Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exception when pubkey algorithm isn't supported confuses cert type and cert algorithm #1446

Closed
danielbprice opened this issue May 5, 2023 · 2 comments
Closed

Exception when pubkey algorithm isn't supported confuses cert type and cert algorithm #1446

danielbprice opened this issue May 5, 2023 · 2 comments
Labels
bug Dysfunctionnal behavior core Impact core of Leshan

Comments

@danielbprice
Copy link

danielbprice commented May 5, 2023
edited
Loading

Version(s)

v1.4.2 and v2.0.0-M10

Which components

leshan-core

Tested With

No response

What happened

When I start the server with a CA certificate which uses an RSA public key certificate, the code produces the exception:

java.security.cert.CertificateException: X.509 algorithm is not supported, Only EC algorithm is supported

The code looks like this, from org.eclipse.leshan.core.util.SecurityUtil:

// we support only EC algorithm
if (!"EC".equals(certificate.getPublicKey().getAlgorithm())) {
    throw new CertificateException(String.format(
           "%s algorithm is not supported, Only EC algorithm is supported", certificate.getType()));
//                                                                          ^^^^^^^^^^^^^^^^^^^^^
}

I believe this (and similar code nearby in the same file) should instead be:

// we support only EC algorithm
if (!"EC".equals(certificate.getPublicKey().getAlgorithm())) {
    throw new CertificateException(String.format(
            "%s algorithm is not supported, Only EC algorithm is supported", certificate.getPublicKey().getAlgorithm()));
//                                                                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
}

How to reproduce

Create a CA certificate with an unsupported algorithm (mine looks like this):

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            <redacted>
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN = <redacted>
        Validity
            Not Before: May 29 07:17:02 2020 GMT
            Not After : May 30 03:17:32 2023 GMT
        Subject: CN = <redacted>
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)

And try to use that with Leshan.

Relevant Output

No response
@danielbprice danielbprice added the bug Dysfunctionnal behavior label May 5, 2023
@sbernard31 sbernard31 added the core Impact core of Leshan label May 10, 2023
@sbernard31
Copy link
Contributor

That makes sense!
Thx for reporting this 🙏

sbernard31 added a commit that referenced this issue May 12, 2023
@sbernard31
GH-1446: Fix bad supported algorithm exception message in SecurityUtil
c77cee9
sbernard31 added a commit that referenced this issue May 12, 2023
@sbernard31
GH-1446: Fix bad supported algorithm exception message in SecurityUtil
14b6f5c
@sbernard31
Copy link
Contributor

This should be fixed in :

Thx again @danielbprice 😉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Dysfunctionnal behavior core Impact core of Leshan
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sbernard31 @danielbprice