Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-64684

Unable to upload pkcs12 certificate in Credentials.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Critical
    • Resolution: Fixed
    • Component/s: _unsorted
    • Labels:
    • Environment:
      Jenkins with version 2.263.2 credential plugin-2.3.14 android-signing-2.2.5
    • Similar Issues:
    • Released As:
      2.4

      Description

      Not able to upload the pkcs12 file getting "Could not load keystore" while trying to add in the credentials. 

      I am using the Jenkins on local server.

      From the system logs getting :

      Credentials ID AndroidBuildKey: Could not load keystore from UploadedKeyStoreSource{uploadedKeystoreBytes=******}
      java.io.IOException: Short read of DER length
      at sun.security.util.DerInputStream.getLength(Unknown Source)
      at sun.security.util.DerValue.init(Unknown Source)
      at sun.security.util.DerValue.<init>(Unknown Source)
      at sun.security.util.DerValue.<init>(Unknown Source)
      at sun.security.pkcs12.PKCS12KeyStore.engineLoad(Unknown Source)
      at java.security.KeyStore.load(Unknown Source)
      at com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl.getKeyStore(CertificateCredentialsImpl.java:155)
      at com.cloudbees.plugins.credentials.common.StandardCertificateCredentials$NameProvider.getName(StandardCertificateCredentials.java:89)
      at

        Attachments

        1. After_choose_file.png
          After_choose_file.png
          100 kB
        2. After_save_and_coming_back.png
          After_save_and_coming_back.png
          104 kB
        3. After_upload_certficate_click.png
          After_upload_certficate_click.png
          100 kB
        4. After_upload_click.png
          After_upload_click.png
          99 kB
        5. Credentials_screen.png
          Credentials_screen.png
          99 kB
        6. Screenshot (14).png
          Screenshot (14).png
          106 kB

          Issue Links

            Activity

            Hide
            douphi Phi Dou added a comment -

            Same here : Jenkins 2.263.4 and Credentials Plugin: 2.3.15

             

            15-Mar-2021 11:16:37.620 WARNING [Handling GET /jenkins/job/lswa-launcher/credentials/store/folder/domain/_/ from 192.168.1.159 : http-nio-8080-exec-2 CredentialsStoreAction/DomainWrapper/index.jelly] com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl.getK
            eyStore Credentials ID e64fece5-d2c7-4338-9e71-668754554918: Could not load keystore from UploadedKeyStoreSource{uploadedKeystoreBytes=******}
            java.io.IOException: Short read of DER length
                   at sun.security.util.DerInputStream.getLength(DerInputStream.java:588)
                   at sun.security.util.DerValue.init(DerValue.java:391)
                   at sun.security.util.DerValue.<init>(DerValue.java:332)
                   at sun.security.util.DerValue.<init>(DerValue.java:345)
                   at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1941)
                   at java.security.KeyStore.load(KeyStore.java:1445)
                   at com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl.getKeyStore(CertificateCredentialsImpl.java:155)
                   at com.cloudbees.plugins.credentials.common.StandardCertificateCredentials$NameProvider.getName(StandardCertificateCredentials.java:89)
                   at com.cloudbees.plugins.credentials.common.StandardCertificateCredentials$NameProvider.getName(StandardCertificateCredentials.java:51)
                   at com.cloudbees.plugins.credentials.CredentialsNameProvider.name(CredentialsNameProvider.java:93)
                   at com.cloudbees.plugins.credentials.CredentialsNameProvider.name(CredentialsNameProvider.java:106)
                   at com.cloudbees.plugins.credentials.CredentialsNameProvider.name(CredentialsNameProvider.java:59)
                   at com.cloudbees.plugins.credentials.CredentialsStoreAction$CredentialsWrapper.getDisplayName(CredentialsStoreAction.java:1178)

            ...

            Show
            douphi Phi Dou added a comment - Same here : Jenkins 2.263.4 and Credentials Plugin: 2.3.15   15-Mar-2021 11:16:37.620 WARNING [Handling GET /jenkins/job/lswa-launcher/credentials/store/folder/domain/_/ from 192.168.1.159 : http-nio-8080-exec-2 CredentialsStoreAction/DomainWrapper/index.jelly] com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl.getK eyStore Credentials ID e64fece5-d2c7-4338-9e71-668754554918: Could not load keystore from UploadedKeyStoreSource{uploadedKeystoreBytes=******} java.io.IOException: Short read of DER length        at sun.security.util.DerInputStream.getLength(DerInputStream.java:588)        at sun.security.util.DerValue.init(DerValue.java:391)        at sun.security.util.DerValue.<init>(DerValue.java:332)        at sun.security.util.DerValue.<init>(DerValue.java:345)        at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1941)        at java.security.KeyStore.load(KeyStore.java:1445)        at com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl.getKeyStore(CertificateCredentialsImpl.java:155)        at com.cloudbees.plugins.credentials.common.StandardCertificateCredentials$NameProvider.getName(StandardCertificateCredentials.java:89)        at com.cloudbees.plugins.credentials.common.StandardCertificateCredentials$NameProvider.getName(StandardCertificateCredentials.java:51)        at com.cloudbees.plugins.credentials.CredentialsNameProvider.name(CredentialsNameProvider.java:93)        at com.cloudbees.plugins.credentials.CredentialsNameProvider.name(CredentialsNameProvider.java:106)        at com.cloudbees.plugins.credentials.CredentialsNameProvider.name(CredentialsNameProvider.java:59)        at com.cloudbees.plugins.credentials.CredentialsStoreAction$CredentialsWrapper.getDisplayName(CredentialsStoreAction.java:1178) ...
            Hide
            douphi Phi Dou added a comment -

