Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OID Parsing Issue when Using External CA (Smallstep StepCA with ACME Provisioner) #2897

Open
melck opened this issue Nov 20, 2024 · 0 comments
Open

OID Parsing Issue when Using External CA (Smallstep StepCA with ACME Provisioner) #2897

melck opened this issue Nov 20, 2024 · 0 comments
Labels
bug

Comments

@melck
Copy link

melck commented Nov 20, 2024

Describe the Bug

When configuring Puppet Server with an external Certificate Authority (Smallstep StepCA using the ACME provisioner) on Debian 12, the server starts successfully. However, running puppet agent --test results in multiple errors across three endpoints. The issue appears to be related to the parsing of OIDs in the certificate. The ACME provisioner generates certificates using the OID 1.3.6.1.4.1.37476.9000.64.1 to associate the certificate with the provisioner. Puppet Server seems unable to handle this specific OID correctly.

Expected Behavior

The puppet agent --test command should work without errors, successfully communicating with the Puppet Server when using certificates generated by the Smallstep StepCA with the ACME provisioner.

Steps to Reproduce

  1. Configure external CA with Smallstep StepCA with ACME provisioner) with docker-compose.yml :

    cat <<EOF > docker-compose.yml
volumes:
  data:

services:
  stepca:
    image: smallstep/step-ca
    hostname: pki.example.com
    volumes:
        - data:/home/step
    port:
        - 9000:9000
        - 9001:9001
    environment:
        - DOCKER_STEPCA_INIT_NAME=Example
        - DOCKER_STEPCA_INIT_ADMIN_SUBJECT=example
        - DOCKER_STEPCA_INIT_DNS_NAMES=pki.example.com,localhost
        - DOCKER_STEPCA_INIT_REMOTE_MANAGEMENT=true
        - DOCKER_STEPCA_INIT_ACME=true
EOF

docker compose up -d

# Generate CRLs
docker compose exec --user root stepca bash

apk add --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing cfssl

# Decrypt keys
step crypto key format --pem --password-file secrets/password secrets/root_ca_key --insecure --no-password --out root_ca.pem
step crypto key format --pem --password-file secrets/password secrets/intermediate_ca_key --insecure --no-password --out intermediate_ca.pem

# Generate empty crls
echo '' | cfssl gencrl - certs/root_ca.crt root_ca.pem | sed -n -E 's/(.*)/-----BEGIN X509 CRL-----\n\1\n-----END X509 CRL-----/p' > crl.pem
echo '' | cfssl gencrl - certs/intermediate_ca.crt intermediate_ca.pem | sed -n -E 's/(.*)/-----BEGIN X509 CRL-----\n\1\n-----END X509 CRL-----/p' >> crl.pem

  2. Install Puppet Server version 8.7.0-1bookworm on a Debian 12 virtual machine.

    wget https://apt.puppet.com/puppet8-release-$(lsb_release -cs).deb
sudo dpkg -i puppet8-release-$(lsb_release -cs).deb
sudo apt update
sudo apt install -y puppetserver

  3. Configure Puppet Server to use an external CA (cf. documentation Puppet 8) :

  4. Copy generated CRL to virtual machine /etc/puppetlabs/puppet/ssl/crl.pem

  5. Generate certificates using Smallstep StepCA and certbot :

    # Install requirements
sudo apt update
sudo apt install -y certbot cfssl

# Install CA certificate
curl -k 'https://pki.example.com:9000/roots.pem' --output '/usr/local/share/ca-certificates/Example_Root_CA.crt'
update-ca-certificates

certbot certonly --agree-tos --renew-by-default --server 'https://pki.example.com:9000/acme/acme/directory' --email '[email protected]' --key-type 'ecdsa' --elliptic-curve 'secp384r1' -n --standalone -d 'puppet.example.com' --cert-name 'puppetserver'

# Copy certificates
install -o puppet -g puppet -m '0600' '/etc/letsencrypt/live/puppetserver/private.pem' '/etc/puppetlabs/puppet/ssl/private_keys/puppet.example.com.pem'
install -o puppet -g puppet -m '0644' '/etc/letsencrypt/live/puppetserver/cert.pem' '/etc/puppetlabs/puppet/ssl/certs/puppet.example.com.pem'
install -o puppet -g puppet -m '0644' '/etc/ssl/certs/Example_Root_CA.crt' '/etc/puppetlabs/puppet/ssl/certs/ca.pem'
cat '/etc/letsencrypt/live/puppetserver/chain.pem' >> '/etc/puppetlabs/puppet/ssl/certs/ca.pem'

  6. Start Puppet Server systemctl start puppetserver.

  7. Run puppet agent --test.

Environment

  • Version: Puppet Server 8.7.0-1bookworm
  • Platform: Debian 12

Additional Context

The issue appears to be specific to the OID 1.3.6.1.4.1.37476.9000.64.1, which is used by the ACME provisioner to link certificates to its system. Further investigation into how Puppet Server parses and handles custom OIDs is needed.

