Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSLContextGrpcAuthenticationReader reads the wrong certificate from the peer certificates array #1076

Open
jazdw opened this issue Mar 26, 2024 · 2 comments · May be fixed by #1079
Open

SSLContextGrpcAuthenticationReader reads the wrong certificate from the peer certificates array #1076

jazdw opened this issue Mar 26, 2024 · 2 comments · May be fixed by #1079
Labels
bug Something does not work as expected

Comments

@jazdw
Copy link

jazdw commented Mar 26, 2024

The SSLContextGrpcAuthenticationReader reads the last certificate from the peer certificates array, however I believe the intent was probably to retrieve the peer certificate, not an intermediate certificate.

grpc-spring/grpc-server-spring-boot-starter/src/main/java/net/devh/boot/grpc/server/security/authentication/SSLContextGrpcAuthenticationReader.java

Line 56 in de71ce3

return fromCertificate(certs[certs.length - 1]);

The Javadoc of javax.net.ssl.SSLSession#getPeerCertificates specifies that it returns:

an ordered array of peer certificates, with the peer's own certificate first followed by any certificate authorities.

If there are no intermediate CA then the array with have length 1, and there will be no difference in behavior. This is probably why this bug has not been reported before (I don't think).
@ST-DDT
Copy link
Collaborator

ST-DDT commented Mar 27, 2024

Thanks for bringing this to our attention.
Would you like to create a PR for that?

FFR: https://docs.oracle.com/en/java/javase/17/docs/api/java.base/javax/net/ssl/SSLSession.html#getPeerCertificates()

@ST-DDT ST-DDT added the bug Something does not work as expected label Mar 27, 2024
@jazdw jazdw linked a pull request Mar 27, 2024 that will close this issue
Open
@jazdw
Copy link
Author

jazdw commented Mar 27, 2024

@ST-DDT done, opened #1079

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something does not work as expected
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Retrieve the peer certificate from the certificate array jazdw/grpc-spring
2 participants
@ST-DDT @jazdw