insync comparison is reverse of what it should be #411
Description
Describe the Bug
When obtaining the array of fingerprints from a pkcs12 keystore, the list includes multiple certificates' fingerprints - each of the CAs in the chain is also in the fingerprint array returned. When this is compared to the "latest" in the insync function, the current is a large list of fingerprints which will never match the fingerprint being matched as latest.
This behavior of printing the corresponding CA certs seems to be for at least pkcs12 formatted keystores on java 17. We have multiple java 17 instances where there is an existing JKS keystore where the listing of the CA certs doesn't happen. This also only happens on a "leaf" cert.
Expected Behavior
Certificate is repeatedly deleted then re-imported as the comparison is the reverse of what it should be. Here is what happens when we print the fingerprint values being compared by the insync method:
Info: current has value:'["14:5A:5E:B0:18:E1:00:C3:C0:25:DD:32:91:3D:04:BE:E2:21:B0:A2:B3:23:92:CB:CF:AF:10:8D:7A:01:80:68", "25:CD:2D:9A:12:96:F9:3E:05:A6:0A:A3:62:B9:31:59:6A:83:43:8F:91:A6:47:25:C1:1A:3E:84:A4:C5:CD:D5", "2E:E8:86:28:AD:4D:71:87:19:34:CB:2C:EE:C4:F6:70:19:C7:78:B7", "8E:A0:FF:5D:3B:24:12:F7:D1:C5:E8:23:63:E0:E2:96:83:8E:7F:F6", "B8:B2:CE:01:17:65:78:9F:8E:8B:BC:CF:7C:22:35:BF:9D:37:D2:2F:7B:92:3E:8E:57:FA:24:EC:2B:A1:F3:4C", "BA:05:B0:A6:89:B8:2D:D6:7B:6E:6B:60:2B:1E:4A:9E:75:28:0F:4B"]'
Info: latest has value:'["14:5A:5E:B0:18:E1:00:C3:C0:25:DD:32:91:3D:04:BE:E2:21:B0:A2:B3:23:92:CB:CF:AF:10:8D:7A:01:80:68", "BA:05:B0:A6:89:B8:2D:D6:7B:6E:6B:60:2B:1E:4A:9E:75:28:0F:4B"]'
Steps to Reproduce
Steps to reproduce the behavior:
- create a pkcs12 type keystore with this tool on JDK v17
- add ca and intermediate certs relevant to the leaf cert to be added later
- try adding the cert and observe that it will be repeatedly added during every puppet run.
Environment
- Version puppet 6.28
- Platform RHEL8
- Java v17 (java version "17.0.3.1" 2022-04-22 LTS)