As a Developer I want to forbid uploading an internal TLS certificate that doesn't belong to the key to safeguard users against mistakes
Description
Implementation notes
Activity

jarkkohyoty May 31, 2021 at 10:51 AMEdited
New PR:
https://github.com/nordic-institute/X-Road/pull/977
And succesful PR build:
https://jenkins.niis.org/job/pr-build-pipeline/2104/

caro.hautamaki May 26, 2021 at 6:26 AM
A new bug ticket based on the findings:

caro.hautamaki May 25, 2021 at 12:44 PM
I tested importing a certificate chain. It should be fine as long as the chain is valid. If the chain is valid, the first certificate in the chain is imported as the internal cert and a new keystore is written based on the chain.
However importing an invalid certificate chain leads to faulty behavior. In this case, if the first certificate is valid and matches the current internal key, the certificate is saved as the new internal cert. But because the certificate chain is not valid, a new keystore is not written and the old keystore is retained. At this point an exception is thrown and the UI shows an error that importing the new TLS cert has failed but in reality the cert has been updated behind the scenes. This can be verified even in the UI by refreshing the page.

jarkkohyoty May 21, 2021 at 7:46 AM
Not directly related, but it would be good to check that uploading a certificate chain also work (it is just a pem file with the certs concatenated in the correct order):
internal tls cert
intermediate ca cert
(...potentially other intermediate certs)

caro.hautamaki May 19, 2021 at 1:05 PM
Details
Details
Assignee

Reporter

We should forbid users from importing an internal TLS certificate that does not match the key, as there seem to be no valid reasons for doing so, but it will cause issues.
Acceptance criteria:
The Security Server API checks when an internal TLS certificate is uploaded whether or not it belongs to the internal TLS key
If the certificate belongs to the key, the import is allowed
If the certificate doesn't belong to the key the import is halted and an error returned
The Security Server frontend shows the error in a human-readable form
The issue where re-uploading the same certificate doesn't show an error on the frontend is fixed