search

zhuzengpeng / jscep

Automatically exported from code.google.com/p/jscep
MIT License
0 stars 0 forks source link

jscep 2.0-beta-1 - NullPointerException during enrolment #70

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Using the KeyStoreExampleClientTest example, I get a NullPointerException when 
I send the enrollment request (line 98 in the example).

Exception in thread "main" java.lang.NullPointerException
    at org.jscep.message.PkiMessageDecoder.decode(PkiMessageDecoder.java:86)
    at org.jscep.transaction.Transaction.decode(Transaction.java:92)
    at org.jscep.transaction.EnrollmentTransaction.send(EnrollmentTransaction.java:147)
    at org.jscep.client.Client.send(Client.java:606)
    at org.jscep.client.Client.enrol(Client.java:574)
    at org.jscep.client.Client.enrol(Client.java:530)
    at test.main(test.java:110)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at com.intellij.rt.execution.application.AppMain.main(AppMain.java:120)

The CA is Microsoft Certificate authority which shows the following event:-

 Log Name:      Application
Source:        Microsoft-Windows-CertificationAuthority
Date:          8/15/2012 12:57:23 PM
Event ID:      53
Task Category: None
Level:         Warning
Keywords:      Classic
User:          SYSTEM
Computer:      AMAZONA-G5SA335.VEDCLOUD.COM
Description:
Active Directory Certificate Services denied request 333 because The public key 
does not meet the minimum size required by the specified certificate template. 
0x80094811 (-2146875375).  The request was for CN=entity2.  Additional 
information: Denied by Policy Module
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-CertificationAuthority" Guid="{6A71D062-9AFE-4F35-AD08-52134F85DFB9}" EventSourceName="CertSvc" />
    <EventID Qualifiers="33370">53</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-08-15T12:57:23.000000000Z" />
    <EventRecordID>531315</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>AMAZONA-G5SA335.VEDCLOUD.COM</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData Name="MSG_DN_CERT_DENIED_WITH_INFO">
    <Data Name="RequestId">333</Data>
    <Data Name="Reason">The public key does not meet the minimum size required by the specified certificate template. 0x80094811 (-2146875375)</Data>
    <Data Name="SubjectName">CN=entity2</Data>
    <Data Name="AdditionalInformation">Denied by Policy Module</Data>
  </EventData>
</Event>

So I think the root of the issue is the key size does not match the size of the 
key thats defined by the MS CA policy. I would be nice if the response was a 
little nicer than a null pointer :-)

Original issue reported on code.google.com by carl.bou...@gmail.com on 15 Aug 2012 at 1:01

GoogleCodeExporter commented 9 years ago 
If you change the key size, does the call actually succeed?

Original comment by da...@grant.org.uk on 15 Aug 2012 at 1:03

GoogleCodeExporter commented 9 years ago 
If I change the key size the CA does issue the certificate correctly. So I can 
now see the newly issued cert on the SCEP server. However JSCEP still returns 
the following:

Exception in thread "main" java.lang.NullPointerException
    at org.jscep.message.PkiMessageDecoder.decode(PkiMessageDecoder.java:86)
    at org.jscep.transaction.Transaction.decode(Transaction.java:92)
    at org.jscep.transaction.EnrollmentTransaction.send(EnrollmentTransaction.java:147)
    at org.jscep.client.Client.send(Client.java:606)
    at org.jscep.client.Client.enrol(Client.java:574)
    at org.jscep.client.Client.enrol(Client.java:530)
    at test.main(test.java:123)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at com.intellij.rt.execution.application.AppMain.main(AppMain.java:120)

Original comment by carl.bou...@gmail.com on 15 Aug 2012 at 4:06

GoogleCodeExporter commented 9 years ago 
The 1.3 client was able to recognise the CERT_REQ_PENDING status the SCEP 
server could be polled.

Original comment by carl.bou...@gmail.com on 15 Aug 2012 at 4:08

GoogleCodeExporter commented 9 years ago 
This issue was closed by revision r1462.

Original comment by da...@grant.org.uk on 15 Aug 2012 at 7:06

GoogleCodeExporter commented 9 years ago

Original comment by da...@grant.org.uk on 21 Aug 2012 at 11:55