3keycompany / czertainly-ejbca-ng-connector Goto Github PK

Affected EJBCA NG version: 1.0.0

When the usernamePrefix or usernamePostfix is not defined, it will be included in the generated username as null string.
For example: null24KoCPTG08I=null.

The correct behaviour is that the prefix or postfix will not be included and the resulting username us 24KoCPTG08I=.

This issue was automatically created by Allstar.

Security Policy Violation
Security policy not enabled.
A SECURITY.md file can give users information about what constitutes a vulnerability and how to report one securely so that information about a bug is not publicly visible. Examples of secure reporting methods include using an issue tracker with private issue support, or encrypted email with a published key.

To fix this, add a SECURITY.md file that explains how to handle vulnerabilities found in your repository. Go to https://github.com/CZERTAINLY/CZERTAINLY-EJBCA-NG-Connector/security/policy to enable.

For more information, see https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository.

This issue will auto resolve when the policy is in compliance.

Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.

The validation of revocation attributes does not handle exceptions properly.
Therefore, the NullPoniterException can be thrown in case no attributes are defined.

The expected behaviour is that the attributes validation exceptions are properly handled and logged.

Describe the bug
Error is misleading when an operator tries to create a new certificate from Czertainly > Certificates by entering wrong values e.g.: digitalSignature,nonRepudication.

To Reproduce
Steps to reproduce the behavior:

Go to Czertainly admin interface > Certificates
Fill in relevant form fields and at the bottom, try to enter the certificate extension data. Enter this value as "digitalSignature,nonRepudiation" and click create button. The certificate request will fail. This is expected because values are not supported in this format
Now check the debug logs for Czertainly ejbca connector
You will notice that the error (as in the attached text file) is misleading and does not provide any clear idea as to what should be checked and fixed.
Expected behavior
A clear error message should be recorded in the log file instead of the attached error.

Desktop (please complete the following information):

OS: Windows (for browser) Czertainly installation is made on a Linux machine.
Browser : Chrome
Version : 25.0.6422.114

Czertainly-issue.txt

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Pending Approval

These branches will be created by Renovate only once you click their checkbox below.

• Update sigstore/cosign-installer action to v3.6.0

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

This issue was automatically created by Allstar.

Security Policy Violation
Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

Artifacts Found

• ejbca-libs/cesecore-common-7.7.0.jar
• ejbca-libs/ejbca-common-7.7.0.jar

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

This issue will auto resolve when the policy is in compliance.

Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.

In EJBCA discovery attributes there are 3 data attributes which content is retrieved by callback when EJBCA instance is selected:

• ejbcaRestApiUrl
• ca
• endEntityProfile

Requirements:

• Replace attributes above with group attribute that will provide these attributes already with content based on selected EJBCA instance.
• fix response of ejbcaRestApi callback endpoint to retrieve EJBCA REST API base URL. It should return List<StringAttributeContent>

This issue was automatically created by Allstar.

Security Policy Violation
Did not find any owners of this repository
This policy requires all repositories to have a user or team assigned as an administrator. A responsible party is required by organization policy to respond to security events and organization requests.

To add an administrator From the main page of the repository, go to Settings -> Manage Access.
(For more information, see https://docs.github.com/en/organizations/managing-access-to-your-organizations-repositories)

Alternately, if this repository does not have any maintainers, archive or delete it.

This issue will auto resolve when the policy is in compliance.

Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.

Currently the connector supports SAN data from the Data Attribute that is possible to use when the certificate is managed through the API of the Core. However, when the CSR is coming from the protocols, Core is not able to perform mapping of the SAN data to certificate and eventually end entity.

In general, it would be useful to support adding SAN data from the CSR that is provided.
The mechanism can be implemented in a way that CSR SAN data has higher priority than Data Attribute, or it can be merged.

EJBCA NG Connector does not migrate the credential_data column. It migrates only the attribute column and the credential data remains in the old format. Because of this, there are deserialization issues

This issue was automatically created by Allstar.

Security Policy Violation
Dismiss stale reviews not configured for branch develop

⚠️ There is an updated version of this policy result! Click here to see the latest update

This issue will auto resolve when the policy is in compliance.

Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.

Implement endpoint POST /v1/authorityProvider/authorities/{uuid}/caCertificates from authority interface and use EJBCA WS to retrieve certificate chain of issuer authority specified by RA profiles attributes in request.

Implement endpoint POST /v1/authorityProvider/authorities/{uuid}/crl from authority interface and use EJBCA WS to retrieve certificate revocation list with support for delta CRL.