000014202 - Java client auto-enrollment fails if certificate in the pool on server has a large serial number

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000014202
Applies ToRSA Key Manager Java Client 2.7
IssueJava client auto-enrollment fails if certificate in the pool on server has a large serial number
During auto-enrollment, if the certificate returned from the pool on server has a large serial number such as "13590587702563758033", the client will fail auto-enrollment with the following exception:

Exception in thread "main" java.lang.NumberFormatException: For input string: "13590587702563758033"
 at java.lang.NumberFormatException.forInputString(Unknown Source)
 at java.lang.Integer.parseInt(Unknown Source)
 at java.lang.Integer.valueOf(Unknown Source)
 at com.rsa.kmc.w.bm.a(Unknown Source)
 at com.rsa.kmc.w.B.a(Unknown Source)
 at com.rsa.kmc.w.W.a(Unknown Source)
 at com.rsa.kmc.w.ap.a(Unknown Source)
 at com.rsa.kmc.w.ap.a(Unknown Source)
 at com.rsa.kmc.w.bn.a(Unknown Source)
 at com.rsa.kmc.w.Q.a(Unknown Source)
 at com.rsa.kmc.w.Q.b(Unknown Source)
 at com.rsa.kmc.w.Q.a(Unknown Source)
 at com.rsa.kmc.KMConfig.c(Unknown Source)
 at com.rsa.kmc.KMConfig.a(Unknown Source)
 at com.rsa.kmc.KMConfig.<init>(Unknown Source)
 at com.target.EnrollKM.main(EnrollKM.java:23)
RKM Java Client 2.7 sample getKeyByKeyClass shows the following (with client.autoenroll_enable set to true):

D:\RSA\KeyManager\2.7\2.7.0\Java client\rkmc>ant run.getKeyByKeyClass
Buildfile: build.xml
run.getKeyByKeyClass:
compile:
    [javac] Compiling 46 source files to D:\RSA\KeyManager\2.7\2.7.0\Java client\rkmc\gen\classes
-check.class.name:
run:
     [java] Running Sample GetKeyByKeyClass
     [java] Exception in thread "main" java.lang.NumberFormatException: For input string: "13590587702563757983"
     [java]     at java.lang.NumberFormatException.forInputString(NumberFormatException.java:48)
     [java]     at java.lang.Integer.parseInt(Integer.java:461)
     [java]     at java.lang.Integer.valueOf(Integer.java:554)
     [java]     at com.rsa.kmc.w.bm.a(Unknown Source)
     [java]     at com.rsa.kmc.w.B.a(Unknown Source)
     [java]     at com.rsa.kmc.w.W.a(Unknown Source)
     [java]     at com.rsa.kmc.w.ap.a(Unknown Source)
     [java]     at com.rsa.kmc.w.ap.a(Unknown Source)
     [java]     at com.rsa.kmc.w.bn.a(Unknown Source)
     [java]     at com.rsa.kmc.w.Q.a(Unknown Source)
     [java]     at com.rsa.kmc.w.Q.b(Unknown Source)
     [java]     at com.rsa.kmc.w.Q.a(Unknown Source)
     [java]     at com.rsa.kmc.KMConfig.c(Unknown Source)
     [java]     at com.rsa.kmc.KMConfig.a(Unknown Source)
     [java]     at com.rsa.kmc.KMConfig.<init>(Unknown Source)
     [java]     at rkmjc.api.getkey.GetKeyByKeyClass.run(GetKeyByKeyClass.java:35)
     [java]     at rkmjc.api.getkey.GetKeyByKeyClass.main(GetKeyByKeyClass.java:63)
BUILD FAILED
D:\RSA\KeyManager\2.7\2.7.0\Java client\rkmc\build.xml:238: The following error occurred while executing this line:
D:\RSA\KeyManager\2.7\2.7.0\Java client\rkmc\build.xml:87: Java returned: 1
Total time: 17 seconds
D:\RSA\KeyManager\2.7\2.7.0\Java client\rkmc>
RKM Server log shows the following entries:

09 Apr 2010 15:01:53,821 1270158113352 anonymous (-1) INFO TP-Processor3 - Client : Internal, Created identity TestEnrollment.User1
09 Apr 2010 15:01:53,836 1270158113352 anonymous (-1) INFO TP-Processor3 - Client : Internal, Bound certificate authentication to identity TestEnrollment.User1
09 Apr 2010 15:01:53,852 1270158113352 anonymous (-1) INFO TP-Processor3 - Client : Internal, Deleted PKCS#12 21
09 Apr 2010 15:01:53,868 1270158113352 anonymous (-1) INFO TP-Processor3 - Client : Internal, Auto enrollment succeded for profile 'TestEnrollment', new identity 'TestEnrollment.User1' created with certificate[subject=CN=testClient, OU=Some OrgUnit, O=Some Organization, L=Some City, ST=state, C=US, serialnumber=13590587702563758033]
01 Apr 2010 15:01:56,962 1270158116806 TestEnrollment.User1 (34) INFO TP-Processor13 - Client : 10.11.11.14, Created Client for IP 10.11.11.14
01 Apr 2010 15:01:56,962 1270158116806 TestEnrollment.User1 (34) INFO TP-Processor13 - Client : 10.11.11.14, Client registered with the following details, appname=TestEnrollment.Application1, hostname=clienthost.domain.net, ip=10.11.11.14, version=2.7, managed=false, identity=TestEnrollment.User1
01 Apr 2010 15:02:00,979 1270158120900 TestEnrollment.User1 (34) INFO TP-Processor13 - Client : 10.11.11.14, Originator created with ID aaaa3333cc7777f44ccc444b5e1d5e0000e4ff77c9eee2222a66a3ee6a55bb5f under identity TestEnrollment.User1
CauseThe problem occurs due to conversion of serial number from string to big integer
ResolutionThis issue has been fixed in RKM Java Client 2.7.0.1 (and will also be fixed in 2.7SP1, not released at the time of writing this solution).  Please contact RSA Customer Support to request a download of RKM Java Client 2.7.0.1 or the latest version.
WorkaroundSet client.autoenroll_enable=true
Legacy Article IDa50923

Attachments

    Outcomes