Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 1.5.3.Final
Affects Version/s: None
Component/s: API / SPI
Labels:
None

Currently, AcmeClientSpiTest#testObtainCertificateChainWithKeySize and AcmeClientSpiTest#testObtainCertificateChainWithECPublicKey fail when run with IBM JDK with the following error:

org.wildfly.security.x500.cert.acme.AcmeException: ELY10049: Unable to download certificate chain from ACME server
	at org.wildfly.security.x500.cert.acme.AcmeClientSpi.getPemCertificateChain(AcmeClientSpi.java:988)
	at org.wildfly.security.x500.cert.acme.AcmeClientSpi.obtainCertificateChain(AcmeClientSpi.java:519)
	at org.wildfly.security.x500.cert.acme.AcmeClientSpiTest.obtainCertificateChain(AcmeClientSpiTest.java:284)
	at org.wildfly.security.x500.cert.acme.AcmeClientSpiTest.testObtainCertificateChainWithKeySize(AcmeClientSpiTest.java:260)
Caused by: java.security.cert.CertificateException: Unable to initialize, java.io.IOException: insufficient data
	at com.ibm.security.x509.X509CertImpl.<init>(X509CertImpl.java:268)
	at java.security.cert.CertificateFactory.generateCertificates(CertificateFactory.java:448)
	at org.wildfly.security.x500.cert.acme.AcmeClientSpi.getPemCertificateChain(AcmeClientSpi.java:984)
	... 3 more

The underlying issue is that the PEM certificate chain returned by the ACME server has a blank line in between the two certificates in the chain. This causes parsing issues on IBM JDK when CertificateFactory.generateCertificates() is called. To fix this, we can just ignore any blank lines in the chain.

causes

WFCORE-4007 elytron.KeyStoresTestCase fails on IBM jdk

Resolved

Assignee:: Farah Juma

Reporter:: Farah Juma

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2018/08/09 6:55 PM

Updated:: 2020/09/30 10:30 AM

Resolved:: 2018/08/10 10:35 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates