graylog2-server
graylog2-server copied to clipboard
Graylog2
Pre-flight CA creation doesn't work with custom CA name
Description
I tried to use "Graylog, Inc." as an Organization Name value when creating the CA in pre-flight and got the following error.
There is no indication of what's wrong and there is no validation of the Organization Name.
2024-10-18T12:45:55.539Z ERROR [AnyExceptionClassMapper] Unhandled exception in REST resource
java.lang.RuntimeException: org.graylog.security.certutil.ca.exceptions.CACreationException: Failed to create a Certificate Authority
at org.graylog.security.certutil.CaKeystore.createSelfSigned(CaKeystore.java:112) ~[graylog.jar:?]
at org.graylog2.bootstrap.preflight.web.resources.PreflightResource.createCA(PreflightResource.java:143) ~[graylog.jar:?]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) ~[?:?]
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[?:?]
at java.base/java.lang.reflect.Method.invoke(Unknown Source) ~[?:?]
at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:52) ~[graylog.jar:?]
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:146) ~[graylog.jar:?]
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:189) ~[graylog.jar:?]
at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:176) ~[graylog.jar:?]
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:93) ~[graylog.jar:?]
at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:478) ~[graylog.jar:?]
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:400) ~[graylog.jar:?]
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:81) ~[graylog.jar:?]
at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:274) [graylog.jar:?]
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248) [graylog.jar:?]
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244) [graylog.jar:?]
at org.glassfish.jersey.internal.Errors.process(Errors.java:292) [graylog.jar:?]
at org.glassfish.jersey.internal.Errors.process(Errors.java:274) [graylog.jar:?]
at org.glassfish.jersey.internal.Errors.process(Errors.java:244) [graylog.jar:?]
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:266) [graylog.jar:?]
at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:253) [graylog.jar:?]
at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:696) [graylog.jar:?]
at org.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpContainer.service(GrizzlyHttpContainer.java:367) [graylog.jar:?]
at org.glassfish.grizzly.http.server.HttpHandler$1.run(HttpHandler.java:190) [graylog.jar:?]
at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:259) [graylog.jar:?]
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:?]
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:?]
at java.base/java.lang.Thread.run(Unknown Source) [?:?]
Caused by: org.graylog.security.certutil.ca.exceptions.CACreationException: Failed to create a Certificate Authority
at org.graylog.security.certutil.ca.CAKeyPair.<init>(CAKeyPair.java:56) ~[graylog.jar:?]
at org.graylog.security.certutil.ca.CAKeyPair.create(CAKeyPair.java:63) ~[graylog.jar:?]
at org.graylog.security.certutil.CaPersistenceService.create(CaPersistenceService.java:110) ~[graylog.jar:?]
at org.graylog.security.certutil.CaKeystore.createSelfSigned(CaKeystore.java:110) ~[graylog.jar:?]
... 28 more
Caused by: java.lang.IllegalArgumentException: badly formatted directory string
at org.bouncycastle.asn1.x500.style.IETFUtils.nextToken(Unknown Source) ~[graylog.jar:?]
at org.bouncycastle.asn1.x500.style.IETFUtils.addRDN(Unknown Source) ~[graylog.jar:?]
at org.bouncycastle.asn1.x500.style.IETFUtils.addRDNs(Unknown Source) ~[graylog.jar:?]
at org.bouncycastle.asn1.x500.style.IETFUtils.rDNsFromString(Unknown Source) ~[graylog.jar:?]
at org.bouncycastle.asn1.x500.style.BCStyle.fromString(Unknown Source) ~[graylog.jar:?]
at org.bouncycastle.asn1.x500.X500Name.<init>(Unknown Source) ~[graylog.jar:?]
at org.bouncycastle.asn1.x500.X500Name.<init>(Unknown Source) ~[graylog.jar:?]
at org.graylog.security.certutil.CertificateGenerator.generate(CertificateGenerator.java:44) ~[graylog.jar:?]
at org.graylog.security.certutil.ca.CAKeyPair.<init>(CAKeyPair.java:38) ~[graylog.jar:?]
at org.graylog.security.certutil.ca.CAKeyPair.create(CAKeyPair.java:63) ~[graylog.jar:?]
at org.graylog.security.certutil.CaPersistenceService.create(CaPersistenceService.java:110) ~[graylog.jar:?]
at org.graylog.security.certutil.CaKeystore.createSelfSigned(CaKeystore.java:110) ~[graylog.jar:?]
... 28 more
Steps to Reproduce (for bugs)
- Start Data Node and Server to get to the pre-flight UI
- Create a new CA and use
Graylog, Inc.as Organization Name
Your Environment
- Graylog Version: 6.1.0
