Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-64684

Unable to upload pkcs12 certificate in Credentials.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Critical
    • Resolution: Unresolved
    • Component/s: _unsorted
    • Labels:
    • Environment:
      Jenkins with version 2.263.2 credential plugin-2.3.14 android-signing-2.2.5
    • Similar Issues:

      Description

      Not able to upload the pkcs12 file getting "Could not load keystore" while trying to add in the credentials. 

      I am using the Jenkins on local server.

      From the system logs getting :

      Credentials ID AndroidBuildKey: Could not load keystore from UploadedKeyStoreSource{uploadedKeystoreBytes=******}
      java.io.IOException: Short read of DER length
      at sun.security.util.DerInputStream.getLength(Unknown Source)
      at sun.security.util.DerValue.init(Unknown Source)
      at sun.security.util.DerValue.<init>(Unknown Source)
      at sun.security.util.DerValue.<init>(Unknown Source)
      at sun.security.pkcs12.PKCS12KeyStore.engineLoad(Unknown Source)
      at java.security.KeyStore.load(Unknown Source)
      at com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl.getKeyStore(CertificateCredentialsImpl.java:155)
      at com.cloudbees.plugins.credentials.common.StandardCertificateCredentials$NameProvider.getName(StandardCertificateCredentials.java:89)
      at

        Attachments

        1. After_choose_file.png
          100 kB
          Munesh
        2. After_save_and_coming_back.png
          104 kB
          Munesh
        3. After_upload_certficate_click.png
          100 kB
          Munesh
        4. After_upload_click.png
          99 kB
          Munesh
        5. Credentials_screen.png
          99 kB
          Munesh
        6. Screenshot (14).png
          106 kB
          Munesh

          Activity

          Hide
          douphi Phi Dou added a comment -

          Same here : Jenkins 2.263.4 and Credentials Plugin: 2.3.15

           

          15-Mar-2021 11:16:37.620 WARNING [Handling GET /jenkins/job/lswa-launcher/credentials/store/folder/domain/_/ from 192.168.1.159 : http-nio-8080-exec-2 CredentialsStoreAction/DomainWrapper/index.jelly] com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl.getK
          eyStore Credentials ID e64fece5-d2c7-4338-9e71-668754554918: Could not load keystore from UploadedKeyStoreSource{uploadedKeystoreBytes=******}
          java.io.IOException: Short read of DER length
                 at sun.security.util.DerInputStream.getLength(DerInputStream.java:588)
                 at sun.security.util.DerValue.init(DerValue.java:391)
                 at sun.security.util.DerValue.<init>(DerValue.java:332)
                 at sun.security.util.DerValue.<init>(DerValue.java:345)
                 at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1941)
                 at java.security.KeyStore.load(KeyStore.java:1445)
                 at com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl.getKeyStore(CertificateCredentialsImpl.java:155)
                 at com.cloudbees.plugins.credentials.common.StandardCertificateCredentials$NameProvider.getName(StandardCertificateCredentials.java:89)
                 at com.cloudbees.plugins.credentials.common.StandardCertificateCredentials$NameProvider.getName(StandardCertificateCredentials.java:51)
                 at com.cloudbees.plugins.credentials.CredentialsNameProvider.name(CredentialsNameProvider.java:93)
                 at com.cloudbees.plugins.credentials.CredentialsNameProvider.name(CredentialsNameProvider.java:106)
                 at com.cloudbees.plugins.credentials.CredentialsNameProvider.name(CredentialsNameProvider.java:59)
                 at com.cloudbees.plugins.credentials.CredentialsStoreAction$CredentialsWrapper.getDisplayName(CredentialsStoreAction.java:1178)

          ...

