Details
-
Type:
Bug
-
Status: Resolved (View Workflow)
-
Priority:
Critical
-
Resolution: Fixed
-
Component/s: _unsorted
-
Labels:
-
Environment:Jenkins with version 2.263.2 credential plugin-2.3.14 android-signing-2.2.5
-
Similar Issues:
-
Epic Link:
-
Released As:2.4
Description
Not able to upload the pkcs12 file getting "Could not load keystore" while trying to add in the credentials.
I am using the Jenkins on local server.
From the system logs getting :
Credentials ID AndroidBuildKey: Could not load keystore from UploadedKeyStoreSource{uploadedKeystoreBytes=******}
java.io.IOException: Short read of DER length
at sun.security.util.DerInputStream.getLength(Unknown Source)
at sun.security.util.DerValue.init(Unknown Source)
at sun.security.util.DerValue.<init>(Unknown Source)
at sun.security.util.DerValue.<init>(Unknown Source)
at sun.security.pkcs12.PKCS12KeyStore.engineLoad(Unknown Source)
at java.security.KeyStore.load(Unknown Source)
at com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl.getKeyStore(CertificateCredentialsImpl.java:155)
at com.cloudbees.plugins.credentials.common.StandardCertificateCredentials$NameProvider.getName(StandardCertificateCredentials.java:89)
at
Attachments
Issue Links
- duplicates
-
-
- Resolved
-
Activity
The keystore pkcs12 uploaded and visible as <uploadedKeystoreBytes> into config.xml is very short. I don't know if it is the cause or the consequences of the error above
Phi Dou
added a comment - The keystore pkcs12 uploaded and visible as <uploadedKeystoreBytes> into config.xml is very short. I don't know if it is the cause or the consequences of the error above Same with jenkins : 2.277.1 and Credentials Plugin : 2.3.15
POST /jenkins/descriptor/com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl$UploadedKeyStoreSource/upload/id1054/upload?Jenkins-Crumb=6f420ecf8db9266890aa6018bc691037183efcef89ecfda8d7848f5f0632af1c
post keystore with
> ------WebKitFormBoundaryeAEql7lJqNg1ATvR
>Content-Disposition: form-data; name="certificate.file"; filename="cert-chain-2021.pkcs12"
>Content-Type: application/octet-stream
Http Response code : 200
The body response send back the keystore encoded like the older one found in config.xml
Workaround : manually updating the <uploadedKeystoreBytes> value into config.xml with tomcat stopped** work.
Taking the value from this input from the JenkinsUI response with tcpdump/wireshark :
><input disabled="true" id="content" name="_.uploadedKeystore" type="text" class="setting-input " value="....
and paste it into <uploadedKeystoreBytes> value into config.xml
restart tomcat.
The keystore is available !
Phi Dou
added a comment - Same with jenkins : 2.277.1 and Credentials Plugin : 2.3.15
POST /jenkins/descriptor/com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl$UploadedKeyStoreSource/upload/id1054/upload?Jenkins-Crumb=6f420ecf8db9266890aa6018bc691037183efcef89ecfda8d7848f5f0632af1c
post keystore with
> ------WebKitFormBoundaryeAEql7lJqNg1ATvR
>Content-Disposition: form-data; name="certificate.file"; filename="cert-chain-2021.pkcs12"
>Content-Type: application/octet-stream
Http Response code : 200
The body response send back the keystore encoded like the older one found in config.xml
Workaround : manually updating the <uploadedKeystoreBytes> value into config.xml with tomcat stopped ** work.
Taking the value from this input from the JenkinsUI response with tcpdump/wireshark :
><input disabled="true" id="content" name="_.uploadedKeystore" type="text" class="setting-input " value="....
and paste it into <uploadedKeystoreBytes> value into config.xml
restart tomcat.
The keystore is available !
Folks, If you have Safari, you can work around the problem. Yeah, I'm confused too. Here's what I saw:
- Firefox 88.0 - fails to add, there is not completion of the choose file dialog
- Chrome 90.0.4430.93 (Official Build) (x86_64) - adds but truncates resulting in the above problem
- Safari 14.0.2 (15610.3.7.1.10, 15610) - adds, and our test of the cert works properly. Also, the cert details show in the credentials manager.
So, did someone do all their testing on the plugin using only safari? Seems really weird.
Same here : Jenkins 2.263.4 and Credentials Plugin: 2.3.15
15-Mar-2021 11:16:37.620 WARNING [Handling GET /jenkins/job/lswa-launcher/credentials/store/folder/domain/_/ from 192.168.1.159 : http-nio-8080-exec-2 CredentialsStoreAction/DomainWrapper/index.jelly] com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl.getK
eyStore Credentials ID e64fece5-d2c7-4338-9e71-668754554918: Could not load keystore from UploadedKeyStoreSource{uploadedKeystoreBytes=******}
java.io.IOException: Short read of DER length
at sun.security.util.DerInputStream.getLength(DerInputStream.java:588)
at sun.security.util.DerValue.init(DerValue.java:391)
at sun.security.util.DerValue.<init>(DerValue.java:332)
at sun.security.util.DerValue.<init>(DerValue.java:345)
at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1941)
at java.security.KeyStore.load(KeyStore.java:1445)
at com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl.getKeyStore(CertificateCredentialsImpl.java:155)
at com.cloudbees.plugins.credentials.common.StandardCertificateCredentials$NameProvider.getName(StandardCertificateCredentials.java:89)
at com.cloudbees.plugins.credentials.common.StandardCertificateCredentials$NameProvider.getName(StandardCertificateCredentials.java:51)
at com.cloudbees.plugins.credentials.CredentialsNameProvider.name(CredentialsNameProvider.java:93)
at com.cloudbees.plugins.credentials.CredentialsNameProvider.name(CredentialsNameProvider.java:106)
at com.cloudbees.plugins.credentials.CredentialsNameProvider.name(CredentialsNameProvider.java:59)
at com.cloudbees.plugins.credentials.CredentialsStoreAction$CredentialsWrapper.getDisplayName(CredentialsStoreAction.java:1178)
...