            The keystore pkcs12 uploaded and visible  as <uploadedKeystoreBytes> into config.xml is very short. I don't know if it is the cause or the consequences of the error above

            Show
            douphi Phi Dou added a comment - The keystore pkcs12 uploaded and visible  as <uploadedKeystoreBytes> into config.xml is very short. I don't know if it is the cause or the consequences of the error above
            Hide
            douphi Phi Dou added a comment -

            Same with jenkins :  2.277.1 and Credentials Plugin : 2.3.15

            POST /jenkins/descriptor/com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl$UploadedKeyStoreSource/upload/id1054/upload?Jenkins-Crumb=6f420ecf8db9266890aa6018bc691037183efcef89ecfda8d7848f5f0632af1c

            post keystore with 

            > ------WebKitFormBoundaryeAEql7lJqNg1ATvR

            >Content-Disposition: form-data; name="certificate.file"; filename="cert-chain-2021.pkcs12"

            >Content-Type: application/octet-stream

             

            Http Response code : 200

            The body response send back the keystore encoded like the older one found in config.xml

             

            Workaround : manually updating the <uploadedKeystoreBytes> value into  config.xml with tomcat stopped** work.

            Taking the value from this input from the JenkinsUI response with tcpdump/wireshark : 

            ><input disabled="true" id="content" name="_.uploadedKeystore" type="text" class="setting-input " value="....

            and paste it into <uploadedKeystoreBytes> value into  config.xml

            restart tomcat.

            The keystore is available !

             

             

            Show
            douphi Phi Dou added a comment - Same with jenkins :  2.277.1 and Credentials Plugin : 2.3.15 POST /jenkins/descriptor/com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl$UploadedKeyStoreSource/upload/id1054/upload?Jenkins-Crumb=6f420ecf8db9266890aa6018bc691037183efcef89ecfda8d7848f5f0632af1c post keystore with  > ------WebKitFormBoundaryeAEql7lJqNg1ATvR >Content-Disposition: form-data; name="certificate.file"; filename="cert-chain-2021.pkcs12" >Content-Type: application/octet-stream   Http Response code : 200 The body response send back the keystore encoded like the older one found in config.xml   Workaround : manually updating the <uploadedKeystoreBytes> value into  config.xml with tomcat   stopped ** work. Taking the value from this input from the JenkinsUI response with tcpdump/wireshark :  ><input disabled="true" id="content" name="_.uploadedKeystore" type="text" class="setting-input " value=".... and paste it into <uploadedKeystoreBytes> value into  config.xml restart tomcat. The keystore is available !    
            Hide
            citizenkahn citizenkahn added a comment - - edited

            Folks,  If you have Safari, you can work around the problem.  Yeah, I'm confused too.  Here's what I saw:

            • Firefox 88.0 - fails to add, there is not completion of the choose file dialog
            • Chrome 90.0.4430.93 (Official Build) (x86_64) - adds but truncates resulting in the above problem
            • Safari 14.0.2 (15610.3.7.1.10, 15610) - adds, and our test of the cert works properly.  Also, the cert details show in the credentials manager.

             

            So, did someone do all their testing on the plugin using only safari?  Seems really weird.

            Show
            citizenkahn citizenkahn added a comment - - edited Folks,  If you have Safari, you can work around the problem.  Yeah, I'm confused too.  Here's what I saw: Firefox 88.0 - fails to add, there is not completion of the choose file dialog Chrome 90.0.4430.93 (Official Build) (x86_64) - adds but truncates resulting in the above problem Safari 14.0.2 (15610.3.7.1.10, 15610) - adds, and our test of the cert works properly.  Also, the cert details show in the credentials manager.   So, did someone do all their testing on the plugin using only safari?  Seems really weird.

              People

              Assignee:
              administrators jenkins admin
              Reporter:
              munesh_android Munesh
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: