Skip to content

Fix unsafe implementation to generate cert aliases #248

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 28, 2022
Merged

Fix unsafe implementation to generate cert aliases #248

merged 1 commit into from
Jun 28, 2022

Conversation

runeflobakk
Copy link
Member

Implementation was based on an assumption that a path string obtained from a classpath URL can always be converted
to a Path instance, which is not the case, esp. on Windows.

Doing e.g. Paths.get("file:/C:/path/WEB-INF/lib/lib.jar!/file/in/jar") will make
sun.nio.fs.WindowsPathParser throw an InvalidPathException.

The bug was introduced by yours truly yours truly in v6.1:
https://github.com/digipost/signature-api-client-java/blob/6.1/src/main/java/no/digipost/signature/client/core/internal/security/TrustStoreLoader.java#L89
Will backport this fix to v6.1.1.

Exception stacktrace

no.digipost.signature.client.core.exceptions.ConfigurationException: Unable to load certificate from classpath: /certificates/test/Buypass_Class_3_Test4_CA_3.cer
at no.digipost.signature.client.core.internal.security.TrustStoreLoader$ClassPathResourceLoader.forEachFile(TrustStoreLoader.java:91)
at no.digipost.signature.client.core.internal.security.TrustStoreLoader.loadCertificatesInto(TrustStoreLoader.java:54)
at no.digipost.signature.client.core.internal.security.TrustStoreLoader.build(TrustStoreLoader.java:37)
at no.digipost.signature.client.ClientConfiguration.getSSLContext(ClientConfiguration.java:157)
at no.digipost.signature.client.core.internal.http.SignatureHttpClientFactory.create(SignatureHttpClientFactory.java:17)
at no.digipost.signature.client.portal.PortalClient.<init>(PortalClient.java:37)

...
Caused by: java.nio.file.InvalidPathException: Illegal char <:> at index 4: file:/C:/path/WEB-INF/lib/lib.jar!/certificates/test/Buypass_Class_3_Test4_CA_3.cer
at java.base/sun.nio.fs.WindowsPathParser.normalize(WindowsPathParser.java:182)
at java.base/sun.nio.fs.WindowsPathParser.parse(WindowsPathParser.java:153)
at java.base/sun.nio.fs.WindowsPathParser.parse(WindowsPathParser.java:77)
at java.base/sun.nio.fs.WindowsPath.parse(WindowsPath.java:92)
at java.base/sun.nio.fs.WindowsFileSystem.getPath(WindowsFileSystem.java:229)
at java.base/java.nio.file.Path.of(Path.java:147)
at java.base/java.nio.file.Paths.get(Paths.java:69)
at no.digipost.signature.client.core.internal.security.TrustStoreLoader$ClassPathResourceLoader.forEachFile(TrustStoreLoader.java:89)

@runeflobakk
Fix unsafe implementation to generate cert aliases
9b9de56 
Was based on an assumption that a path string obtained from a classpath URL can always be converted
to a Path instance, which is not the case, esp. on Windows.

Doing e.g. Paths.get("file:/C:/path/WEB-INF/lib/lib.jar!/file/in/jar") will make
sun.nio.fs.WindowsPathParser throw an InvalidPathException.
@runeflobakk runeflobakk requested a review from simenstoa June 28, 2022 13:18
@runeflobakk runeflobakk mentioned this pull request Jun 28, 2022
Closed
simenstoa
simenstoa approved these changes Jun 28, 2022
View reviewed changes
Copy link
Contributor

@simenstoa simenstoa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🙆‍♂️

@runeflobakk runeflobakk merged commit bd979b7 into main Jun 28, 2022
@runeflobakk runeflobakk deleted the fix-certloading-windows-bug branch June 28, 2022 13:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
1 more reviewer

@simenstoa simenstoa simenstoa approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@runeflobakk @simenstoa