Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EJBCA Upgrade from 8.2 to 8.3 fail - Certificates disappear from RA web #731

Open
miguelarman opened this issue Dec 4, 2024 · 12 comments
Open

EJBCA Upgrade from 8.2 to 8.3 fail - Certificates disappear from RA web #731

miguelarman opened this issue Dec 4, 2024 · 12 comments
Labels
bug Something isn't working

Comments

@miguelarman
Copy link

I have a local installation of EJBCA CE in a local VM. It was running version 8.2.0.1 correctly. I tried to upgrade to 8.3.2 and it seemingly performed said upgrade correctly. However, when I went to the RA web, I could not see any certificates, no matter the filters I tried. I then went back to the 8.2.0.1 folder and after deploying it again, the certificates appeared, which means they are not removed in the database.

I tried to upgrade via the intermediate 8.3.1 version, which showed the same error.

I copied the configuration files from the previous folder, and no changes to the database were made. Plus, as I said the certificates are stored correctly it seems. No other error was found related to the database, PKCS11 or any other aspect I checked. The VM is running SLES 12.

In version 8.2.0.1:
image

In version 8.3.1:
image
@miguelarman miguelarman added the bug Something isn't working label Dec 4, 2024
@primetomas
Copy link
Collaborator

You should have some log records. https://docs.keyfactor.com/ejbca/8.3.2/troubleshooting-guide

@miguelarman
Copy link
Author

All I see in the log when I try to get the list of certificates is:

