FUSE ESB
  1. FUSE ESB
  2. ESB-1734

No error log if the certificate is not valid

    Details

    • Type: Enhancement Enhancement
    • Status: Resolved Resolved
    • Priority: Major Major
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Similar Issues:
      Show 8 results 

      Description

      If bundles are signed with an invalid or already expired certificate the certificate will be revoked but there is no log entry because it's not implemented.

      See TODO in
      org/apache/felix/framework/security/verifier/BundleDNParser.java line 445 which catches the CertificateException without any logging.

      417     private void getRootChains(Certificate[] certificates, List chains,
      418         boolean check)
      419     {
      420         List chain = new ArrayList();
      421 
      422         boolean revoked = false;
      423 
      424         for (int i = 0; i < certificates.length - 1; i++)
      425         {
      426             X509Certificate certificate = (X509Certificate) certificates[i];
      427 
      428             if (!revoked && isRevoked(certificate))
      429             {
      430                 revoked = true;
      431             }
      432             if (!check || !revoked)
      433             {
      434                 try
      435                 {
      436                     if (check)
      437                     {
      438                         certificate.checkValidity();
      439                     }
      440 
      441                     chain.add(certificate);
      442                 }
      443                 catch (CertificateException ex)
      444                 {
      445                     // TODO: log this or something
      446                     revoked = true;
      447                 }
      448             }
      

      It's hard to find the problem why a BundleSignerCondition is not applied to your bundle when nobody tells you that the certificate of your bundle was revoked.

      We should add an error log and print appropriate logging to tell user what's happening here.

        Activity

        Hide
        Guillaume Nodet
        added a comment -

        This issue should now be fixed with FELIX-3604 being resolved.

        Show
        Guillaume Nodet
        added a comment - This issue should now be fixed with FELIX-3604 being resolved.
        Hide
        Guillaume Nodet
        added a comment -

        Fixed in 4.4 and 7.0 branches

        Show
        Guillaume Nodet
        added a comment - Fixed in 4.4 and 7.0 branches

          People

          • Assignee:
            Guillaume Nodet
            Reporter:
            Joe Luo
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: