Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 1.7.6.GA, 1.7.6.CR1
Affects Version/s: 1.7.5.GA
Component/s: team/eng, vertx
Labels:
- BeefyTS

Release Note Text:
Undefined
Git Pull Request:
https://github.com/quarkusio/quarkus/pull/13869
[QE] How to address?:
---

Description

as stated in https://vertx.io/docs/apidocs/io/vertx/ext/jwt/JWK.html, the certificate chains (x5c) in a JWK only allow a single element chain. Why so? Our company's OIDC compliant server has a certificate chain with all the CAs embedded. But the class io.vertx.ext.jwt.JWK throws an exception in this case...

if (json.containsKey("x5c")) {
JsonArray x5c = json.getJsonArray("x5c");
if (x5c.size() > 1)

{ throw new RuntimeException("Certificate Chain length > 1 is not supported"); }

CertificateFactory cf = CertificateFactory.getInstance("X.509");
this.certificate = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(this.addBoundaries(x5c.getString(0)).getBytes(UTF8)));
}

Couldn't it just pick the first certificate ignoring the others in the chain and try to validate the token against that? Right now we're trying to test io.quarkus:quarkus-oidc:1.6.1.Final which includes io.vertx:vertx-auth-oauth2:3.9.1.

Attachments

Activity

People

Assignee:: Julien Viet (Inactive)

Reporter:: Durgesh Anaokar (Inactive)

Tester:: Kyrylo Shpak (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: 2020/12/03 7:04 AM

Updated:: 2024/03/25 6:46 PM

Resolved:: 2021/01/04 8:14 AM