-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Major
-
Component/s: credentials-plugin
-
None
-
Environment:Jenkins 2.296
credentials-plugin 2.5
Java Runtime 11.0.11+9-suse-2.2-x8664
-
2.4
While trying to configure kubernetes-plugin with Minikube according to the documentation here: https://github.com/jenkinsci/kubernetes-plugin
I've created a .pfx-file with:
openssl pkcs12 -export -out ~/.minikube/minikube.pfx -inkey ~/.minikube/apiserver.key -in ~/.minikube/apiserver.crt -certfile ~/.minikube/ca.crt -passout pass:secret
The suggested test succeeds:
curl --cacert ~/.minikube/ca.crt --cert ~/.minikube/minikube.pfx:secret --cert-type P12 https://$(minikube ip):8443
When I create a certificate credentials in Jenkins as described and try to save it, Jenkins gives the following stacktrace:
WARNING h.i.i.InstallUncaughtExceptionHandler#handleException: Caught unhandled exception with ID 71037b2e-b9ca-4517-9450-5cb80b7e74fe
sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ENCRYPTED_DATA_LEN_RANGE
at jdk.crypto.cryptoki/sun.security.pkcs11.wrapper.PKCS11.C_DecryptUpdate(Native Method)
at jdk.crypto.cryptoki/sun.security.pkcs11.P11Cipher.implUpdate(P11Cipher.java:623)
Caused: java.security.ProviderException: update() failed
at jdk.crypto.cryptoki/sun.security.pkcs11.P11Cipher.implUpdate(P11Cipher.java:643)
at jdk.crypto.cryptoki/sun.security.pkcs11.P11Cipher.engineUpdate(P11Cipher.java:536)
at jdk.crypto.cryptoki/sun.security.pkcs11.P11Cipher.engineDoFinal(P11Cipher.java:565)
at jdk.crypto.cryptoki/sun.security.pkcs11.P11Cipher.engineDoFinal(P11Cipher.java:551)
at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2202)
at com.cloudbees.plugins.credentials.SecretBytes.decrypt(SecretBytes.java:216)
at com.cloudbees.plugins.credentials.SecretBytes.fromBytes(SecretBytes.java:250)
at com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl$UploadedKeyStoreSource.<init>(CertificateCredentialsImpl.java:469)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
at org.kohsuke.stapler.RequestImpl.invokeConstructor(RequestImpl.java:541)
at org.kohsuke.stapler.RequestImpl.instantiate(RequestImpl.java:805)
at org.kohsuke.stapler.RequestImpl.access$200(RequestImpl.java:85)
at org.kohsuke.stapler.RequestImpl$TypePair.convertJSON(RequestImpl.java:690)
at org.kohsuke.stapler.RequestImpl.bindJSON(RequestImpl.java:490)
at org.kohsuke.stapler.RequestImpl.instantiate(RequestImpl.java:799)
at org.kohsuke.stapler.RequestImpl.access$200(RequestImpl.java:85)
at org.kohsuke.stapler.RequestImpl$TypePair.convertJSON(RequestImpl.java:690)
at org.kohsuke.stapler.RequestImpl.bindJSON(RequestImpl.java:490)
at org.kohsuke.stapler.RequestImpl.bindJSON(RequestImpl.java:486)
at com.cloudbees.plugins.credentials.CredentialsStoreAction$DomainWrapper.doCreateCredentials(CredentialsStoreAction.java:824)
at java.base/java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:710)
at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:393)
at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:405)
at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:77)
at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26)
at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:208)
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:141)
at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:536)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:766)
- duplicates
-
-
- Resolved
-
