[jbosstools-issues] [JBoss JIRA] (JBIDE-24312) Explorer: SSL certificate dialog shows up many many times when using internal test server
Andre Dietisheim (JIRA)
issues at jboss.org
Tue Apr 25 18:16:00 EDT 2017
[ https://issues.jboss.org/browse/JBIDE-24312?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13398010#comment-13398010 ]
Andre Dietisheim edited comment on JBIDE-24312 at 4/25/17 6:15 PM:
-------------------------------------------------------------------
the culprit why the certificates are not found is at SSLCertificatesPreference.Item.issuedBy
The parser (at
{code}
X509CertificateParser.getIssuer(X509Certificate certificate)
{code}
is using a whole block of certificate informations that contains the serial number.
In the case of the internal *redhat.com test instance this is what gets used:
{code}
Country (C): US
State (ST): North Carolina
Serial Number: 52616C65696768Organization (O): Red Hat, Inc.
Organizational Unit (OU): Information Technology
Common Name (CN): open.paas.redhat.com
Serial Number: 5B42403732636266343933
{code}
The serial number sent by the server is always a new "random" number. This causes our lookup for existing accepted (and stored) certificates to always think we have a new certificate (prior certificates match in fingerPrint, validity but not in issuedBy.
{code:title=Item#equals}
@Override
public boolean equals(Object o) {
if(!(o instanceof Item)) return false;
Item other = (Item)o;
return Objects.equals(this.issuedBy, other.issuedBy)
&& Objects.equals(this.validity, other.validity)
&& Objects.equals(this.fingerprint, other.fingerprint);
}
{code}
was (Author: adietish):
the culprit why the certificates are not found is at SSLCertificatesPreference.Item.issuedBy
The parser (at
{code}
X509CertificateParser.getIssuer(X509Certificate certificate)
{code}
is using a whole block of certificate informations that contains the serial number.
In the case of the internal *redhat.com test instance this is what gets used:
{code}
Country (C): US
State (ST): North Carolina
Serial Number: 52616C65696768Organization (O): Red Hat, Inc.
Organizational Unit (OU): Information Technology
Common Name (CN): open.paas.redhat.com
Serial Number: 5B42403732636266343933
{code}
The serial number sent by the server is always a new "random" number. This causes our lookup for existing accepted (and stored) certificates to always think we have a new certificate (prior certificates match in fingerPrint, validity but not in issuedBy.
{code:title=Item#equals}
@Override
public boolean equals(Object o) {
if(!(o instanceof Item)) return false;
Item other = (Item)o;
return Objects.equals(this.issuedBy, other.issuedBy)
&& Objects.equals(this.validity, other.validity)
&& Objects.equals(this.fingerprint, other.fingerprint);
}
> Explorer: SSL certificate dialog shows up many many times when using internal test server
> -----------------------------------------------------------------------------------------
>
> Key: JBIDE-24312
> URL: https://issues.jboss.org/browse/JBIDE-24312
> Project: Tools (JBoss Tools)
> Issue Type: Bug
> Components: openshift
> Affects Versions: 4.4.4.AM3
> Environment: MacOS
> Reporter: Andre Dietisheim
> Assignee: Andre Dietisheim
> Priority: Critical
> Fix For: 4.4.4.Final
>
> Attachments: Screencast_04-25-2017_06-56-06+PM.webm, create connection paas.mp4, diff-in-serial.png
>
>
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jbosstools-issues
mailing list