2024-12-04 14:19:56,134 DEBUG [org.cesecore.configuration.GlobalConfigurationSessionBean] (default task-29) Reading Configuration: AVAILABLE_PROTOCOLS
2024-12-04 14:19:56,137 DEBUG [org.cesecore.configuration.GlobalConfigurationSessionBean] (default task-29) No default GlobalConfiguration exists. Creating a new one.
2024-12-04 14:19:56,137 DEBUG [org.ejbca.util.ServiceControlFilter] (default task-29) Access to service RA Web is allowed. HTTP request https://localhost:8443/ejbca/ra/search_certs.xhtml is let through.
2024-12-04 14:19:56,176 DEBUG [org.ejbca.ra.RaSearchCertsBean] (default task-29) Wider criteria → Query
2024-12-04 14:19:56,211 DEBUG [org.cesecore.configuration.LogRedactionConfigurationCache] (default task-29) Updated LogRedactionConfigurationCache.
2024-12-04 14:19:56,228 DEBUG [org.ejbca.core.model.era.RaMasterApiSessionBean] (default task-29)  certificateProfileId: Any (even deleted) profile(s) due to root access.
2024-12-04 14:19:56,228 DEBUG [org.ejbca.core.model.era.RaMasterApiSessionBean] (default task-29)  endEntityProfileId: Any (even deleted) profile(s) due to root access.
2024-12-04 14:19:56,229 DEBUG [org.cesecore.configuration.GlobalConfigurationSessionBean] (default task-29) Reading Configuration: CESECORE_CONFIGURATION
2024-12-04 14:19:56,378 DEBUG [org.ejbca.core.model.era.RaMasterApiSessionBean] (default task-29) Certificate search query: page 1, page size 25, count 25 results. queryTimeout=10000ms
2024-12-04 14:19:56,382 DEBUG [org.cesecore.certificates.util.cert.SubjectDirAttrExtension] (default task-29) Search for SubjectDirectoryAttributes
2024-12-04 14:19:56,391 DEBUG [org.cesecore.certificates.util.cert.SubjectDirAttrExtension] (default task-29) Search for SubjectDirectoryAttributes
2024-12-04 14:19:56,409 DEBUG [org.cesecore.certificates.util.cert.SubjectDirAttrExtension] (default task-29) Search for SubjectDirectoryAttributes
2024-12-04 14:19:56,411 DEBUG [org.cesecore.certificates.util.cert.SubjectDirAttrExtension] (default task-29) Search for SubjectDirectoryAttributes
2024-12-04 14:19:56,416 DEBUG [org.cesecore.certificates.util.cert.SubjectDirAttrExtension] (default task-29) Search for SubjectDirectoryAttributes
2024-12-04 14:19:56,418 DEBUG [org.cesecore.certificates.util.cert.SubjectDirAttrExtension] (default task-29) Search for SubjectDirectoryAttributes
2024-12-04 14:19:56,419 DEBUG [org.cesecore.certificates.util.cert.SubjectDirAttrExtension] (default task-29) Search for SubjectDirectoryAttributes
2024-12-04 14:19:56,419 DEBUG [org.cesecore.certificates.util.cert.SubjectDirAttrExtension] (default task-29) Search for SubjectDirectoryAttributes
2024-12-04 14:19:56,422 WARNING [javax.enterprise.resource.webcontainer.jsf.lifecycle] (default task-29) /search_certs.xhtml @88,122 listener="#{raSearchCertsBean.searchAndFilterAjaxListener}": java.lang.NullPointerException: javax.el.ELException: /search_certs.xhtml @88,122 listener="#{raSearchCertsBean.searchAndFilterAjaxListener}": java.lang.NullPointerException
        at [email protected]//com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:71)
        at [email protected]//com.sun.faces.facelets.tag.jsf.core.AjaxBehaviorListenerImpl.processAjaxBehavior(AjaxHandler.java:403)
        at [email protected]//javax.faces.event.AjaxBehaviorEvent.processListener(AjaxBehaviorEvent.java:100)
        at [email protected]//javax.faces.component.behavior.BehaviorBase.broadcast(BehaviorBase.java:82)
        at [email protected]//javax.faces.component.UIComponentBase.broadcast(UIComponentBase.java:481)
        at [email protected]//javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:847)
        at [email protected]//javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1396)
        at [email protected]//com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:58)
        at [email protected]//com.sun.faces.lifecycle.Phase.doPhase(Phase.java:76)
        at [email protected]//com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:177)
        at [email protected]//javax.faces.webapp.FacesServlet.executeLifecyle(FacesServlet.java:707)
        at [email protected]//javax.faces.webapp.FacesServlet.service(FacesServlet.java:451)
        at [email protected]//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
        at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
        at io.opentracing.contrib.opentracing-jaxrs2//io.opentracing.contrib.jaxrs2.server.SpanFinishingFilter.doFilter(SpanFinishingFilter.java:52)
        at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
        at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
        at deployment.ejbca.ear.ra-gui.war//org.ejbca.ra.jsfext.RequestControlFilter.doFilter(RequestControlFilter.java:180)
        at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
        at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
        at deployment.ejbca.ear.ra-gui.war//org.ejbca.ra.jsfext.NoCacheFilter.doFilter(NoCacheFilter.java:68)
        at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
        at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
        at deployment.ejbca.ear//org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:137)
        at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
        at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
        at deployment.ejbca.ear//org.ejbca.util.ServiceControlFilter.doFilter(ServiceControlFilter.java:147)
        at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
        at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
        at [email protected]//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
        at [email protected]//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
        at [email protected]//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
        at [email protected]//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
        at [email protected]//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
        at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at [email protected]//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
        at [email protected]//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117)
        at [email protected]//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
        at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at [email protected]//io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
        at [email protected]//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
        at [email protected]//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
        at [email protected]//io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
        at [email protected]//io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
        at [email protected]//io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
        at [email protected]//io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
        at [email protected]//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
        at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at [email protected]//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
        at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at [email protected]//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
        at [email protected]//io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52)
        at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269)
        at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78)
        at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133)
        at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130)
        at [email protected]//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
        at [email protected]//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
        at [email protected]//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
        at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1535)
        at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1535)
        at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1535)
        at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1535)
        at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1535)
        at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)
        at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78)
        at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99)
        at [email protected]//io.undertow.server.Connectors.executeRootHandler(Connectors.java:387)
        at [email protected]//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:841)
        at [email protected]//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
        at [email protected]//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
        at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
        at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
        at [email protected]//org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1280)
        at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: java.lang.NullPointerException
        at deployment.ejbca.ear//com.keyfactor.util.crypto.algorithm.AlgorithmTools.getKeyAlgorithm(AlgorithmTools.java:245)
        at deployment.ejbca.ear.ra-gui.war//org.ejbca.ra.RaCertificateDetails.reInitialize(RaCertificateDetails.java:305)
        at deployment.ejbca.ear.ra-gui.war//org.ejbca.ra.RaCertificateDetails.<init>(RaCertificateDetails.java:212)
        at deployment.ejbca.ear.ra-gui.war//org.ejbca.ra.RaSearchCertsBean.filterTransformSort(RaSearchCertsBean.java:320)
        at deployment.ejbca.ear.ra-gui.war//org.ejbca.ra.RaSearchCertsBean.searchForCertificates(RaSearchCertsBean.java:254)
        at deployment.ejbca.ear.ra-gui.war//org.ejbca.ra.RaSearchCertsBean.searchAndFilterCommon(RaSearchCertsBean.java:241)
        at deployment.ejbca.ear.ra-gui.war//org.ejbca.ra.RaSearchCertsBean.searchAndFilterAjaxListener(RaSearchCertsBean.java:208)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:566)
        at [email protected]//com.sun.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:153)
        at [email protected]//com.sun.el.parser.AstValue.invoke(AstValue.java:261)
        at [email protected]//com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:237)
        at [email protected]//org.jboss.weld.module.web.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40)
        at [email protected]//org.jboss.weld.module.web.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50)
        at [email protected]//org.jboss.weld.module.web.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40)
        at [email protected]//org.jboss.weld.module.web.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50)
        at [email protected]//com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:65)
        ... 75 more

2024-12-04 14:19:56,425 DEBUG [org.ejbca.ra.jsfext.RaExceptionHandlerFactory$RaExceptionHandler] (default task-29) Adding throwable NullPointerException: null
2024-12-04 14:19:56,508 DEBUG [org.ejbca.ra.jsfext.RaExceptionHandlerFactory$RaExceptionHandler] (default task-29) Adding throwable IndexOutOfBoundsException: Index 0 out of bounds for length 0
2024-12-04 14:19:56,510 DEBUG [org.ejbca.ra.jsfext.RaExceptionHandlerFactory$RaExceptionHandler] (default task-29) Additional ExceptionHandler invocation during same round trip...
2024-12-04 14:19:56,615 DEBUG [org.ejbca.ra.RaErrorBean] (default task-29) Client got the following error message: Index 0 out of bounds for length 0: java.lang.IndexOutOfBoundsException: Index 0 out of bounds for length 0
        at java.base/jdk.internal.util.Preconditions.outOfBounds(Preconditions.java:64)
        at java.base/jdk.internal.util.Preconditions.outOfBoundsCheckIndex(Preconditions.java:70)
        at java.base/jdk.internal.util.Preconditions.checkIndex(Preconditions.java:248)
        at java.base/java.util.Objects.checkIndex(Objects.java:372)
        at java.base/java.util.ArrayList.get(ArrayList.java:459)
        at [email protected]//javax.faces.component.AttachedObjectListHolder.restoreState(AttachedObjectListHolder.java:146)
        at [email protected]//javax.faces.component.UIComponentBase.restoreState(UIComponentBase.java:1228)
        at [email protected]//com.sun.faces.application.view.FaceletPartialStateManagementStrategy$2.visit(FaceletPartialStateManagementStrategy.java:372)
        at [email protected]//com.sun.faces.component.visit.FullVisitContext.invokeVisitCallback(FullVisitContext.java:127)
        at [email protected]//javax.faces.component.UIComponent.visitTree(UIComponent.java:1456)
        at [email protected]//javax.faces.component.UIComponent.visitTree(UIComponent.java:1468)
        at [email protected]//javax.faces.component.UIComponent.visitTree(UIComponent.java:1468)
        at [email protected]//com.sun.faces.application.view.FaceletPartialStateManagementStrategy.restoreView(FaceletPartialStateManagementStrategy.java:358)
        at [email protected]//com.sun.faces.application.StateManagerImpl.restoreView(StateManagerImpl.java:113)
        at [email protected]//com.sun.faces.application.view.ViewHandlingStrategy.restoreView(ViewHandlingStrategy.java:99)
        at [email protected]//com.sun.faces.application.view.FaceletViewHandlingStrategy.restoreView(FaceletViewHandlingStrategy.java:272)
        at [email protected]//com.sun.faces.application.view.MultiViewHandler.restoreView(MultiViewHandler.java:133)
        at [email protected]//javax.faces.application.ViewHandlerWrapper.restoreView(ViewHandlerWrapper.java:101)
        at [email protected]//javax.faces.application.ViewHandlerWrapper.restoreView(ViewHandlerWrapper.java:101)
        at [email protected]//com.sun.faces.lifecycle.RestoreViewPhase.execute(RestoreViewPhase.java:181)
        at [email protected]//com.sun.faces.lifecycle.Phase.doPhase(Phase.java:76)
        at [email protected]//com.sun.faces.lifecycle.RestoreViewPhase.doPhase(RestoreViewPhase.java:110)
        at [email protected]//com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:177)
        at [email protected]//javax.faces.webapp.FacesServlet.executeLifecyle(FacesServlet.java:707)
        at [email protected]//javax.faces.webapp.FacesServlet.service(FacesServlet.java:451)
        at [email protected]//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
        at [email protected]//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:81)
        at [email protected]//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
        at [email protected]//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
        at [email protected]//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
        at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at [email protected]//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
        at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:251)
        at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.dispatchToPath(ServletInitialHandler.java:186)
        at [email protected]//io.undertow.servlet.spec.RequestDispatcherImpl.forwardImpl(RequestDispatcherImpl.java:227)
        at [email protected]//io.undertow.servlet.spec.RequestDispatcherImpl.forwardImplSetup(RequestDispatcherImpl.java:149)
        at [email protected]//io.undertow.servlet.spec.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:111)
        at [email protected]//com.sun.faces.context.ExternalContextImpl.dispatch(ExternalContextImpl.java:700)
        at deployment.ejbca.ear.ra-gui.war//org.ejbca.ra.jsfext.RaExceptionHandlerFactory$RaExceptionHandler.handle(RaExceptionHandlerFactory.java:100)
        at [email protected]//com.sun.faces.lifecycle.Phase.doPhase(Phase.java:94)
        at [email protected]//com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:177)
        at [email protected]//javax.faces.webapp.FacesServlet.executeLifecyle(FacesServlet.java:707)
        at [email protected]//javax.faces.webapp.FacesServlet.service(FacesServlet.java:451)
        at [email protected]//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
        at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
        at io.opentracing.contrib.opentracing-jaxrs2//io.opentracing.contrib.jaxrs2.server.SpanFinishingFilter.doFilter(SpanFinishingFilter.java:52)
        at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
        at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
        at deployment.ejbca.ear.ra-gui.war//org.ejbca.ra.jsfext.RequestControlFilter.doFilter(RequestControlFilter.java:180)
        at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
        at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
        at deployment.ejbca.ear.ra-gui.war//org.ejbca.ra.jsfext.NoCacheFilter.doFilter(NoCacheFilter.java:68)
        at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
        at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
        at deployment.ejbca.ear//org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:137)
        at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
        at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
        at deployment.ejbca.ear//org.ejbca.util.ServiceControlFilter.doFilter(ServiceControlFilter.java:147)
        at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
        at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
        at [email protected]//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
        at [email protected]//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
        at [email protected]//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
        at [email protected]//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
        at [email protected]//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
        at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at [email protected]//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
        at [email protected]//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117)
        at [email protected]//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
        at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at [email protected]//io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
        at [email protected]//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
        at [email protected]//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
        at [email protected]//io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
        at [email protected]//io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
        at [email protected]//io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
        at [email protected]//io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
        at [email protected]//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
        at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at [email protected]//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
        at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at [email protected]//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
        at [email protected]//io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52)
        at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269)
        at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78)
        at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133)
        at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130)
        at [email protected]//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
        at [email protected]//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
        at [email protected]//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
        at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1535)
        at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1535)
        at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1535)
        at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1535)
        at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1535)
        at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)
        at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78)
        at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99)
        at [email protected]//io.undertow.server.Connectors.executeRootHandler(Connectors.java:387)
        at [email protected]//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:841)
        at [email protected]//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
        at [email protected]//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
        at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
        at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
        at [email protected]//org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1280)
        at java.base/java.lang.Thread.run(Thread.java:829)

