Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-67778

Certificate authentication not working when called within a node block

XMLWordPrintable

      When using Certificate based authentication within the http_request plugin (1.14) on jenkins-core(2.331), the provided credential (p12 standard certificate credential) loads and works correctly when the httpRequest call is made outside of a node block, the client cert successfully authenticates to the endpoint, and the http request completes successfully

      When the exact same httpRequest call is made within a node{} block, we end up with the below exception. While this exception normally indicates a bad decryption password, it seems odd, since the exact same call succeeds when outside a node block. Keystore password has also been double checked, via openssl cmd

      javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
	at com.sun.crypto.provider.CipherCore.unpad(CipherCore.java:975)
	at com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1056)
	at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:853)
	at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:446)
	at javax.crypto.Cipher.doFinal(Cipher.java:2168)
	at com.cloudbees.plugins.credentials.SecretBytes.getPlainData(SecretBytes.java:140)
Also:   hudson.remoting.Channel$CallSiteStackTrace: Remote call to JNLP4-connect connection from 192.168.11.89/192.168.11.89:35818
		at hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1797)
		at hudson.remoting.UserRequest$ExceptionResponse.retrieve(UserRequest.java:356)
		at hudson.remoting.Channel.call(Channel.java:1001)
		at jenkins.plugins.http_request.HttpRequestStep$Execution.run(HttpRequestStep.java:392)
		at jenkins.plugins.http_request.HttpRequestStep$Execution.run(HttpRequestStep.java:371)
		at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47)
		at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
		at java.util.concurrent.FutureTask.run(FutureTask.java:266)
		at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
		at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
Caused: java.lang.Error
	at com.cloudbees.plugins.credentials.SecretBytes.getPlainData(SecretBytes.java:142)
	at com.cloudbees.plugins.credentials.SecretBytes.getPlainData(SecretBytes.java:233)
	at com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl$UploadedKeyStoreSource.getKeyStoreBytes(CertificateCredentialsImpl.java:504)
	at com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl.getKeyStore(CertificateCredentialsImpl.java:156)
	at jenkins.plugins.http_request.auth.CertificateAuthentication.authenticate(CertificateAuthentication.java:34)
	at jenkins.plugins.http_request.HttpRequestExecution.auth(HttpRequestExecution.java:384)
	at jenkins.plugins.http_request.HttpRequestExecution.authAndRequest(HttpRequestExecution.java:326)
	at jenkins.plugins.http_request.HttpRequestExecution.call(HttpRequestExecution.java:260)
	at jenkins.plugins.http_request.HttpRequestExecution.call(HttpRequestExecution.java:79)
	at hudson.remoting.UserRequest.perform(UserRequest.java:211)
	at hudson.remoting.UserRequest.perform(UserRequest.java:54)
	at hudson.remoting.Request$2.run(Request.java:369)
	at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at hudson.remoting.Engine$1.lambda$newThread$0(Engine.java:117)
Caused: java.io.IOException: Remote call on JNLP4-connect connection from 192.168.11.89/192.168.11.89:35818 failed
	at hudson.remoting.Channel.call(Channel.java:1005)
	at jenkins.plugins.http_request.HttpRequestStep$Execution.run(HttpRequestStep.java:392)
	at jenkins.plugins.http_request.HttpRequestStep$Execution.run(HttpRequestStep.java:371)
	at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
Finished: FAILURE

       
      Http Request Example (within a node), which fails

      node {
def response = httpRequest(
  acceptType: 'APPLICATION_JSON',
  contentType: 'APPLICATION_JSON',
  httpMode: 'GET',
  requestBody: null,
  authentication: 'my-cert-id',
  validResponseCodes: '200',
  url: "https://domain.com/some/uri"
)
echo response.getContent().toString()
}

      The exact same call, outside of a node block, which succeeds

      def response = httpRequest(
  acceptType: 'APPLICATION_JSON',
  contentType: 'APPLICATION_JSON',
  httpMode: 'GET',
  requestBody: null,
  authentication: 'my-cert-id',
  validResponseCodes: '200',
  url: "https://domain.com/some/uri"
)
echo response.getContent().toString()

       

            janario Janario Oliveira
            stigglor Jared Patterson
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: