Openfire (ARCHIVED)

SSL settings page should deal with empty/corrupt keystore

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: 2.6.0
  • Fix Version/s: 3.4.5
  • Component/s: Admin Console
  • Labels:
    None
  • Acceptance Test - Add?:
    No

Description

The ssl settings page should deal with an empty or corrupt key store correctly. Right now, the page simply breaks.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Stephan Wienczny added a comment -

I need to have a key different to the one that openfire creates to get it certified by my ca. Creating a rsa key using keytool certifiing it breaks openfire.

This patch should change the behavior of openfire to not crash when trying to create a csr.

Index: src/java/org/jivesoftware/util/CertificateManager.java
===================================================================
— src/java/org/jivesoftware/util/CertificateManager.java (revision 7909)
+++ src/java/org/jivesoftware/util/CertificateManager.java (working copy)
@@ -326,9 +326,15 @@
PublicKey pubKey = cert.getPublicKey();

String signatureAlgorithm = "DSA".equals(pubKey.getAlgorithm()) ? "SHA1withDSA" : "MD5withRSA";
+
+ PKCS10CertificationRequest csr = null;

  • PKCS10CertificationRequest csr =
  • new PKCS10CertificationRequest(signatureAlgorithm, xname, pubKey, null, privKey);
    + try { + csr = new PKCS10CertificationRequest(signatureAlgorithm, xname, pubKey, null, privKey); + } catch (InvalidKeyException ive) { + sb.append("Cannot create certificate request."); + return sb.toString(); + }

ByteArrayOutputStream baos = new ByteArrayOutputStream();
DEROutputStream deros = new DEROutputStream(baos);

Show
Stephan Wienczny added a comment - I need to have a key different to the one that openfire creates to get it certified by my ca. Creating a rsa key using keytool certifiing it breaks openfire. This patch should change the behavior of openfire to not crash when trying to create a csr. Index: src/java/org/jivesoftware/util/CertificateManager.java =================================================================== — src/java/org/jivesoftware/util/CertificateManager.java (revision 7909) +++ src/java/org/jivesoftware/util/CertificateManager.java (working copy) @@ -326,9 +326,15 @@ PublicKey pubKey = cert.getPublicKey(); String signatureAlgorithm = "DSA".equals(pubKey.getAlgorithm()) ? "SHA1withDSA" : "MD5withRSA"; + + PKCS10CertificationRequest csr = null;
  • PKCS10CertificationRequest csr =
  • new PKCS10CertificationRequest(signatureAlgorithm, xname, pubKey, null, privKey); + try { + csr = new PKCS10CertificationRequest(signatureAlgorithm, xname, pubKey, null, privKey); + } catch (InvalidKeyException ive) { + sb.append("Cannot create certificate request."); + return sb.toString(); + }
ByteArrayOutputStream baos = new ByteArrayOutputStream(); DEROutputStream deros = new DEROutputStream(baos);
Hide
Permalink
Daniel Henninger added a comment -

If you simply do echo 1 > keystore, totally blitzes the interface too. Good to know. I'm thinking about popping up a screen that says "the keystore appears to be corrupt" or something like that with the ability to totally overwrite the current keystore with something built by Openfire.

Show
Daniel Henninger added a comment - If you simply do echo 1 > keystore, totally blitzes the interface too. Good to know. I'm thinking about popping up a screen that says "the keystore appears to be corrupt" or something like that with the ability to totally overwrite the current keystore with something built by Openfire.

People

Vote (5)
Watch (1)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for igniterealtime.org. Try JIRA - bug tracking software for your team.