2024-12-04 14:19:56,643 DEBUG [org.ejbca.ra.RaErrorBean] (default task-29) Client got the following error message: null: java.lang.NullPointerException
        at deployment.ejbca.ear//com.keyfactor.util.crypto.algorithm.AlgorithmTools.getKeyAlgorithm(AlgorithmTools.java:245)
        at deployment.ejbca.ear.ra-gui.war//org.ejbca.ra.RaCertificateDetails.reInitialize(RaCertificateDetails.java:305)
        at deployment.ejbca.ear.ra-gui.war//org.ejbca.ra.RaCertificateDetails.<init>(RaCertificateDetails.java:212)
        at deployment.ejbca.ear.ra-gui.war//org.ejbca.ra.RaSearchCertsBean.filterTransformSort(RaSearchCertsBean.java:320)
        at deployment.ejbca.ear.ra-gui.war//org.ejbca.ra.RaSearchCertsBean.searchForCertificates(RaSearchCertsBean.java:254)
        at deployment.ejbca.ear.ra-gui.war//org.ejbca.ra.RaSearchCertsBean.searchAndFilterCommon(RaSearchCertsBean.java:241)
        at deployment.ejbca.ear.ra-gui.war//org.ejbca.ra.RaSearchCertsBean.searchAndFilterAjaxListener(RaSearchCertsBean.java:208)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:566)
        at [email protected]//com.sun.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:153)
        at [email protected]//com.sun.el.parser.AstValue.invoke(AstValue.java:261)
        at [email protected]//com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:237)
        at [email protected]//org.jboss.weld.module.web.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40)
        at [email protected]//org.jboss.weld.module.web.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50)
        at [email protected]//org.jboss.weld.module.web.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40)
        at [email protected]//org.jboss.weld.module.web.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50)
        at [email protected]//com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:65)
        at [email protected]//com.sun.faces.facelets.tag.jsf.core.AjaxBehaviorListenerImpl.processAjaxBehavior(AjaxHandler.java:403)
        at [email protected]//javax.faces.event.AjaxBehaviorEvent.processListener(AjaxBehaviorEvent.java:100)
        at [email protected]//javax.faces.component.behavior.BehaviorBase.broadcast(BehaviorBase.java:82)
        at [email protected]//javax.faces.component.UIComponentBase.broadcast(UIComponentBase.java:481)
        at [email protected]//javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:847)
        at [email protected]//javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1396)
        at [email protected]//com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:58)
        at [email protected]//com.sun.faces.lifecycle.Phase.doPhase(Phase.java:76)
        at [email protected]//com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:177)
        at [email protected]//javax.faces.webapp.FacesServlet.executeLifecyle(FacesServlet.java:707)
        at [email protected]//javax.faces.webapp.FacesServlet.service(FacesServlet.java:451)
        at [email protected]//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
        at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
        at io.opentracing.contrib.opentracing-jaxrs2//io.opentracing.contrib.jaxrs2.server.SpanFinishingFilter.doFilter(SpanFinishingFilter.java:52)
        at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
        at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
        at deployment.ejbca.ear.ra-gui.war//org.ejbca.ra.jsfext.RequestControlFilter.doFilter(RequestControlFilter.java:180)
        at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
        at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
        at deployment.ejbca.ear.ra-gui.war//org.ejbca.ra.jsfext.NoCacheFilter.doFilter(NoCacheFilter.java:68)
        at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
        at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
        at deployment.ejbca.ear//org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:137)
        at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
        at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
        at deployment.ejbca.ear//org.ejbca.util.ServiceControlFilter.doFilter(ServiceControlFilter.java:147)
        at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
        at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
        at [email protected]//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
        at [email protected]//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
        at [email protected]//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
        at [email protected]//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
        at [email protected]//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
        at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at [email protected]//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
        at [email protected]//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117)
        at [email protected]//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
        at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at [email protected]//io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
        at [email protected]//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
        at [email protected]//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
        at [email protected]//io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
        at [email protected]//io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
        at [email protected]//io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
        at [email protected]//io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
        at [email protected]//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
        at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at [email protected]//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
        at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at [email protected]//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
        at [email protected]//io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52)
        at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269)
        at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78)
        at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133)
        at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130)
        at [email protected]//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
        at [email protected]//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
        at [email protected]//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
        at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1535)
        at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1535)
        at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1535)
        at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1535)
        at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1535)
        at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)
        at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78)
        at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99)
        at [email protected]//io.undertow.server.Connectors.executeRootHandler(Connectors.java:387)
        at [email protected]//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:841)
        at [email protected]//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
        at [email protected]//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
        at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
        at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
        at [email protected]//org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1280)
        at java.base/java.lang.Thread.run(Thread.java:829)