          Show
          douphi Phi Dou added a comment - Same here : Jenkins 2.263.4 and Credentials Plugin: 2.3.15   15-Mar-2021 11:16:37.620 WARNING [Handling GET /jenkins/job/lswa-launcher/credentials/store/folder/domain/_/ from 192.168.1.159 : http-nio-8080-exec-2 CredentialsStoreAction/DomainWrapper/index.jelly] com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl.getK eyStore Credentials ID e64fece5-d2c7-4338-9e71-668754554918: Could not load keystore from UploadedKeyStoreSource{uploadedKeystoreBytes=******} java.io.IOException: Short read of DER length        at sun.security.util.DerInputStream.getLength(DerInputStream.java:588)        at sun.security.util.DerValue.init(DerValue.java:391)        at sun.security.util.DerValue.<init>(DerValue.java:332)        at sun.security.util.DerValue.<init>(DerValue.java:345)        at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1941)        at java.security.KeyStore.load(KeyStore.java:1445)        at com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl.getKeyStore(CertificateCredentialsImpl.java:155)        at com.cloudbees.plugins.credentials.common.StandardCertificateCredentials$NameProvider.getName(StandardCertificateCredentials.java:89)        at com.cloudbees.plugins.credentials.common.StandardCertificateCredentials$NameProvider.getName(StandardCertificateCredentials.java:51)        at com.cloudbees.plugins.credentials.CredentialsNameProvider.name(CredentialsNameProvider.java:93)        at com.cloudbees.plugins.credentials.CredentialsNameProvider.name(CredentialsNameProvider.java:106)        at com.cloudbees.plugins.credentials.CredentialsNameProvider.name(CredentialsNameProvider.java:59)        at com.cloudbees.plugins.credentials.CredentialsStoreAction$CredentialsWrapper.getDisplayName(CredentialsStoreAction.java:1178) ...
          Hide
          douphi Phi Dou added a comment -

          The keystore pkcs12 uploaded and visible  as <uploadedKeystoreBytes> into config.xml is very short. I don't know if it is the cause or the consequences of the error above

          Show
          douphi Phi Dou added a comment - The keystore pkcs12 uploaded and visible  as <uploadedKeystoreBytes> into config.xml is very short. I don't know if it is the cause or the consequences of the error above
          Hide
          douphi Phi Dou added a comment -

          Same with jenkins :  2.277.1 and Credentials Plugin : 2.3.15

          POST /jenkins/descriptor/com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl$UploadedKeyStoreSource/upload/id1054/upload?Jenkins-Crumb=6f420ecf8db9266890aa6018bc691037183efcef89ecfda8d7848f5f0632af1c

          post keystore with 

          > ------WebKitFormBoundaryeAEql7lJqNg1ATvR

          >Content-Disposition: form-data; name="certificate.file"; filename="cert-chain-2021.pkcs12"

          >Content-Type: application/octet-stream

           

          Http Response code : 200

          The body response send back the keystore encoded like the older one found in config.xml

           

          Workaround : manually updating the <uploadedKeystoreBytes> value into  config.xml with tomcat stopped** work.

          Taking the value from this input from the JenkinsUI response with tcpdump/wireshark : 

          ><input disabled="true" id="content" name="_.uploadedKeystore" type="text" class="setting-input " value="....

          and paste it into <uploadedKeystoreBytes> value into  config.xml

          restart tomcat.

          The keystore is available !

           

           

          Show
          douphi Phi Dou added a comment - Same with jenkins :  2.277.1 and Credentials Plugin : 2.3.15 POST /jenkins/descriptor/com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl$UploadedKeyStoreSource/upload/id1054/upload?Jenkins-Crumb=6f420ecf8db9266890aa6018bc691037183efcef89ecfda8d7848f5f0632af1c post keystore with  > ------WebKitFormBoundaryeAEql7lJqNg1ATvR >Content-Disposition: form-data; name="certificate.file"; filename="cert-chain-2021.pkcs12" >Content-Type: application/octet-stream   Http Response code : 200 The body response send back the keystore encoded like the older one found in config.xml   Workaround : manually updating the <uploadedKeystoreBytes> value into  config.xml with tomcat   stopped ** work. Taking the value from this input from the JenkinsUI response with tcpdump/wireshark :  ><input disabled="true" id="content" name="_.uploadedKeystore" type="text" class="setting-input " value=".... and paste it into <uploadedKeystoreBytes> value into  config.xml restart tomcat. The keystore is available !    

            People

            Assignee:
            administrators jenkins admin
            Reporter:
            munesh_android Munesh
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: