Keyfactor
NullPointerException while editing End Entity
I am using EJBCA 7.9.0.2 Community and am getting NullPointerException after I hit "Save" in End Entity edit page. This End Entity uses subAltNames (DNS Names).
Caused by: java.lang.NullPointerException
at org.cesecore.util.CertTools.isAllDNSNamesExcluded(CertTools.java:4746)
at org.cesecore.util.CertTools.checkNameConstraints(CertTools.java:4726)
at org.ejbca.core.ejb.ra.EndEntityManagementSessionBean.changeUser(EndEntityManagementSessionBean.java:930)
checkNameConstraints() has an explicit check for variable "excluded" not being null before executing bunch of code, however later it misses such check before invoking isAllDNSNamesExcluded(excluded), which by itself does not expect its parameter to be null.
I'm having the same issue, running CE 7.9.0.2 on WildFly 24.0.1, OpenJDK 11.0.16+8.
This bug is a bit of a show-stopper.
Working around the issue by creating the end entity on a different CA and then switching to the correct CA "works" for creation purposes but the certificate still can't be generated (same exception).
The issue exists whether using the "classic" admin and public interfaces or the new RA interface.
I think it is this issue (https://jira.primekey.se/browse/ECA-10763, which you can't access right now unfortunately). It is fixed in 7.9.1. I'll see what we can do to get that out.
Thanks for your prompt attention to this. We look forward to being able to issue certificates.
If 7.9.1 cannot be released, would it be possible to get a .diff patch or equivalent for this? Unfortunately, after we upgraded this specific scenario was not in our test suite (nor apparently in yours either) and we're well way past the point of no return in terms of rolling back.
@ecarlseen , as workaround I changed this line https://github.com/Keyfactor/ejbca-ce/blob/EJBCA_7_9_0_2_20220616/modules/cesecore-common/src/org/cesecore/util/CertTools.java#L4726 into
if (excluded != null && isAllDNSNamesExcluded(excluded)) {
Works for me, but I am not developer of this project, so use it on your own risk.
Thanks.
The updated code for next release looks like this:
// Check if we should exclude all dns names
private static boolean isAllDNSNamesExcluded(GeneralSubtree[] excluded) {
if (Objects.isNull(excluded)) {
return false;
}
for (int i = 0; i < excluded.length; i++) {
if (excluded[i].getBase().toString().equals("2: ")) {
return true;
}
}
return false;
}
Unfortunately it doesn't seem to like that code block.
[mkdir] Created dir: /opt/ejbca/ejbca_ce_7_9_0_2/modules/cesecore-common/build/classes
[javac] Compiling 464 source files to /opt/ejbca/ejbca_ce_7_9_0_2/modules/cesecore-common/build/classes
[javac] /opt/ejbca/ejbca_ce_7_9_0_2/modules/cesecore-common/src/org/cesecore/util/CertTools.java:4747: error: cannot find symbol
[javac] if (Objects.isNull(excluded)) {
[javac] ^
[javac] symbol: variable Objects
[javac] location: class CertTools
[javac] Note: Some input files use or override a deprecated API.
[javac] Note: Recompile with -Xlint:deprecation for details.
[javac] Note: Some input files use unchecked or unsafe operations.
[javac] Note: Recompile with -Xlint:unchecked for details.
[javac] 1 error
`
@ecarlseen , as workaround I changed this line https://github.com/Keyfactor/ejbca-ce/blob/EJBCA_7_9_0_2_20220616/modules/cesecore-common/src/org/cesecore/util/CertTools.java#L4726 into
if (excluded != null && isAllDNSNamesExcluded(excluded)) {Works for me, but I am not developer of this project, so use it on your own risk.
This appears to work for me so far. Knocking on wood like crazy.
That code will work fine as well, you can keep going with that.
For my code snippet, this line also need to be added in the beginning of the file.
import java.util.Objects;
Closing this issue as fixed, waiting for the new release will avoid using the workaround.