search

International-Data-Spaces-Association / ids-metadata-broker-open-frontend

Apache License 2.0
0 stars 5 forks source link

referenced container in docker-compose uses keystore with outdated certificate #5

Closed SebastianOpriel closed 2 years ago

SebastianOpriel commented 2 years ago

Hi, I digged a little bit deeper into the code and figured out, that the referenced image in docker-compose file uses an outdated keystore

https://github.com/International-Data-Spaces-Association/ids-metadata-broker-open-frontend/blob/3e7bc7ecbd138054dc8abed8eced1243c0cd3d07/docker/composefiles/frontend-dev/docker-compose.yml#L11

Unfortunately this image does not have options to override the used keystore isstbroker-keystore.jks (see below), thus no valid DAT can be fetched.

Your keystore contains 1 entry

Alias name: 1
Creation date: 28.11.2018
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=49fa9815-9555-4038-8a9a-4e36de37bf45, OU=ISST, O=Fraunhofer, C=DE
Issuer: CN=IDS Test SubCA 2018, O=Fraunhofer, C=DE
Serial number: 22
Valid from: Wed Nov 28 17:40:07 CET 2018 until: Fri Nov 27 17:40:07 CET 2020
Certificate fingerprints:
         SHA1: 46:B2:63:A6:F4:00:32:63:C9:81:CF:76:0F:82:30:01:12:2F:5F:4C
         SHA256: 0E:E7:3D:C0:EB:CC:09:7A:81:33:4F:54:D7:92:17:65:FB:13:B9:1A:7A:3A:A6:AC:1D:EF:C7:9F:95:36:D9:43
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions:

#1: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: caIssuers
   accessLocation: URIName: http://downloads.aisec.fraunhofer.de/rootcacert2016.cert
]
]

#2: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: CB 8C C7 B6 85 79 A8 23   A6 CB 15 AB 17 50 2F E6  .....y.#.....P/.
0010: 65 43 5D E8                                        eC].
]
]

#3: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:false
  PathLen: undefined
]

#4: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl.aisec.fraunhofer.de/ids.crl]
]]

#5: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  clientAuth
  serverAuth
]

#6: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
  DigitalSignature
  Key_Encipherment
]

#7: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: broker.ids.isst.fraunhofer.de
]

#8: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 17 7B ED 18 73 EB D0 47   5C C3 25 49 47 04 3D A2  ....s..G\.%IG.=.
0010: 8B 72 86 BF                                        .r..
]
]
sebbader commented 2 years ago

Most likely this is due to the old image (registry.gitlab.cc-asp.fraunhofer.de:4567/eis-ids/broker/core instead of registry.gitlab.cc-asp.fraunhofer.de/eis-ids/broker/core). @NehaThawani44 can you test that the new image has a proper keystore configuration?

NehaThawani44 commented 2 years ago

@SebastianOpriel The broker core image is updated now with the new certificate, let me know if you still have issues.