Closed abremora closed 2 years ago
It's odd in that the default of the returned data is PEM.
format (string: "") – Specifies the format for returned data. Can be pem, der, or pem_bundle; defaults to pem. If der, the output is base64 encoded. If pem_bundle, the certificate field will contain the private key and certificate, concatenated; if the issuing CA is not a Vault-derived self-signed root, this will be included as well.
https://www.vaultproject.io/api-docs/secret/pki#generate-certificate
As per the documentation:
Feel free to submit a pull request to introduce PEM to X509Certificate
decoding.
Same issue affects CertificateBundle.createKeyStore()
& CertificateBundle.getPrivateKeySpec()
, too. (Already mentioned in the documentation)
java.lang.IllegalArgumentException: Illegal base64 character 2d
at java.base/java.util.Base64$Decoder.decode0(Base64.java:746) ~[na:na]
at java.base/java.util.Base64$Decoder.decode(Base64.java:538) ~[na:na]
at org.springframework.util.Base64Utils.decode(Base64Utils.java:59) ~[spring-core-5.3.13.jar:5.3.13]
at org.springframework.util.Base64Utils.decodeFromString(Base64Utils.java:111) ~[spring-core-5.3.13.jar:5.3.13]
at org.springframework.vault.support.CertificateBundle.getPrivateKeySpec(CertificateBundle.java:89) ~[spring-vault-core-2.3.2.jar:2.3.2]
at org.springframework.vault.support.CertificateBundle.createKeyStore(CertificateBundle.java:109) ~[spring-vault-core-2.3.2.jar:2.3.2]
Just for clarification: For Vault
the default is PEM but for spring-vault
the default is DER:
I will fix this issue within the next days.
Of course we cannot change the behavior of vault-spring but we have to support other formats and improve documentation.
Certificate.getX509Certificate()
andCertificate.getX509IssuerCertificate()
do not support conversion of PEM-encoded string to X509Certificate.