)
    at org.apache.james.mailetcontainer.lib.AbstractStateCompositeProcessor.service(AbstractStateCompositeProcessor.java:99)
    at org.apache.james.mailetcontainer.impl.JamesMailSpooler$1.run(JamesMailSpooler.java:157)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
    at java.lang.Thread.run(Thread.java:662)
Caused by: java.security.cert.CertificateException: Unable to initialize, 
java.io.IOException: DerInputStream.getLength(): lengthTag=127, too big.
    at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:182)
    at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:90)
    at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:305)
    at org.nhindirect.stagent.trust.TrustChainValidator.downloadCertFromAIA(TrustChainValidator.java:451)
    ... 170 more
Caused by: java.io.IOException: DerInputStream.getLength(): lengthTag=127, too 
big.
    at sun.security.util.DerInputStream.getLength(DerInputStream.java:544)
    at sun.security.util.DerValue.<init>(DerValue.java:235)
    at sun.security.util.DerInputStream.getDerValue(DerInputStream.java:400)
    at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1709)
    at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:179)
    ... 173 more

What version of the product are you using? On what operating system?
2.0.1 on Linux (RHEL)

Please provide any additional information below.
As a work around the individual CAs can be added. This seems to only affect a 
chain which contains p7c.

Original issue reported on code.google.com by kasun.ta...@gmail.com on 10 Apr 2014 at 9:40

GoogleCodeExporter commented 8 years ago 
Issue has been validated.  Many CAs use PKCS7 packages as AIA extensions, and 
it is reasonable for the Java RI to support this format when resolving 
intermediate certificates.

Original comment by gm2...@cerner.com on 14 Apr 2014 at 2:31

GoogleCodeExporter commented 8 years ago 
Added support and test cases in new SNAPSHOT.  Please validate that the fix 
works for you.

https://oss.sonatype.org/content/repositories/snapshots/org/nhind/agent/2.1-SNAP
SHOT/agent-2.1-20140414.143309-2.jar

Original comment by gm2...@cerner.com on 14 Apr 2014 at 2:34

GoogleCodeExporter commented 8 years ago 
[deleted comment]
GoogleCodeExporter commented 8 years ago 
We initially thought that the process didnt continue after throwing the error 
but after further testing this wasnt the case. It was just a red herring.

Is there any reason why it would continue to process the emails ?

Original comment by kasun.ta...@gmail.com on 14 Apr 2014 at 9:39