@primetomas
Copy link
Collaborator

Looks like an algorithmissue with some certificate. What types of certificates and algorithms are you using in these certificates?

@primetomas
Copy link
Collaborator

primetomas commented Dec 4, 2024
edited
Loading

Looks like the certificate has either no public key, at least certificate.getPublicKey returns null.

@miguelarman
Copy link
Author

I had a test CA created in the previous versions that introduced PQC algorithms. But I removed it as well as the cryptotoken and it is not shown.
I found that accessing the RA web with the SuperAdmin.p12 encounters this error (the log message stays the same), but accessing with a more specific auditor certificate recovers the certificate list with no problem.
image
The log file now shows:

2024-12-05 07:50:23,324 DEBUG [org.ejbca.util.ServiceControlFilter] (default task-11) Access to service RA Web is allowed. HTTP request https://localhost:8443/ejbca/ra/search_certs.xhtml is let through.
2024-12-05 07:50:23,638 DEBUG [org.cesecore.config.CesecoreConfiguration] (default task-11) Using default value of 20 for new CA's ca.serialnumberoctetsize
2024-12-05 07:50:23,647 DEBUG [org.cesecore.certificates.ca.CAData] (default task-11) CAData.getProtectString gives size: 11332
2024-12-05 07:50:23,653 DEBUG [org.cesecore.config.CesecoreConfiguration] (default task-11) Using default value of 20 for new CA's ca.serialnumberoctetsize
2024-12-05 07:50:23,674 DEBUG [org.cesecore.internal.CommonCacheBase] (default task-11) Update not needed X509CAImpl in cache. Digest was 317476573, cacheEntry digest was 317476573
2024-12-05 07:50:23,693 DEBUG [org.cesecore.authorization.AuthorizationSessionBean] (default task-11) Authorization failed for CN=****** of type X509CertificateAuthenticationToken for resource /ra_functionality/approve_end_entity
2024-12-05 07:50:23,694 DEBUG [org.cesecore.authorization.AuthorizationSessionBean] (default task-11) Authorization failed for CN=****** of type X509CertificateAuthenticationToken for resource /ca_functionality/approve_caaction
2024-12-05 07:50:23,694 DEBUG [org.cesecore.authorization.AuthorizationSessionBean] (default task-11) Authorization failed for CN=****** of type X509CertificateAuthenticationToken for resource /ra_functionality/view_approvals
2024-12-05 07:50:23,707 DEBUG [org.cesecore.authorization.AuthorizationSessionBean] (default task-11) Authorization failed for CN=****** of type X509CertificateAuthenticationToken for resource /ra_functionality/approve_end_entity
2024-12-05 07:50:23,713 DEBUG [org.cesecore.authorization.AuthorizationSessionBean] (default task-11) Authorization failed for CN=****** of type X509CertificateAuthenticationToken for resource /ca_functionality/approve_caaction
2024-12-05 07:50:23,726 DEBUG [org.cesecore.authorization.AuthorizationSessionBean] (default task-11) Authorization failed for CN=****** of type X509CertificateAuthenticationToken for resource /ra_functionality/view_approvals
2024-12-05 07:50:23,775 DEBUG [org.cesecore.authorization.AuthorizationSessionBean] (default task-11) Authorization failed for CN=****** of type X509CertificateAuthenticationToken for resource /ra_functionality/approve_end_entity
2024-12-05 07:50:23,775 DEBUG [org.cesecore.authorization.AuthorizationSessionBean] (default task-11) Authorization failed for CN=****** of type X509CertificateAuthenticationToken for resource /ca_functionality/approve_caaction
2024-12-05 07:50:23,776 DEBUG [org.cesecore.authorization.AuthorizationSessionBean] (default task-11) Authorization failed for CN=****** of type X509CertificateAuthenticationToken for resource /ra_functionality/view_approvals
2024-12-05 07:50:23,778 DEBUG [org.ejbca.ra.RaSearchCertsBean] (default task-11) Wider criteria → Query
2024-12-05 07:50:23,784 DEBUG [org.cesecore.certificates.ca.internal.CaIDCacheBean] (default task-11) Loading CA ID cache from database
2024-12-05 07:50:23,795 DEBUG [org.cesecore.authorization.AuthorizationSessionBean] (default task-11) Authorization failed for CN=****** of type X509CertificateAuthenticationToken for resource /ca/1150675605
2024-12-05 07:50:23,801 DEBUG [org.cesecore.certificates.ca.CaSessionBean] (default task-11) Administrator 'CN=******' not authorized to CA 1150675605.
2024-12-05 07:50:23,842 DEBUG [org.cesecore.config.CesecoreConfiguration] (default task-11) Using default value of 20 for new CA's ca.serialnumberoctetsize
2024-12-05 07:50:23,856 DEBUG [org.cesecore.certificates.ca.CAData] (default task-11) CAData.getProtectString gives size: 11407
2024-12-05 07:50:23,877 DEBUG [org.cesecore.config.CesecoreConfiguration] (default task-11) Using default value of 20 for new CA's ca.serialnumberoctetsize
2024-12-05 07:50:23,883 DEBUG [org.cesecore.internal.CommonCacheBase] (default task-11) Update not needed X509CAImpl in cache. Digest was 1332774856, cacheEntry digest was 1332774856
2024-12-05 07:50:23,916 DEBUG [org.cesecore.config.CesecoreConfiguration] (default task-11) Using default value of 20 for new CA's ca.serialnumberoctetsize
2024-12-05 07:50:23,922 DEBUG [org.cesecore.certificates.ca.CAData] (default task-11) CAData.getProtectString gives size: 14680
2024-12-05 07:50:23,925 DEBUG [org.cesecore.config.CesecoreConfiguration] (default task-11) Using default value of 20 for new CA's ca.serialnumberoctetsize
2024-12-05 07:50:23,956 DEBUG [org.cesecore.internal.CommonCacheBase] (default task-11) Update not needed X509CAImpl in cache. Digest was 1432902223, cacheEntry digest was 1432902223
