更新超级管理员证书期间的 NPE
NPE during Renew super admin certificate
我们的超级管理员证书已过期。尝试使用 ejbca.sh 更新它,但最后一步失败了:
[jboss@63a2ea1bfbfd bin]$ ./ejbca.sh batch
./ejbca.sh: line 3: which: command not found
Use 'batch --help' for additional options.
Generating keys in directory /tmp/p12.
Generating for end entities with status NEW.
Batch generating 2 users.
java.lang.NullPointerException
at org.cesecore.configuration.GlobalConfigurationSessionBean$GlobalConfigurationCacheHolder.updateConfiguration(GlobalConfigurationSessionBean.java:281)
at org.cesecore.configuration.GlobalConfigurationSessionBean.getCachedConfiguration(GlobalConfigurationSessionBean.java:141)
版本 6.5.0-Alpha,安装在 jboss 7.1.1 上。知道为什么这个 NPE 吗?
谢谢
您的 NPE 的详细信息将显示在 jboss server.log 文件中。服务器端的详细信息记录在那里。
PS: 那是一个非常古老的版本。您需要升级。
谢谢@primetomas,我终于解决了这个问题。
与管理 CA 相关的加密令牌已离线。题中提到的NPE激活后解决了。为了不显示 NPE 并真正显示异常,我必须在 cesecore-ejb 更新文件 org.cesecore.configuration.GlobalConfigurationSessionBean 以防止缓存不包含密钥时出现 NPE。
public void updateConfiguration(final ConfigurationBase conf, final String configId) {
if (caches.containsKey(configId)) {
caches.get(configId).updateConfiguration(conf);
}else {
System.out.println(String.format("updateConfiguration(%s) skipped as there is no cache for it ", new Object[] {configId}));
}
}
修复之后,另一个 NPE 修复在 org.cesecore.certificates.ca.X509CA:
的 cesecore-common
// Check that the certificate fulfills name constraints
if (cacert instanceof X509Certificate) {
GeneralNames altNameGNs = null;
String altName = "" + subject.getSubjectAltName(); // Added "" to prevent NPE later
if(certProfile.getUseSubjectAltNameSubSet()){
altName = certProfile.createSubjectAltNameSubSet(altName);
}
if (altName != null && altName.length() > 0) {
altNameGNs = CertTools.getGeneralNamesFromAltName(altName);
}
CertTools.checkNameConstraints((X509Certificate)cacert, subjectDNName, altNameGNs);
}
我们的超级管理员证书已过期。尝试使用 ejbca.sh 更新它,但最后一步失败了:
[jboss@63a2ea1bfbfd bin]$ ./ejbca.sh batch
./ejbca.sh: line 3: which: command not found
Use 'batch --help' for additional options.
Generating keys in directory /tmp/p12.
Generating for end entities with status NEW.
Batch generating 2 users.
java.lang.NullPointerException
at org.cesecore.configuration.GlobalConfigurationSessionBean$GlobalConfigurationCacheHolder.updateConfiguration(GlobalConfigurationSessionBean.java:281)
at org.cesecore.configuration.GlobalConfigurationSessionBean.getCachedConfiguration(GlobalConfigurationSessionBean.java:141)
版本 6.5.0-Alpha,安装在 jboss 7.1.1 上。知道为什么这个 NPE 吗?
谢谢
您的 NPE 的详细信息将显示在 jboss server.log 文件中。服务器端的详细信息记录在那里。 PS: 那是一个非常古老的版本。您需要升级。
谢谢@primetomas,我终于解决了这个问题。
与管理 CA 相关的加密令牌已离线。题中提到的NPE激活后解决了。为了不显示 NPE 并真正显示异常,我必须在 cesecore-ejb 更新文件
org.cesecore.configuration.GlobalConfigurationSessionBean以防止缓存不包含密钥时出现 NPE。public void updateConfiguration(final ConfigurationBase conf, final String configId) { if (caches.containsKey(configId)) { caches.get(configId).updateConfiguration(conf); }else { System.out.println(String.format("updateConfiguration(%s) skipped as there is no cache for it ", new Object[] {configId})); } }修复之后,另一个 NPE 修复在
的 cesecore-commonorg.cesecore.certificates.ca.X509CA:// Check that the certificate fulfills name constraints if (cacert instanceof X509Certificate) { GeneralNames altNameGNs = null; String altName = "" + subject.getSubjectAltName(); // Added "" to prevent NPE later if(certProfile.getUseSubjectAltNameSubSet()){ altName = certProfile.createSubjectAltNameSubSet(altName); } if (altName != null && altName.length() > 0) { altNameGNs = CertTools.getGeneralNamesFromAltName(altName); } CertTools.checkNameConstraints((X509Certificate)cacert, subjectDNName, altNameGNs); }