Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-64684

Unable to upload pkcs12 certificate in Credentials.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Critical
    • Resolution: Unresolved
    • Component/s: _unsorted
    • Labels:
    • Environment:
      Jenkins with version 2.263.2 credential plugin-2.3.14 android-signing-2.2.5
    • Similar Issues:

      Description

      Not able to upload the pkcs12 file getting "Could not load keystore" while trying to add in the credentials. 

      I am using the Jenkins on local server.

      From the system logs getting :

      Credentials ID AndroidBuildKey: Could not load keystore from UploadedKeyStoreSource{uploadedKeystoreBytes=******}
      java.io.IOException: Short read of DER length
      at sun.security.util.DerInputStream.getLength(Unknown Source)
      at sun.security.util.DerValue.init(Unknown Source)
      at sun.security.util.DerValue.<init>(Unknown Source)
      at sun.security.util.DerValue.<init>(Unknown Source)
      at sun.security.pkcs12.PKCS12KeyStore.engineLoad(Unknown Source)
      at java.security.KeyStore.load(Unknown Source)
      at com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl.getKeyStore(CertificateCredentialsImpl.java:155)
      at com.cloudbees.plugins.credentials.common.StandardCertificateCredentials$NameProvider.getName(StandardCertificateCredentials.java:89)
      at

        Attachments

        1. After_choose_file.png
          After_choose_file.png
          100 kB
        2. After_save_and_coming_back.png
          After_save_and_coming_back.png
          104 kB
        3. After_upload_certficate_click.png
          After_upload_certficate_click.png
          100 kB
        4. After_upload_click.png
          After_upload_click.png
          99 kB
        5. Credentials_screen.png
          Credentials_screen.png
          99 kB
        6. Screenshot (14).png
          Screenshot (14).png
          106 kB

          Activity

          Hide
          douphi Phi Dou added a comment -

          Same here : Jenkins 2.263.4 and Credentials Plugin: 2.3.15

           

          15-Mar-2021 11:16:37.620 WARNING [Handling GET /jenkins/job/lswa-launcher/credentials/store/folder/domain/_/ from 192.168.1.159 : http-nio-8080-exec-2 CredentialsStoreAction/DomainWrapper/index.jelly] com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl.getK
          eyStore Credentials ID e64fece5-d2c7-4338-9e71-668754554918: Could not load keystore from UploadedKeyStoreSource{uploadedKeystoreBytes=******}
          java.io.IOException: Short read of DER length
                 at sun.security.util.DerInputStream.getLength(DerInputStream.java:588)
                 at sun.security.util.DerValue.init(DerValue.java:391)
                 at sun.security.util.DerValue.<init>(DerValue.java:332)
                 at sun.security.util.DerValue.<init>(DerValue.java:345)
                 at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1941)
                 at java.security.KeyStore.load(KeyStore.java:1445)
                 at com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl.getKeyStore(CertificateCredentialsImpl.java:155)
                 at com.cloudbees.plugins.credentials.common.StandardCertificateCredentials$NameProvider.getName(StandardCertificateCredentials.java:89)
                 at com.cloudbees.plugins.credentials.common.StandardCertificateCredentials$NameProvider.getName(StandardCertificateCredentials.java:51)
                 at com.cloudbees.plugins.credentials.CredentialsNameProvider.name(CredentialsNameProvider.java:93)
                 at com.cloudbees.plugins.credentials.CredentialsNameProvider.name(CredentialsNameProvider.java:106)
                 at com.cloudbees.plugins.credentials.CredentialsNameProvider.name(CredentialsNameProvider.java:59)
                 at com.cloudbees.plugins.credentials.CredentialsStoreAction$CredentialsWrapper.getDisplayName(CredentialsStoreAction.java:1178)

          ...

          Show
          douphi Phi Dou added a comment - Same here : Jenkins 2.263.4 and Credentials Plugin: 2.3.15   15-Mar-2021 11:16:37.620 WARNING [Handling GET /jenkins/job/lswa-launcher/credentials/store/folder/domain/_/ from 192.168.1.159 : http-nio-8080-exec-2 CredentialsStoreAction/DomainWrapper/index.jelly] com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl.getK eyStore Credentials ID e64fece5-d2c7-4338-9e71-668754554918: Could not load keystore from UploadedKeyStoreSource{uploadedKeystoreBytes=******} java.io.IOException: Short read of DER length        at sun.security.util.DerInputStream.getLength(DerInputStream.java:588)        at sun.security.util.DerValue.init(DerValue.java:391)        at sun.security.util.DerValue.<init>(DerValue.java:332)        at sun.security.util.DerValue.<init>(DerValue.java:345)        at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1941)        at java.security.KeyStore.load(KeyStore.java:1445)        at com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl.getKeyStore(CertificateCredentialsImpl.java:155)        at com.cloudbees.plugins.credentials.common.StandardCertificateCredentials$NameProvider.getName(StandardCertificateCredentials.java:89)        at com.cloudbees.plugins.credentials.common.StandardCertificateCredentials$NameProvider.getName(StandardCertificateCredentials.java:51)        at com.cloudbees.plugins.credentials.CredentialsNameProvider.name(CredentialsNameProvider.java:93)        at com.cloudbees.plugins.credentials.CredentialsNameProvider.name(CredentialsNameProvider.java:106)        at com.cloudbees.plugins.credentials.CredentialsNameProvider.name(CredentialsNameProvider.java:59)        at com.cloudbees.plugins.credentials.CredentialsStoreAction$CredentialsWrapper.getDisplayName(CredentialsStoreAction.java:1178) ...
          Hide
          douphi Phi Dou added a comment -

          The keystore pkcs12 uploaded and visible  as <uploadedKeystoreBytes> into config.xml is very short. I don't know if it is the cause or the consequences of the error above

          Show
          douphi Phi Dou added a comment - The keystore pkcs12 uploaded and visible  as <uploadedKeystoreBytes> into config.xml is very short. I don't know if it is the cause or the consequences of the error above
          Hide
          douphi Phi Dou added a comment -

          Same with jenkins :  2.277.1 and Credentials Plugin : 2.3.15

          POST /jenkins/descriptor/com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl$UploadedKeyStoreSource/upload/id1054/upload?Jenkins-Crumb=6f420ecf8db9266890aa6018bc691037183efcef89ecfda8d7848f5f0632af1c

          post keystore with 

          > ------WebKitFormBoundaryeAEql7lJqNg1ATvR

          >Content-Disposition: form-data; name="certificate.file"; filename="cert-chain-2021.pkcs12"

          >Content-Type: application/octet-stream

           

          Http Response code : 200

          The body response send back the keystore encoded like the older one found in config.xml

           

          Workaround : manually updating the <uploadedKeystoreBytes> value into  config.xml with tomcat stopped** work.

          Taking the value from this input from the JenkinsUI response with tcpdump/wireshark : 

          ><input disabled="true" id="content" name="_.uploadedKeystore" type="text" class="setting-input " value="....

          and paste it into <uploadedKeystoreBytes> value into  config.xml

          restart tomcat.

          The keystore is available !

           

           

          Show
          douphi Phi Dou added a comment - Same with jenkins :  2.277.1 and Credentials Plugin : 2.3.15 POST /jenkins/descriptor/com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl$UploadedKeyStoreSource/upload/id1054/upload?Jenkins-Crumb=6f420ecf8db9266890aa6018bc691037183efcef89ecfda8d7848f5f0632af1c post keystore with  > ------WebKitFormBoundaryeAEql7lJqNg1ATvR >Content-Disposition: form-data; name="certificate.file"; filename="cert-chain-2021.pkcs12" >Content-Type: application/octet-stream   Http Response code : 200 The body response send back the keystore encoded like the older one found in config.xml   Workaround : manually updating the <uploadedKeystoreBytes> value into  config.xml with tomcat   stopped ** work. Taking the value from this input from the JenkinsUI response with tcpdump/wireshark :  ><input disabled="true" id="content" name="_.uploadedKeystore" type="text" class="setting-input " value=".... and paste it into <uploadedKeystoreBytes> value into  config.xml restart tomcat. The keystore is available !    
          Hide
          citizenkahn citizenkahn added a comment - - edited

          Folks,  If you have Safari, you can work around the problem.  Yeah, I'm confused too.  Here's what I saw:

          • Firefox 88.0 - fails to add, there is not completion of the choose file dialog
          • Chrome 90.0.4430.93 (Official Build) (x86_64) - adds but truncates resulting in the above problem
          • Safari 14.0.2 (15610.3.7.1.10, 15610) - adds, and our test of the cert works properly.  Also, the cert details show in the credentials manager.

           

          So, did someone do all their testing on the plugin using only safari?  Seems really weird.

          Show
          citizenkahn citizenkahn added a comment - - edited Folks,  If you have Safari, you can work around the problem.  Yeah, I'm confused too.  Here's what I saw: Firefox 88.0 - fails to add, there is not completion of the choose file dialog Chrome 90.0.4430.93 (Official Build) (x86_64) - adds but truncates resulting in the above problem Safari 14.0.2 (15610.3.7.1.10, 15610) - adds, and our test of the cert works properly.  Also, the cert details show in the credentials manager.   So, did someone do all their testing on the plugin using only safari?  Seems really weird.

            People

            Assignee:
            administrators jenkins admin
            Reporter:
            munesh_android Munesh
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated: