Francois Gaudreault created CLOUDSTACK-7770:
-----------------------------------------------
Summary: uploadSslCert not handling intermediate ROOT properly
Key: CLOUDSTACK-7770
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7770
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Reporter: Francois Gaudreault
This code in CertServiceImpl.java is not robust:
for (Certificate c : certs) {
if (!(c instanceof X509Certificate))
throw new IllegalArgumentException("Invalid chain format.
Expected X509 certificate");
X509Certificate xCert = (X509Certificate)c;
Principal subject = xCert.getSubjectDN();
Principal issuer = xCert.getIssuerDN();
if (issuer != null && subject.equals(issuer)) {
root.add(c);
anchors.add(new TrustAnchor(xCert, null));
}
}
if (root.size() == 0)
throw new IllegalArgumentException("No root certificates found for
certificate chain", null);
In the case of Intermediate Root, the Issuer won't be the Subject since the
Issuer is another top level Root certificate. Passing an intermediate
certificate should be allowed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
