DDvO
commented
2 years ago I meanwhile suppose that this i just an instance of #3?
Closed DDvO closed 2 years ago
DDvO
commented
2 years ago I meanwhile suppose that this i just an instance of #3?
Akretsch
commented
2 years ago Please re-test with https://github.com/siemens/LightweightCmpRa/commit/3ee544ae788a971a8af23b5474c7772484829669 or later
DDvO
commented
2 years ago This has now improved to could not properly process certificate response: java.lang.NullPointerException
which is no more misleading, but still rather vague.
Please make more concrete, e.g., missing key management technique for certificate response on central key generation
`
Akretsch
commented
2 years ago Maybe the Exception backtrace in the log helps a little bit.
DDvO
commented
2 years ago On missing SignatureCredentials, the server-side backtrace now contains:
at com.siemens.pki.cmpracomponent.cryptoservices.BaseCredentialService.getSignatureAlgorithmName(BaseCredentialService.java:58)...
On missing PasswordContext, the backtrace now contains:
WARN com.siemens.pki.cmpracomponent.msgprocessing.RaDownstream - could not properly process certificate response
java.lang.NullPointerException
at com.siemens.pki.cmpracomponent.cryptoservices.PasswordEncryptor.<init>(PasswordEncryptor.java:48)... Still, this does not help the client side, because it needs to know what the server does not support the required key management technique for CKG.
DDvO
commented
2 years ago So I suggest, e.g., support for key management technique XY is not configured for central key generation
Akretsch
commented
2 years ago fixed in 8f886d86ba9f82ad6a0764dc5b3df9ae79310644
When the client request leads to, e.g., password-based key encryption but this is not enabled in the config, the error given is, e.g.,
downstream: could not validate enrolled certificate: null.