2024-12-05 07:50:23,964 DEBUG [org.cesecore.authorization.AuthorizationSessionBean] (default task-11) Authorization failed for CN=****** of type X509CertificateAuthenticationToken for resource /ca/1150675605
2024-12-05 07:50:23,965 DEBUG [org.cesecore.certificates.ca.CaSessionBean] (default task-11) Administrator 'CN=******' not authorized to CA 1150675605.
2024-12-05 07:50:23,966 DEBUG [org.cesecore.authorization.AuthorizationSessionBean] (default task-11) Authorization failed for CN=****** of type X509CertificateAuthenticationToken for resource /
2024-12-05 07:50:24,102 DEBUG [org.cesecore.authorization.AuthorizationSessionBean] (default task-11) Authorization failed for CN=****** of type X509CertificateAuthenticationToken for resource /ca/1150675605
2024-12-05 07:50:24,130 DEBUG [org.cesecore.certificates.ca.CaSessionBean] (default task-11) Administrator 'CN=******' not authorized to CA 1150675605.
2024-12-05 07:50:24,134 DEBUG [org.cesecore.authorization.AuthorizationSessionBean] (default task-11) Authorization failed for CN=****** of type X509CertificateAuthenticationToken for resource /
2024-12-05 07:50:24,134 DEBUG [org.cesecore.authorization.AuthorizationSessionBean] (default task-11) Authorization failed for CN=****** of type X509CertificateAuthenticationToken for resource /endentityprofilesrules/1/view_end_entity
2024-12-05 07:50:24,158 DEBUG [org.cesecore.configuration.LogRedactionConfigurationCache] (default task-11) Updated LogRedactionConfigurationCache.
2024-12-05 07:50:24,163 DEBUG [org.cesecore.authorization.AuthorizationSessionBean] (default task-11) Authorization failed for CN=****** of type X509CertificateAuthenticationToken for resource /endentityprofilesrules/1311857187/view_end_entity
2024-12-05 07:50:24,184 DEBUG [org.cesecore.authorization.AuthorizationSessionBean] (default task-11) Authorization failed for CN=****** of type X509CertificateAuthenticationToken for resource /endentityprofilesrules/209584248/view_end_entity
2024-12-05 07:50:24,187 DEBUG [org.cesecore.authorization.AuthorizationSessionBean] (default task-11) Authorization failed for CN=****** of type X509CertificateAuthenticationToken for resource /endentityprofilesrules/399692837/view_end_entity
2024-12-05 07:50:24,188 DEBUG [org.cesecore.authorization.AuthorizationSessionBean] (default task-11) Authorization failed for CN=****** of type X509CertificateAuthenticationToken for resource /endentityprofilesrules/2035134746/view_end_entity
2024-12-05 07:50:24,188 DEBUG [org.cesecore.authorization.AuthorizationSessionBean] (default task-11) Authorization failed for CN=****** of type X509CertificateAuthenticationToken for resource /endentityprofilesrules/1713887038/view_end_entity
2024-12-05 07:50:24,188 DEBUG [org.cesecore.authorization.AuthorizationSessionBean] (default task-11) Authorization failed for CN=****** of type X509CertificateAuthenticationToken for resource /endentityprofilesrules/1916405792/view_end_entity
2024-12-05 07:50:24,188 DEBUG [org.ejbca.core.model.era.RaMasterApiSessionBean] (default task-11)  issuerDN: [CN=ROOT CA, CN=SUB CA]
2024-12-05 07:50:24,189 DEBUG [org.ejbca.core.model.era.RaMasterApiSessionBean] (default task-11)  certificateProfileId: [1, 4, 9, 2, 3, 72512353, 1546606952, 1417570774, 317627767, 244507384, 1465296029, 1469081676, 1012676130]
2024-12-05 07:50:24,189 DEBUG [org.ejbca.core.model.era.RaMasterApiSessionBean] (default task-11)  endEntityProfileId: [1823312940]
2024-12-05 07:50:24,189 DEBUG [org.cesecore.configuration.GlobalConfigurationSessionBean] (default task-11) Reading Configuration: CESECORE_CONFIGURATION
2024-12-05 07:50:24,376 DEBUG [org.ejbca.core.model.era.RaMasterApiSessionBean] (default task-11) Certificate search query: page 1, page size 25, count 6 results. queryTimeout=10000ms
2024-12-05 07:50:24,377 DEBUG [org.cesecore.certificates.util.cert.SubjectDirAttrExtension] (default task-11) Search for SubjectDirectoryAttributes
2024-12-05 07:50:24,380 DEBUG [org.cesecore.certificates.util.cert.SubjectDirAttrExtension] (default task-11) Search for SubjectDirectoryAttributes
2024-12-05 07:50:24,381 DEBUG [org.cesecore.certificates.util.cert.SubjectDirAttrExtension] (default task-11) Search for SubjectDirectoryAttributes
2024-12-05 07:50:24,392 DEBUG [org.cesecore.certificates.util.cert.SubjectDirAttrExtension] (default task-11) Search for SubjectDirectoryAttributes
2024-12-05 07:50:24,393 DEBUG [org.cesecore.certificates.util.cert.SubjectDirAttrExtension] (default task-11) Search for SubjectDirectoryAttributes
2024-12-05 07:50:24,404 DEBUG [org.cesecore.certificates.util.cert.SubjectDirAttrExtension] (default task-11) Search for SubjectDirectoryAttributes
2024-12-05 07:50:24,409 DEBUG [org.ejbca.ra.RaSearchCertsBean] (default task-11) Filtered 6 responses down to 6 results.
2024-12-05 07:50:24,510 DEBUG [org.cesecore.authorization.AuthorizationSessionBean] (default task-11) Authorization failed for CN=****** of type X509CertificateAuthenticationToken for resource /ra_functionality/approve_end_entity
2024-12-05 07:50:24,516 DEBUG [org.cesecore.authorization.AuthorizationSessionBean] (default task-11) Authorization failed for CN=****** of type X509CertificateAuthenticationToken for resource /ca_functionality/approve_caaction
2024-12-05 07:50:24,516 DEBUG [org.cesecore.authorization.AuthorizationSessionBean] (default task-11) Authorization failed for CN=****** of type X509CertificateAuthenticationToken for resource /ra_functionality/view_approvals

