[
https://issues.apache.org/jira/browse/QPID-7174?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15230570#comment-15230570
]
Alex Rudyy edited comment on QPID-7174 at 4/7/16 5:03 PM:
----------------------------------------------------------
ConfiguredObjectJacksonModule declares JsonSerializer for Certificate objects.
The Certificate JsonSerializer calls JsonGenerator#writeBinary(byte[]) to save
Certificate encoded bytes. Internally JsonGenerator#writeBinary calls Base64
encoder to encode bytes and creates bas64 encoded string.
org.apache.qpid.server.model.AttributeValueConverter#CERTIFICATE_CONVERTER
converts certificate represented as String into byte array without performing
any Base64 decoding which results in IllegalArgumentException: Cannot convert
'...'
The simplest fix for the issue would be to add base64 decoding of certificates
represented as String:
{code}
diff --git
a/broker-core/src/main/java/org/apache/qpid/server/model/AttributeValueConverter.java
b/broker-core/src/main/java/org/apache/qpid/server/model/AttributeValueConverter.java
index 4a0a379..071c05a 100644
---
a/broker-core/src/main/java/org/apache/qpid/server/model/AttributeValueConverter.java
+++
b/broker-core/src/main/java/org/apache/qpid/server/model/AttributeValueConverter.java
@@ -36,6 +36,7 @@ import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.Arrays;
+import java.util.Base64;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
@@ -206,7 +207,8 @@ abstract class AttributeValueConverter<T>
else if(value instanceof String)
{
String strValue = AbstractConfiguredObject.interpolate(object,
(String) value);
- return convert(strValue.getBytes(StandardCharsets.UTF_8),
object);
+ byte[] certificateBytes = Base64.getDecoder().decode(strValue);
+ return convert(certificateBytes, object);
}
else if(value == null)
{
{code}
Additionally, It worth considering an adding a prefix to base64 encoded value
similar to what we have for encoded octet streams:
data:application/octet-stream;base64,...
was (Author: alex.rufous):
ConfiguredObjectJacksonModule declares JsonSerializer for Certificate objects.
The Certificate JsonSerializer calls JsonGenerator#writeBinary(byte[]) to save
Certificate encoded bytes. Internally JsonGenerator#writeBinary calls Base64
encoder to encode bytes and creates bas64 encoded string.
org.apache.qpid.server.model.AttributeValueConverter#CERTIFICATE_CONVERTER
converts certificate represented as String into byte array without performing
any Base64 decoding which results in IllegalArgumentException: Cannot convert
'...'
The simplest fix for the issue would be to add base64 decoding of certificates
represented as String:
{code:diff}
diff --git
a/broker-core/src/main/java/org/apache/qpid/server/model/AttributeValueConverter.java
b/broker-core/src/main/java/org/apache/qpid/server/model/AttributeValueConverter.java
index 4a0a379..071c05a 100644
---
a/broker-core/src/main/java/org/apache/qpid/server/model/AttributeValueConverter.java
+++
b/broker-core/src/main/java/org/apache/qpid/server/model/AttributeValueConverter.java
@@ -36,6 +36,7 @@ import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.Arrays;
+import java.util.Base64;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
@@ -206,7 +207,8 @@ abstract class AttributeValueConverter<T>
else if(value instanceof String)
{
String strValue = AbstractConfiguredObject.interpolate(object,
(String) value);
- return convert(strValue.getBytes(StandardCharsets.UTF_8),
object);
+ byte[] certificateBytes = Base64.getDecoder().decode(strValue);
+ return convert(certificateBytes, object);
}
else if(value == null)
{
{code}
Additionally, It worth considering an adding a prefix to base64 encoded value
similar to what we have for encoded octet streams:
data:application/octet-stream;base64,...
> [JavaBroker] Broker fails to open ManagedPeerCertificateTrustStore containing
> certificates added via port
> ---------------------------------------------------------------------------------------------------------
>
> Key: QPID-7174
> URL: https://issues.apache.org/jira/browse/QPID-7174
> Project: Qpid
> Issue Type: Bug
> Components: Java Broker
> Reporter: Alex Rudyy
>
> After configuring of ManagedPeerCertificateTrustStore as port
> clientCertRecorder and capturing one or more certificates via open TLS
> connections, the following exception is reported on Broker restart:
> {noformat}
> ERROR [Broker-Config] (o.a.q.s.m.AbstractConfiguredObject) - Failed to open
> object with name 'managing'. Object will be put into ERROR state.
