科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>spring boot - SAML certification cannot be read as `PemContent` - Stack Overflow

    spring boot - SAML certification cannot be read as `PemContent` - Stack Overflow

    programmeradmin0浏览0评论

    I'm migrating my application from Spring Boot 3.3.6 to 3.4.1.
    I have a certification file used for SAML authentication. It's like
    And I set it as

    spring.security.saml2:
  relyingparty:
    registration:
      azuread: # registration id
        entity-id: ArchitecturePoC # entity id of project, need to be registered to Azure AD in advance
        assertingparty:
          verification:
            credentials:
              - certificate-location: "classpath:ArchitecturePoC.cer"

    It worked fine on spring boot 3.3.6, but when I upgraded to 3.4.1, the certification file cannot be recognized.

    Caused by: java.lang.IllegalStateException: Missing certificates or unrecognized format
    at org.springframework.util.Assert.state(Assert.java:79)
    at org.springframework.boot.ssl.pem.PemCertificateParser.parse(PemCertificateParser.java:64)
    at org.springframework.boot.ssl.pem.PemContent.getCertificates(PemContent.java:64)
    at org.springframework.boot.autoconfigure.security.saml2.Saml2RelyingPartyRegistrationConfiguration.readCertificate(Saml2RelyingPartyRegistrationConfiguration.java:192)
    ... 97 common frames omitted

    It seems to be the changes in Saml2RelyingPartyRegistrationConfiguration#readCertificate, in 3.3.x, it's like

        private X509Certificate readCertificate(Resource location) {
        Assert.state(location != null, "No certificate location specified");
        Assert.state(location.exists(), () -> "Certificate  location '" + location + "' does not exist");
        try (InputStream inputStream = location.getInputStream()) {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
        }
        catch (Exception ex) {
            throw new IllegalArgumentException(ex);
        }
    }

    in 3.4.x, it's

        private X509Certificate readCertificate(Resource location) {
        Assert.state(location != null, "No certificate location specified");
        Assert.state(location.exists(), () -> "Certificate  location '" + location + "' does not exist");
        try (InputStream inputStream = location.getInputStream()) {
            PemContent pemContent = PemContent.load(inputStream);
            List<X509Certificate> certificates = pemContent.getCertificates();
            return certificates.get(0);
        }
        catch (Exception ex) {
            throw new IllegalArgumentException(ex);
        }
    }

    I cannot see the necessity of forcing apps to use pem files starts with BEGIN CERTIFICATE, and it makes no sense to stop supporting certifications which are not pem format.

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论