qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Keith Wall (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPID-6979) AttributeValueConverter's Certificate handling code assumes unix line endings
Date Thu, 14 Jan 2016 12:35:39 GMT

    [ https://issues.apache.org/jira/browse/QPID-6979?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15098055#comment-15098055

Keith Wall commented on QPID-6979:

Hi Rob,

Couple of comments

# As java.security.cert.CertificateFactory#generateCertificate supports Base64 certificates
in printable format (with the BEGIN/END headers), why can't AttributeValueConverter#CERTIFICATE_CONVERTER
simply feed the interpolated string value directly into it, thus avoiding the need for our
own BEGIN/END/line ending manipulations at all.
# I'm not sure the return null on AVC#196 is going to help a user that submits a illegal format
file.  Should this throw a meaningful exception?
# If we need to do more the delegate to #generateCertificate, I think AttributeValueConverterTest
should be extended to include happy/unhappy path.

> AttributeValueConverter's Certificate handling code assumes unix line endings
> -----------------------------------------------------------------------------
>                 Key: QPID-6979
>                 URL: https://issues.apache.org/jira/browse/QPID-6979
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Broker
>            Reporter: Keith Wall
>            Assignee: Keith Wall
>            Priority: Minor
>             Fix For: qpid-java-6.0.1, qpid-java-6.1
> The generic code {{AttributeValueConverter}} is used to instantiate model attributes/model
operation parameters of type Certificate.   It has the ability to convert from a PEM format
representation to a Certificate, but this has a defect.
> It assumes that unix line endings will be used.  If windows line endings were used, the
subsequent call to the certificate factory will fail.
> The following model operation is affected by this problem:
> ManagedPeerCertificateTrustStore#addCertificate()
> The workaround is to convert the input to unix line endings.
> The BEGIN/END certificate parsing code should also be enhanced to fail early if it encounters
a BEGIN without a corresponding END.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org

View raw message