Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

SANCertificateIdentityMapping - Unable to parse a byte array (of length 42) as a subjectAltName 'otherName'. It is ignored.

Description

 

2017.02.01 18:01:49 org.jivesoftware.util.cert.SANCertificateIdentityMapping - Unable to parse a byte array (of length 42) as a subjectAltName 'otherName'. It is ignored. java.lang.ClassCastException: org.bouncycastle.asn1.DERTaggedObject cannot be cast to org.bouncycastle.asn1.ASN1String at org.jivesoftware.util.cert.SANCertificateIdentityMapping.parseOtherNameXmppAddr (SANCertificateIdentityMapping.java:213) at org.jivesoftware.util.cert.SANCertificateIdentityMapping.parseOtherName(SANCert ificateIdentityMapping.java:160) at org.jivesoftware.util.cert.SANCertificateIdentityMapping.mapIdentity(SANCertifi cateIdentityMapping.java:75) at org.jivesoftware.util.CertificateManager.getServerIdentities(CertificateManager .java:325) at org.jivesoftware.openfire.keystore.IdentityStore.containsDomainCertificate(Iden tityStore.java:364) at org.jivesoftware.openfire.admin.index_jsp._jspService(index_jsp.java:226) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1669) at com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:11 8) at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1652) at org.jivesoftware.util.LocaleFilter.doFilter(LocaleFilter.java:76) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1652) at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingF ilter.java:53) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1652) at org.jivesoftware.admin.PluginFilter.doFilter(PluginFilter.java:226) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1652) at org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:165) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1652) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:22 3) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:11 27) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185 ) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:106 1) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandler Collection.java:215) at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.jav a:110) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97) at org.eclipse.jetty.server.Server.handle(Server.java:499) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257) at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635 ) at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555) at java.lang.Thread.run(Thread.java:745)

Environment

None

Activity

Show:

Daryl Herzmann February 18, 2018 at 7:34 PM

How is the java exception and fix made by PR 1023 fixing "Can't remove Group Chat (service) Administrators" ?

Venushka Perera February 17, 2018 at 11:05 PM

I've proposed a fix for this here: https://github.com/igniterealtime/Openfire/pull/1023

Venushka Perera February 17, 2018 at 10:31 PM
Edited

I'm seeing the same exception trace on start up when using a SSL certificate signed by our company root certificate and same happens with a self-signed certificate generated with OpenSSL.

Based on the code currently in SANCertificateIdentityMapping, it assumes that xmppAddr value is always an ASN1String where as in this case its an DERTaggedObject (a subclass of ASN1TaggedObject) which contains an {{ASN1String}} within.

protected String parseOtherNameXmppAddr( ASN1Primitive xmppAddr ) { // RFC 6120 says that this should be a UTF8String. Lets be tolerant and allow all text-based values. return ( (ASN1String) xmppAddr ).getString(); }

I think it should consider that the ASN1Primitive passed in to this method being an ASN1TaggedObject.

Fixed

Details

Assignee

Reporter

Labels

Components

Fix versions

Affects versions

Priority

Created February 2, 2017 at 4:48 AM
Updated February 18, 2018 at 7:41 PM
Resolved February 18, 2018 at 7:41 PM

Flag notifications