The ID of the CA that it says is not authorized is the TECHNICAL_CA

@primetomas
Copy link
Collaborator

Great, that's what I though and hoped for. You also have to go into the database and delete those certificates then.
Something like:
delete from CertificateData where issuerDN='<the subjectDN of the CA'>;

To make sure you enter the "subjectDN of the CA" in exactly the right format. You can look it up based on some usernames you know.
select username,subjectDN,issuerDN from CertificateData where username like '%test%';

@miguelarman
Copy link
Author

miguelarman commented Dec 5, 2024
edited
Loading

I previously deleted from the Database in the tables CAData and CryptoTokenData, and that is when I opened the issue.
I have now also deleted from the table CertificateData, as you pointed out the CA certificates were in fact there. I also removed a end entity certificate I created with said CAs from the certificatedata and the userdata tables. I checked no CAs, CryptoTokens or Certificates related to said CAs appear in the database.
However, the issue still persists and the log error message is the same.

@primetomas
Copy link
Collaborator

Are there any specific certificates you are searching for? Can you search in the Admin UI to try to identify the certificate that causes the problem?

@miguelarman
Copy link
Author

No, I am not searching for anything specific. No matter what I write in the textfield (or even blank) results in no certificates shown for SuperAdmin while the other user gets some results
I deleted all PQC CAs and all Certificates issued by them

@primetomas
Copy link
Collaborator

If it is related to SuperAdmin, can you search for superadmin in the Admin UI (RA->Search End entities) and look at the certificates there.

@miguelarman
Copy link
Author

miguelarman commented Dec 5, 2024
edited
Loading

Accessing with superadmin is the problem in the new version. I can see one old expired superadmin certificate and a newer one from early this year.
But it's the "search certificate" site that does not show any result

@primetomas
Copy link
Collaborator

I'm not sure I understand this. Can you show some screenshots?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@miguelarman @primetomas