Puppetserver logs when puppet agent --test 
2024-11-20T10:52:07.982+01:00 ERROR [qtp438764173-132] [p.r.core] Internal Server Error for GET /puppet/v3/file_metadatas/plugins: java.io.EOFException: DEF length 108 object truncated by 103
    at org.bouncycastle.asn1.DefiniteLengthInputStream.read(Unknown Source)
    at java.base/java.io.FilterInputStream.read(FilterInputStream.java:82)
    at org.bouncycastle.asn1.DefiniteLengthInputStream.read(Unknown Source)
    at java.base/java.io.FilterInputStream.read(FilterInputStream.java:82)
    at org.bouncycastle.asn1.DefiniteLengthInputStream.read(Unknown Source)
    at java.base/java.io.FilterInputStream.read(FilterInputStream.java:82)
    at org.bouncycastle.asn1.ASN1InputStream.readLength(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readLength(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readObject(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readTaggedObjectDL(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.buildObject(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readObject(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readTaggedObjectDL(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.buildObject(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readObject(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readTaggedObjectDL(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.buildObject(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readObject(Unknown Source)
    at org.bouncycastle.asn1.ASN1Primitive.fromByteArray(Unknown Source)
    at com.puppetlabs.ssl_utils.ExtensionsUtils.asn1ObjToObj(ExtensionsUtils.java:665)
    at com.puppetlabs.ssl_utils.ExtensionsUtils.asn1SeqToList(ExtensionsUtils.java:906)
    at com.puppetlabs.ssl_utils.ExtensionsUtils.asn1ObjToObj(ExtensionsUtils.java:660)
    at com.puppetlabs.ssl_utils.ExtensionsUtils.makeExtensionMap(ExtensionsUtils.java:551)
    at com.puppetlabs.ssl_utils.ExtensionsUtils.getExtensionList(ExtensionsUtils.java:354)
    at com.puppetlabs.ssl_utils.ExtensionsUtils.getExtensionList(ExtensionsUtils.java:143)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:569)
    at clojure.lang.Reflector.invokeMatchingMethod(Reflector.java:167)
    at clojure.lang.Reflector.invokeStaticMethod(Reflector.java:332)
    at puppetlabs.ssl_utils.core$fn__20911$get_extensions__20916$fn__20917.invoke(core.clj:247)
    at puppetlabs.ssl_utils.core$fn__20911$get_extensions__20916.invoke(core.clj:239)
    at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25894$request__GT_extensions__25899$fn__25900.invoke(ring_middleware.clj:197)
    at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25894$request__GT_extensions__25899.invoke(ring_middleware.clj:188)
    at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25924$add_authinfo__25929$fn__25930.invoke(ring_middleware.clj:214)
    at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25924$add_authinfo__25929.invoke(ring_middleware.clj:208)
    at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25987$authorization_check__25992$fn__25993.invoke(ring_middleware.clj:276)
    at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25987$authorization_check__25992.invoke(ring_middleware.clj:264)
    at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__26015$wrap_authorization_check__26020$fn__26021$fn__26022.invoke(ring_middleware.clj:291)
    at puppetlabs.ring_middleware.core$fn__23471$wrap_bad_request__23480$fn__23483$fn__23489.invoke(core.clj:188)
    at puppetlabs.ring_middleware.core$fn__23572$wrap_uncaught_errors__23581$fn__23584$fn__23585.invoke(core.clj:236)
    at puppetlabs.ring_middleware.core$fn__23139$wrap_request_logging__23144$fn__23145$fn__23147.invoke(core.clj:51)
    at puppetlabs.i18n.core$locale_negotiator$fn__4730.invoke(core.clj:361)
    at puppetlabs.ring_middleware.core$fn__23168$wrap_response_logging__23173$fn__23174$fn__23175.invoke(core.clj:57)
    at puppetlabs.puppetserver.ringutils$wrap_with_puppet_version_header$fn__37237.invoke(ringutils.clj:90)
    at puppetlabs.services.master.master_core$fn__44863$v3_ruby_routes__44868$fn__44869$fn__44874.invoke(master_core.clj:1040)
    at bidi.ring$fn__17036.invokeStatic(ring.cljc:25)
    at bidi.ring$fn__17036.invoke(ring.cljc:21)
    at bidi.ring$fn__17021$G__17016__17030.invoke(ring.cljc:16)
    at puppetlabs.comidi$make_handler$fn__19101.invoke(comidi.clj:245)
    at puppetlabs.metrics.http$fn__43666$wrap_with_request_metrics__43671$fn__43675$fn__43677$fn__43678$fn__43679.invoke(http.clj:152)
    at puppetlabs.metrics.http.proxy$java.lang.Object$Callable$7da976d4.call(Unknown Source)
    at com.codahale.metrics.Timer.time(Timer.java:101)
    at puppetlabs.metrics.http$fn__43666$wrap_with_request_metrics__43671$fn__43675$fn__43677$fn__43678.invoke(http.clj:152)
    at puppetlabs.metrics.http.proxy$java.lang.Object$Callable$7da976d4.call(Unknown Source)
    at com.codahale.metrics.Timer.time(Timer.java:101)
    at puppetlabs.metrics.http$fn__43666$wrap_with_request_metrics__43671$fn__43675$fn__43677.invoke(http.clj:148)
    at puppetlabs.comidi$fn__19166$wrap_with_route_metadata__19171$fn__19172$fn__19174.invoke(comidi.clj:332)
    at puppetlabs.trapperkeeper.services.webserver.jetty10_core$ring_handler$fn__29581.invoke(jetty10_core.clj:533)
    at puppetlabs.trapperkeeper.services.webserver.jetty10_core.proxy$org.eclipse.jetty.server.handler.HandlerWrapper$ff19274a.handle(Unknown Source)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:569)
    at clojure.lang.Reflector.invokeMatchingMethod(Reflector.java:167)
    at clojure.lang.Reflector.invokeInstanceMethod(Reflector.java:102)
    at puppetlabs.trapperkeeper.services.webserver.normalized_uri_helpers$fn__29117$normalize_uri_handler__29122$fn__29123$fn__29124.invoke(normalized_uri_helpers.clj:73)
    at puppetlabs.trapperkeeper.services.webserver.normalized_uri_helpers.proxy$org.eclipse.jetty.server.handler.HandlerWrapper$ff19274a.handle(Unknown Source)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1384)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1306)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129)
    at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:192)
    at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:141)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
    at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:822)
    at com.puppetlabs.trapperkeeper.services.webserver.jetty10.utils.MDCRequestLogHandler.handle(MDCRequestLogHandler.java:48)
    at org.eclipse.jetty.server.handler.StatisticsHandler.handle(StatisticsHandler.java:173)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
    at org.eclipse.jetty.server.Server.handle(Server.java:563)
    at org.eclipse.jetty.server.HttpChannel$RequestDispatchable.dispatch(HttpChannel.java:1598)
    at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:753)
    at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:501)
    at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:287)
    at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314)
    at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
    at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:558)
    at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:379)
    at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:146)
    at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
    at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)
    at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421)
    at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390)
    at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277)
    at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.run(AdaptiveExecutionStrategy.java:199)
    at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411)
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:969)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1194)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1149)
    at java.base/java.lang.Thread.run(Thread.java:840)

