Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-63761

Upload PKCS#12 certificate in credentails fails

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • credentials-plugin
    • None
    • Server: Jenkins 2.254, plugins credentials: 2.3.13, structs 1.20, jdk-tool 1.4, trilead-api 1.0.10, jaxb 2.3.0.1 (if OpenJDK 11), OS: OpenJDK 1.8.0.262.b10-0.el7_8 or 11.0.6.10-3.el7, CentOS 7.5.1804. Client: Chrome and Edge
    • 2.4

      Using the Jenkins UI to add a credential of kind Certificate, uploading a pfx file gives this error: Could not load keystore (show details). See the show details below. With Jenkins 2.253 instead of 2.254, it displays the error: Could retrieve key "1". You may need to provide a password, which is expected and normal.

      The key, certificate and attached pfx file were created using:

      • Key: openssl genrsa -out "${KEY}" 4096.
      • Certificate: openssl req -key "${KEY}" -x509 -out "${CRT}" -subj "${DISTINGUISHED_NAME}".
      • Pfx file: openssl pkcs12 -export -out "${PFX}" -inkey "${KEY}" -in "${CRT}" -passout 'pass:JenkinsPfxIssue'.

      `show details` displays:

       java.io.IOException: DerInputStream.getLength(): lengthTag=70, too big.
       at sun.security.util.DerInputStream.getLength(DerInputStream.java:605)
       at sun.security.util.DerValue.init(DerValue.java:391)
       at sun.security.util.DerValue.<init>(DerValue.java:332)
       at sun.security.util.DerValue.<init>(DerValue.java:345)
       at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1941)
       at java.security.KeyStore.load(KeyStore.java:1445)
       at com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl$KeyStoreSourceDescriptor.validateCertificateKeystore(CertificateCredentialsImpl.java:293)
       at com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl$UploadedKeyStoreSource$DescriptorImpl.doCheckUploadedKeystore(CertificateCredentialsImpl.java:580)
       at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
       at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396)
       at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408)
       at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212)
       at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:145)
       at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:536)
       at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
       at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:766)
       at org.kohsuke.stapler.Stapler.invoke(Stapler.java:898)
       at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:281)
       at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
       at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:766)
       at org.kohsuke.stapler.Stapler.invoke(Stapler.java:898)
       at org.kohsuke.stapler.Stapler.invoke(Stapler.java:694)
       at org.kohsuke.stapler.Stapler.service(Stapler.java:240)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
       at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:763)
       at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1631)
       at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
       at jenkins.security.ResourceDomainFilter.doFilter(ResourceDomainFilter.java:76)
       at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
       at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:129)
       at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
       at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157)
       at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1618)
       at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:153)
       at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1618)
       at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
       at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90)
       at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
       at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1618)
       at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:51)
       at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1618)
       at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
       at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1618)
       at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
       at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1618)
       at jenkins.security.SuspiciousRequestFilter.doFilter(SuspiciousRequestFilter.java:36)
       at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1618)
       at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:549)
       at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
       at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:578)
       at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
       at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
       at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1610)
       at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
       at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1369)
       at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
       at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:489)
       at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1580)
       at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
       at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1284)
       at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
       at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
       at org.eclipse.jetty.server.Server.handle(Server.java:501)
       at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383)
       at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:556)
       at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375)
       at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:272)
       at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
       at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
       at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
       at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
       at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
       at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
       at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
       at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375)
       at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806)
       at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938)
       at java.lang.Thread.run(Thread.java:748)
      

        1. jenkins-issue-01022021-09-57-54-2070.png
          122 kB
          Marek Dlugajczyk
        2. JenkinsPfxIssue.pfx
          4 kB
          Georges Zwingelstein

            wfollonier Wadeck Follonier
            georges474 Georges Zwingelstein
            Votes:
            11 Vote for this issue
            Watchers:
            14 Start watching this issue

              Created:
              Updated:
              Resolved: