0

I am using Spring Boot to process certificate and client postman to interact with service, assumption privatekey, publickey and certificate has been process decrypted, then using CertificateHelper getCertificate() function to parseX509Certificate

private List<Certificate> getCA(X509Certificate cert, Date tsp) {
    Security.addProvider(new BouncyCastleProvider());
    try {
        String cnIssuer = X500Name.asX500Name(cert.getIssuerX500Principal()).getCommonName();
        int xTry = 0;
        while ((resultCA == null || resultCA_C5 == null || resultCA_C3 == null || resultCA_v1 == null) && xTry <= 3) {
            LOGGER.info(LogSystem.getLog("TRY                :" + xTry, tsp, "LOG"));
            try {
                loadCAinit();
            } catch (KeyManagementException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            } catch (UnrecoverableKeyException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            } catch (CertificateException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            } catch (KeyStoreException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            } catch (NoSuchAlgorithmException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            } catch (NoSuchProviderException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }
            xTry++;
        }

        if (xTry > 3) {
            return null;
        }

        for (int i = 0; i < 4; i++) {
            List<Certificate> CACheck;
            if (i == 0) {
                CACheck = resultCA;
            } else if (i == 1) {
                CACheck = resultCA_C3;
            } else if (i == 2) {
                CACheck = resultCA_C5;
            } else {
                CACheck = resultCA_v1;
            }
            LOGGER.info(LogSystem.getLog("CA CHECK : " + CACheck.get(0).toString(), tsp, "LOG"));

            X509Certificate  certCA;
            try {
                LogSystem.info("Process getcertificate on certificate helper");
                certCA = (X509Certificate) CertificateHelper.getCertificate(CACheck.get(0).getCertificateData());
                LogSystem.info("End process getcertificate on certificate helper");

                String cnIssuerCheck = X500Name.asX500Name(certCA.getSubjectX500Principal()).getCommonName();
                System.out.println("         CA CN: " + cnIssuerCheck);
                System.out.println("User Issuer CN: " + cnIssuer);
                if (cnIssuer.equals(cnIssuerCheck)) {
                    LOGGER.info(LogSystem.getLog("DN CA:" + certCA.getSubjectDN().toString() + ", SN: " + certCA.getSerialNumber().toString(16).toUpperCase(), tsp, "LOG"));
                    LOGGER.info(LogSystem.getLog("DN User:" + cert.getSubjectDN().toString() + ", SN: " + cert.getSerialNumber().toString(16).toUpperCase(), tsp, "LOG"));
                    return CACheck;

                }
            } catch (CertificateException e) {
                // TODO Auto-generated catch block
                LOGGER.info(LogSystem.getLog("      CATCH 1", tsp,"LOG"));
                e.getCause();
                e.printStackTrace();
                System.out.println("asas");
            }

        }
        LOGGER.info(LogSystem.getLog("Issuer " + cnIssuer + " not found : " + cert.getIssuerDN(), tsp, "LOG"));
        System.out.println("asas");
    } catch (IOException e) {
        // TODO Auto-generated catch block
        LOGGER.info(LogSystem.getLog("      CATCH 2", tsp,"LOG"));
        e.printStackTrace();
        System.out.println("asas");
    }
    LOGGER.info(LogSystem.getLog("      RETURN NULL", tsp,"LOG"));
    System.out.println("asas");
    return null;
}

getCertificate() function on class CertificateHelper

package org.ejbca.core.protocol.ws.common;

import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import org.cesecore.util.Base64;
import org.cesecore.util.CertTools;

public class CertificateHelper {
    public static final String RESPONSETYPE_CERTIFICATE = "CERTIFICATE";
    public static final String RESPONSETYPE_PKCS7 = "PKCS7";
    public static final String RESPONSETYPE_PKCS7WITHCHAIN = "PKCS7WITHCHAIN";
    public static final int CERT_REQ_TYPE_PKCS10 = 0;
    public static final int CERT_REQ_TYPE_CRMF = 1;
    public static final int CERT_REQ_TYPE_SPKAC = 2;
    public static final int CERT_REQ_TYPE_PUBLICKEY = 3;

    public CertificateHelper() {
    }

    public static Certificate getCertificate(byte[] certificateData) throws CertificateException {
        Certificate retval = CertTools.getCertfromByteArray(Base64.decode(certificateData), Certificate.class);
        return retval;
    }

    public static byte[] getPKCS7(byte[] pkcs7Data) {
        return Base64.decode(pkcs7Data);
    }
}

on getCertificate() function call another class CertTools function getCertfromByteArray()

 public static <T extends Certificate> T getCertfromByteArray(byte[] cert, Class<T> returnType) throws CertificateParsingException {
        return getCertfromByteArray(cert, "BC", returnType);
    }

and detail function of getCertfromByteArray()

public static <T extends Certificate> T getCertfromByteArray(byte[] cert, String provider, Class<T> returnType) throws CertificateParsingException {
        T ret = null;
        String prov = provider;
        if (provider == null) {
            prov = "BC";
        }

        if (returnType.equals(X509Certificate.class)) {
            ret = parseX509Certificate(prov, cert);
        } else if (returnType.equals(CardVerifiableCertificate.class)) {
            ret = parseCardVerifiableCertificate(prov, cert);
        } else {
            try {
                ret = parseX509Certificate(prov, cert);
            } catch (CertificateParsingException var8) {
                try {
                    ret = parseCardVerifiableCertificate(prov, cert);
                } catch (CertificateParsingException var7) {
                    throw new CertificateParsingException("No certificate could be parsed from byte array. See debug logs for details.");
                }
            }
        }

        return (Certificate)ret;
    }
  • process on line 779 get log print
  • process on line 780 can't execution then client get returned response with http code 200
  • proses on line 781 not execution because on line 780

Postman response from Spring Boot

any suggestion why from line 780 give response to my postman with null body and http code success 200 ?

*Note class CertificateHelper and CertTools is library from official https://mvnrepository.com/artifact/org.ejbca

blinkbink
  • 89
  • 5
  • Because there is an exception, which you catch. So there is nothing to return (null body) but for the client there is no error (due to you swallowing the exception). – M. Deinum Sep 22 '21 at 11:15
  • But no error message print on log in any exception ? Which exception do you mean ? – blinkbink Sep 22 '21 at 13:15
  • You have a catch block which catches everything. You print out to the console soi that might endup anywhere (not even in the logs). The only scenario that is feasible is the one I described. – M. Deinum Sep 22 '21 at 13:26
  • The exception has edited, still nothing appears. *Note class CertificateHelper and CertTools is library from official https://mvnrepository.com/artifact/org.ejbca – blinkbink Sep 23 '21 at 02:39
  • What doesn't appear? It doesn't matter where the other classes come from. – M. Deinum Sep 23 '21 at 05:25
  • Check the server.log to see on the server side what error happened, you can usually see very well if there is an error on the server side, what the cause is, and what can be done about it (configuration issue for example). – primetomas Oct 11 '21 at 08:37

0 Answers0