[jboss-jira] [JBoss JIRA] (ELY-1630) Ignore any blank lines in between the certificates in the certificate chain returned by an ACME server to avoid parsing issues on IBM JDK

Farah Juma (JIRA) issues at jboss.org
Fri Aug 10 10:36:01 EDT 2018 

     [ https://issues.jboss.org/browse/ELY-1630?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Farah Juma resolved ELY-1630.
-----------------------------
    Fix Version/s: 1.5.3.CR1
       Resolution: Done


> Ignore any blank lines in between the certificates in the certificate chain returned by an ACME server to avoid parsing issues on IBM JDK
> -----------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: ELY-1630
>                 URL: https://issues.jboss.org/browse/ELY-1630
>             Project: WildFly Elytron
>          Issue Type: Bug
>          Components: API / SPI
>            Reporter: Farah Juma
>            Assignee: Farah Juma
>             Fix For: 1.5.3.CR1
>
>
> Currently, {{AcmeClientSpiTest#testObtainCertificateChainWithKeySize}} and {{AcmeClientSpiTest#testObtainCertificateChainWithECPublicKey}} fail when run with IBM JDK with the following error:
> {code}
> org.wildfly.security.x500.cert.acme.AcmeException: ELY10049: Unable to download certificate chain from ACME server
> 	at org.wildfly.security.x500.cert.acme.AcmeClientSpi.getPemCertificateChain(AcmeClientSpi.java:988)
> 	at org.wildfly.security.x500.cert.acme.AcmeClientSpi.obtainCertificateChain(AcmeClientSpi.java:519)
> 	at org.wildfly.security.x500.cert.acme.AcmeClientSpiTest.obtainCertificateChain(AcmeClientSpiTest.java:284)
> 	at org.wildfly.security.x500.cert.acme.AcmeClientSpiTest.testObtainCertificateChainWithKeySize(AcmeClientSpiTest.java:260)
> Caused by: java.security.cert.CertificateException: Unable to initialize, java.io.IOException: insufficient data
> 	at com.ibm.security.x509.X509CertImpl.<init>(X509CertImpl.java:268)
> 	at java.security.cert.CertificateFactory.generateCertificates(CertificateFactory.java:448)
> 	at org.wildfly.security.x500.cert.acme.AcmeClientSpi.getPemCertificateChain(AcmeClientSpi.java:984)
> 	... 3 more
> {code}
> The underlying issue is that the PEM certificate chain returned by the ACME server has a blank line in between the two certificates in the chain. This causes parsing issues on IBM JDK when {{CertificateFactory.generateCertificates()}} is called. To fix this, we can just ignore any blank lines in the chain.



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list