> java.lang.IllegalArgumentException: Cannot convert
> '[MIIC4TCCAkqgAwIBAgIFAKI1xCswDQYJKoZIhvcNAQEFBQAwQTELMAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxETAPBgNVBAMTCE15Um9vdENBMB4XDTE1MDMyMDAxMjEwNVoXDTIwMDMyMDAxMjEwNVowYTELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMQ0wCwYDVQQKEwRhY21lMQwwCgYDVQQLEwNhcnQxFjAUBgNVBAMMDWFwcDJAYWNtZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCviLTH6Vl6gP3M6gmmm0sVlCcBFfo2czDTsr93D1cIQpnyY1r3znBdFT3cbXE2LtHeLpnlXc+dTo9/aoUuBCzRIpi4CeaGgD3ggIl9Ws5hUgfxJCWBg7nhzMUlBC2C+VgIUHWHqGPuaQ7VzXOEC7xF0mihMZ4bwvU6wxGK2uUoruXE/iti/+jtzxjq0PO7ZgJ7GUI2ZDqGMad5OnLur8jz+yKsVdetXlXsOyHmHi/47pRuA115pYiIaZKu1+vs6IBl4HnEUgw5JwIww6oyTDVvXc1kCw0QCtUZMcNSH2XGhh/zGM/M2Bt2lgEEW0xWTwQcT1J7wnngfbIYbzoupEkRAgMBAAGjQTA/MB0GA1UdDgQWBBRI+VUMRkfNYp/xngM9y720hvxmXTAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4GBAJnedohhbqoY7O6oAm+hPScBCng/fl0erVjexL9W8l8g5NvIGgioUfjUDvGOnwB5LOoTnZUCRaLFhQFcGFMIjdHpg0qt/QkEFX/0m+849RK6muHT1CNlcXtCFXwPTJ+9h+1auTP+Yp/6ii9SU3W1dzYawy2p9IhkMZEpJaHCLnaC]'
> into a java.util.List<java.security.cert.Certificate> for attribute
> storedCertificates (java.security.cert.CertificateException: Could not parse
> certificate: java.io.IOException: Empty input)
> at
> org.apache.qpid.server.model.ConfiguredObjectMethodAttribute.convert(ConfiguredObjectMethodAttribute.java:72)
> ~[classes/:na]
> at
> org.apache.qpid.server.model.AbstractConfiguredObject.automatedSetValue(AbstractConfiguredObject.java:415)
> [classes/:na]
> at
> org.apache.qpid.server.model.AbstractConfiguredObject.resolveAutomatedAttribute(AbstractConfiguredObject.java:1259)
> [classes/:na]
> at
> org.apache.qpid.server.model.AbstractConfiguredObject.onResolve(AbstractConfiguredObject.java:1213)
> [classes/:na]
> at
> org.apache.qpid.server.model.AbstractConfiguredObject.doResolution(AbstractConfiguredObject.java:1025)
> [classes/:na]
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$11.performAction(AbstractConfiguredObject.java:1037)
> ~[classes/:na]
> at
> org.apache.qpid.server.model.AbstractConfiguredObject.applyToChildren(AbstractConfiguredObject.java:1095)
> [classes/:na]
> at
> org.apache.qpid.server.model.AbstractConfiguredObject.doResolution(AbstractConfiguredObject.java:1027)
> [classes/:na]
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$1.execute(AbstractConfiguredObject.java:510)
> [classes/:na]
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$1.execute(AbstractConfiguredObject.java:500)
> [classes/:na]
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:561)
> [classes/:na]
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:554)
> [classes/:na]
> at
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl$TaskLoggingWrapper.execute(TaskExecutorImpl.java:270)
> [classes/:na]
> at
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl.submitWrappedTask(TaskExecutorImpl.java:154)
> [classes/:na]
> at
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl.submit(TaskExecutorImpl.java:142)
> [classes/:na]
> at
> org.apache.qpid.server.model.AbstractConfiguredObject.doOnConfigThread(AbstractConfiguredObject.java:553)
> [classes/:na]
> at
> org.apache.qpid.server.model.AbstractConfiguredObject.openAsync(AbstractConfiguredObject.java:499)
> [classes/:na]
> at
> org.apache.qpid.server.model.AbstractSystemConfig.activate(AbstractSystemConfig.java:238)
> [classes/:na]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[na:1.8.0_66]
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> ~[na:1.8.0_66]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[na:1.8.0_66]
> at java.lang.reflect.Method.invoke(Method.java:497) ~[na:1.8.0_66]
> at
> org.apache.qpid.server.model.AbstractConfiguredObject.attainState(AbstractConfiguredObject.java:1308)
> [classes/:na]
> at
> org.apache.qpid.server.model.AbstractConfiguredObject.attainState(AbstractConfiguredObject.java:1287)
> [classes/:na]
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$8.onSuccess(AbstractConfiguredObject.java:908)
> [classes/:na]
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$8.onSuccess(AbstractConfiguredObject.java:902)
