We're updating the issue view to help you get more done. 

SSL settings page should deal with empty/corrupt keystore

Description

The ssl settings page should deal with an empty or corrupt key store correctly. Right now, the page simply breaks.

Environment

None

Acceptance Test - Entry

None

Activity

Show:
Stephan Wienczny
April 6, 2007, 11:18 PM

I need to have a key different to the one that openfire creates to get it certified by my ca. Creating a rsa key using keytool certifiing it breaks openfire.

This patch should change the behavior of openfire to not crash when trying to create a csr.

Index: src/java/org/jivesoftware/util/CertificateManager.java
===================================================================
— src/java/org/jivesoftware/util/CertificateManager.java (revision 7909)
+++ src/java/org/jivesoftware/util/CertificateManager.java (working copy)
@@ -326,9 +326,15 @@
PublicKey pubKey = cert.getPublicKey();

String signatureAlgorithm = "DSA".equals(pubKey.getAlgorithm()) ? "SHA1withDSA" : "MD5withRSA";
+
+ PKCS10CertificationRequest csr = null;

  • PKCS10CertificationRequest csr =

  • new PKCS10CertificationRequest(signatureAlgorithm, xname, pubKey, null, privKey);
    + try {
    + csr = new PKCS10CertificationRequest(signatureAlgorithm, xname, pubKey, null, privKey);
    + } catch (InvalidKeyException ive) {
    + sb.append("Cannot create certificate request.");
    + return sb.toString();
    + }

ByteArrayOutputStream baos = new ByteArrayOutputStream();
DEROutputStream deros = new DEROutputStream(baos);

Daniel Henninger
January 15, 2008, 6:06 AM

If you simply do echo 1 > keystore, totally blitzes the interface too. Good to know. I'm thinking about popping up a screen that says "the keystore appears to be corrupt" or something like that with the ability to totally overwrite the current keystore with something built by Openfire.

Assignee

Daniel Henninger

Reporter

MattM

Labels

None

Expected Effort

None

Ignite Forum URL

None

Components

Fix versions

Affects versions

Priority

Major
Configure