cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AbstractUserAccount.getCertificates throws ArrayIndexOutOfBoundsException

Former Member

on ‎08-15-2008 1:34 PM

0 Kudos

Hi,

I use a ClientCertLoginModule to authenticate web service calls.

I've added the trusted certificates to users in the UME. Now in my app, I use the following code fragment to retain the certificate's distinguised name (DN):

IUser user = UMFactory.getAuthenticator().getLoggedInUser();

IUserAccount[] useraccounts = user.getUserAccounts();

X509Certificate[] certificates = useraccounts[0].getCertificates();

X509Certificate certificate = certificates[0];

String dn = certificate.getSubjectDN().getName();

Now if I fire web service calls to this piece of code one by one, all goes well.

If I fire web service calls in parallel, using the same certificate each time, the following error occurs:

java.lang.ArrayIndexOutOfBoundsException

at com.sap.security.core.imp.AbstractUserAccount.getCertificates(AbstractUserAccount.java:1671)

at com.sap.security.core.imp.UserAccountWrapper.getCertificates(UserAccountWrapper.java:295)

Does anyone have an explanation for this behaviour???

Thanx!

David.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎08-20-2008 9:56 AM
0 Kudos

Hi Tvetomir,

Thanx for your suggestion. The thing is, that I'm using the Axis web service framework.

I have a SOAPEnvelope instance to work with, and no (direct) request available to try your code with....

And as I said, single user my code works fine, it all brakes down with several concurrent calls....

Greetings,

David.

Show replies
Show replies
Former Member
‎08-18-2008 3:25 PM
0 Kudos

Hello,

Using UME API you actually is trying to get the user certificate from the user store. Obviously, the userstore (DB, LDAP, ABAP, depending on the UME config) does not hold the user certificate.

What you have to do is to get the SSL client certificate from the HTTP request. This would be exactly the certificate that was sent through the SSL channel. Also, this is the required implementation as per J2EE specification (UME API is SAP proprietary):


java.security.cert.X509Certificate[] crtChain =
   (java.security.cert.X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
String dn = null;
if (crtChain != null && crtChain.length > 0) {
  dn = crtChain[0].getSubjectDN();
}
// do something with the DN

Kind regards,

Tsvetomir

Show replies
Show replies
Ask a Question