x0rp01s0n
commented
1 year ago I also already have this kind of solution, using a p7b file. it is possible to convert any cert bundle into an p7b file, then importing it.
taken from stackoverflow
public static final Certificate[] readCertificatesFromPKCS7(byte[] binaryPKCS7Store) throws Exception {
try (ByteArrayInputStream bais = new ByteArrayInputStream(binaryPKCS7Store);) {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Collection<?> c = cf.generateCertificates(bais);
List<Certificate> certList = new ArrayList<Certificate>();
if (c.isEmpty()) {
// If there are now certificates found, the p7b file is probably not in binary format.
// It may be in base64 format.
// The generateCertificates method only understands raw data.
}
else {
Iterator<?> i = c.iterator();
while (i.hasNext()) {
certList.add((Certificate) i.next());
}
}
java.security.cert.Certificate[] certArr = new java.security.cert.Certificate[certList.size()];
return certList.toArray(certArr);
}
}
MrLetsplay2003
edit2: this issue should actually belong to MrLetsplay2003/SimpleHTTPServer since it is caused by the webserver.
Hello, Trying around with this backend i discovered another failure, When uploding a cetificate with multiple chained certificates in the cert file, the server will only take one of them to serve as certificate. in my case it took the Certificate Authoritys chained(bundeled) certificate, which is ofcourse not valid for my domain.
this could be resolved, by either supporting the raw p7b file, or adding support for chained certificates.
example cert file:
output from shittyauth server:
this results in a
PKIX path building failederror since it cannot get the certs real chain, there are missing chain certificates.EDIT:
The issue seems quite simple, the certificate is imported as .Der file which is, by its format, not able to hold more then one certificate. so to resolve the issue, the import function of the certificate should be using another format, supporting cert chains, ie p7b.