[jira] [Commented] (QPID-6979) AttributeValueConverter's Certificate handling code assumes unix line endings

Thu, 14 Jan 2016 04:36:05 -0800 

    [ 
https://issues.apache.org/jira/browse/QPID-6979?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15098055#comment-15098055
 ] 

Keith Wall commented on QPID-6979:
----------------------------------

Hi Rob,

Couple of comments

# As java.security.cert.CertificateFactory#generateCertificate supports Base64 
certificates in printable format (with the BEGIN/END headers), why can't 
AttributeValueConverter#CERTIFICATE_CONVERTER simply feed the interpolated 
string value directly into it, thus avoiding the need for our own 
BEGIN/END/line ending manipulations at all.
# I'm not sure the return null on AVC#196 is going to help a user that submits 
a illegal format file.  Should this throw a meaningful exception?
# If we need to do more the delegate to #generateCertificate, I think 
AttributeValueConverterTest should be extended to include happy/unhappy path.



> AttributeValueConverter's Certificate handling code assumes unix line endings
> -----------------------------------------------------------------------------
>
>                 Key: QPID-6979
>                 URL: https://issues.apache.org/jira/browse/QPID-6979
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Broker
>            Reporter: Keith Wall
>            Assignee: Keith Wall
>            Priority: Minor
>             Fix For: qpid-java-6.0.1, qpid-java-6.1
>
>
> The generic code {{AttributeValueConverter}} is used to instantiate model 
> attributes/model operation parameters of type Certificate.   It has the 
> ability to convert from a PEM format representation to a Certificate, but 
> this has a defect.
> It assumes that unix line endings will be used.  If windows line endings were 
> used, the subsequent call to the certificate factory will fail.
> The following model operation is affected by this problem:
> ManagedPeerCertificateTrustStore#addCertificate()
> The workaround is to convert the input to unix line endings.
> The BEGIN/END certificate parsing code should also be enhanced to fail early 
> if it encounters a BEGIN without a corresponding END.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to