> [classes/:na]
> at com.google.common.util.concurrent.Futures$6.run(Futures.java:1319)
> [guava-18.0.jar:na]
> at
> com.google.common.util.concurrent.MoreExecutors$DirectExecutor.execute(MoreExecutors.java:457)
> [guava-18.0.jar:na]
> at
> com.google.common.util.concurrent.ExecutionList.executeListener(ExecutionList.java:156)
> [guava-18.0.jar:na]
> at
> com.google.common.util.concurrent.ExecutionList.add(ExecutionList.java:101)
> [guava-18.0.jar:na]
> at
> com.google.common.util.concurrent.AbstractFuture.addListener(AbstractFuture.java:170)
> [guava-18.0.jar:na]
> at
> com.google.common.util.concurrent.Futures.addCallback(Futures.java:1322)
> [guava-18.0.jar:na]
> at
> com.google.common.util.concurrent.Futures.addCallback(Futures.java:1258)
> [guava-18.0.jar:na]
> at
> org.apache.qpid.server.model.AbstractConfiguredObject.doAttainState(AbstractConfiguredObject.java:901)
> [classes/:na]
> at
> org.apache.qpid.server.model.AbstractConfiguredObject.access$300(AbstractConfiguredObject.java:80)
> [classes/:na]
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$1.execute(AbstractConfiguredObject.java:513)
> [classes/:na]
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$1.execute(AbstractConfiguredObject.java:500)
> [classes/:na]
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:561)
> [classes/:na]
> at
> org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:554)
> [classes/:na]
> at
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl$TaskLoggingWrapper.execute(TaskExecutorImpl.java:270)
> [classes/:na]
> at
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl$CallableWrapper$1.run(TaskExecutorImpl.java:342)
> [classes/:na]
> at java.security.AccessController.doPrivileged(Native Method)
> [na:1.8.0_66]
> at javax.security.auth.Subject.doAs(Subject.java:360) [na:1.8.0_66]
> at
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl$CallableWrapper.call(TaskExecutorImpl.java:335)
> [classes/:na]
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> [na:1.8.0_66]
> at javax.security.auth.Subject.doAs(Subject.java:360) [na:1.8.0_66]
> at
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl$CallableWrapper.call(TaskExecutorImpl.java:335)
> [classes/:na]
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> [na:1.8.0_66]
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> [na:1.8.0_66]
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> [na:1.8.0_66]
> at java.lang.Thread.run(Thread.java:745) [na:1.8.0_66]
> Caused by: java.lang.IllegalArgumentException:
> java.security.cert.CertificateException: Could not parse certificate:
> java.io.IOException: Empty input
> at
> org.apache.qpid.server.model.AttributeValueConverter$6.convert(AttributeValueConverter.java:203)
> ~[classes/:na]
> at
> org.apache.qpid.server.model.AttributeValueConverter$6.convert(AttributeValueConverter.java:209)
> ~[classes/:na]
> at
> org.apache.qpid.server.model.AttributeValueConverter$6.convert(AttributeValueConverter.java:174)
> ~[classes/:na]
> at
> org.apache.qpid.server.model.AttributeValueConverter$GenericListConverter.convert(AttributeValueConverter.java:743)
> ~[classes/:na]
> at
> org.apache.qpid.server.model.AttributeValueConverter$GenericListConverter.convert(AttributeValueConverter.java:724)
> ~[classes/:na]
> at
> org.apache.qpid.server.model.ConfiguredObjectMethodAttribute.convert(ConfiguredObjectMethodAttribute.java:65)
> ~[classes/:na]
> ... 47 common frames omitted
> Caused by: java.security.cert.CertificateException: Could not parse
> certificate: java.io.IOException: Empty input
> at
> sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:108)
> ~[na:1.8.0_66]
> at
> java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339)
> ~[na:1.8.0_66]
> at
> org.apache.qpid.server.model.AttributeValueConverter$6.convert(AttributeValueConverter.java:199)
> ~[classes/:na]
> ... 52 common frames omitted
> Caused by: java.io.IOException: Empty input
> at
> sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:104)
> ~[na:1.8.0_66]
> ... 54 common frames omitted
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
