From 37c44a1be7aad9ad86a5f5a92257f854fa41e6f5 Mon Sep 17 00:00:00 2001
From: aeberhardt <alexandre.eberhardt@savoirfairelinux.com>
Date: Thu, 23 Jan 2025 16:01:40 -0500
Subject: [PATCH] OCSP: fix 404 error caused by null extension

Extensions object cannot be constructed with empty Extension.
However, an extension is not required in addResponse function
Corrected the issue by splitting the function between those two cases
Gitlab: #151

Change-Id: I584329ee88457d88198ab3d1457ff41c2b00c40a
---
 .../jami/jams/ca/workers/ocsp/OCSPWorker.java | 24 ++++++++++++-------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/jams-ca/src/main/java/net/jami/jams/ca/workers/ocsp/OCSPWorker.java b/jams-ca/src/main/java/net/jami/jams/ca/workers/ocsp/OCSPWorker.java
index 48d25b54..55c9ee0e 100644
--- a/jams-ca/src/main/java/net/jami/jams/ca/workers/ocsp/OCSPWorker.java
+++ b/jams-ca/src/main/java/net/jami/jams/ca/workers/ocsp/OCSPWorker.java
@@ -162,19 +162,25 @@ public class OCSPWorker extends X509Worker<String> {
             throws OCSPException {
         CertificateID certificateID = request.getCertID();
         // Build Extensions
-        Extensions extensions = new Extensions(new Extension[] {});
         Extensions requestExtensions = request.getSingleRequestExtensions();
         if (requestExtensions != null) {
             Extension nonceExtension =
                     requestExtensions.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
-            if (nonceExtension != null) extensions = new Extensions(nonceExtension);
+            Extensions extensions = new Extensions(nonceExtension);
+            responseBuilder.addResponse(
+                    certificateID,
+                    OCSPCertificateStatusMapper.getStatus(
+                            getCertificateSummary(request.getCertID().getSerialNumber(), unknown)),
+                    new Date(),
+                    new Date(new Date().getTime() + crlLifetime),
+                    extensions);
+        } else {
+            responseBuilder.addResponse(
+                    certificateID,
+                    OCSPCertificateStatusMapper.getStatus(
+                            getCertificateSummary(request.getCertID().getSerialNumber(), unknown)),
+                    new Date(),
+                    new Date(new Date().getTime() + crlLifetime));
         }
-        responseBuilder.addResponse(
-                certificateID,
-                OCSPCertificateStatusMapper.getStatus(
-                        getCertificateSummary(request.getCertID().getSerialNumber(), unknown)),
-                new Date(),
-                new Date(new Date().getTime() + crlLifetime),
-                extensions);
     }
 }
-- 
GitLab