jotraverso / jscep

Automatically exported from code.google.com/p/jscep
MIT License
0 stars 0 forks source link

X509CertificateTupleFactory chooses incorrect encryption certificate for NDES server #53

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?

1. Compile jSCEP trunk (r1320)

2. Stand up a Microsoft NDES server.

3A. Apply the FixCaCapabilities patch to fix the NPE in Ca Capabilities 
Handler; or
3B. Apply the Microsoft Hotfix (KB - I have not been able to download this so 
it remains untested)

4. Create a jSCEP client and enrol for a certificate (as per jSCEP samples).

What is the expected output? What do you see instead?

Expect:
  PENDING or ISSUED depending on Microsoft CA configuration.

Instead:
  CERT_NON_EXISTENT with FailureInfo "badMessageCheck". 
  NDES log indicates that the P7 couldn't be decrypted.

What version of the product are you using? On what operating system?

jSCEP trunk (r1320)
NDES - as provided, unpatched Windows Server 2008 R2

Please provide any additional information below.

* Patches created using svn diff
* Patch, ChooseCorrectNDESEncryptionCert.patch, fixes this issue as described. 

* Attached patches have been tested in integration, but unit tests have not 
been run. Suggest updating keystore unit test also.

Original issue reported on code.google.com by psychodr...@gmail.com on 23 Aug 2011 at 7:59

Attachments:

GoogleCodeExporter commented 9 years ago

Original comment by da...@grant.org.uk on 23 Aug 2011 at 8:10

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
I've run the unit tests. They failed due to a typo.
Re-tested integration with NDES and fixed another typo.

Doing well today. Unit tests and integration passed. 

New patch attached.

Original comment by psychodr...@gmail.com on 24 Aug 2011 at 12:45

Attachments:

GoogleCodeExporter commented 9 years ago
Thanks for the patch!  I'll probably switch the order of the keyEncipherment 
and dataEncipherment selection so we fall back to data instead.

Original comment by da...@grant.org.uk on 24 Aug 2011 at 7:37

GoogleCodeExporter commented 9 years ago
This issue was closed by revision r1329.

Original comment by da...@grant.org.uk on 19 Jan 2012 at 8:09

GoogleCodeExporter commented 9 years ago

Original comment by da...@grant.org.uk on 21 Aug 2012 at 11:58