Uploaded image for project: 'CloverDX'
  1. CloverDX
  2. CLO-15269

Accept certificate dialog does not work with certificate chains

    XMLWordPrintable

    Details

    • Branch:
    • QA Testing:
      UNDECIDED
    • Sprint:
      Green Sprint 114, Green Sprint 115

      Description

      When the server uses a certificate chain, all the certificates are saved to permanent or temporary trust store, but com.cloveretl.gui.server.util.ConfigurableX509TrustManager.checkServerTrusted() only works for single certificates, not for certificate chains. It explicitly checks if testedCerts.length == 1.

      We could relax the condition to testedCerts.length > 0 and test only the first certificate (search if it's present in one of the provided trust stores).

      Or we could create a TrustManagerFactory, intialize it with each trust store and call X509TrustManager.checkServerTrusted() with the whole certificate chain.

      See chain.jks, it contains a certificate chain (virt-gray -> intermediate CA -> root CA) from virt-gray.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              krivanekm Milan Krivanek
              Reporter:
              krivanekm Milan Krivanek
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 30 minutes
                  30m