2024-11-20T10:52:08.146+01:00 ERROR [qtp438764173-134] [p.r.core] Internal Server Error for POST /puppet/v3/catalog/puppet.example.com: java.io.EOFException: DEF length 108 object truncated by 103
    at org.bouncycastle.asn1.DefiniteLengthInputStream.read(Unknown Source)
    at java.base/java.io.FilterInputStream.read(FilterInputStream.java:82)
    at org.bouncycastle.asn1.DefiniteLengthInputStream.read(Unknown Source)
    at java.base/java.io.FilterInputStream.read(FilterInputStream.java:82)
    at org.bouncycastle.asn1.DefiniteLengthInputStream.read(Unknown Source)
    at java.base/java.io.FilterInputStream.read(FilterInputStream.java:82)
    at org.bouncycastle.asn1.ASN1InputStream.readLength(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readLength(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readObject(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readTaggedObjectDL(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.buildObject(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readObject(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readTaggedObjectDL(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.buildObject(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readObject(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readTaggedObjectDL(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.buildObject(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readObject(Unknown Source)
    at org.bouncycastle.asn1.ASN1Primitive.fromByteArray(Unknown Source)
    at com.puppetlabs.ssl_utils.ExtensionsUtils.asn1ObjToObj(ExtensionsUtils.java:665)
    at com.puppetlabs.ssl_utils.ExtensionsUtils.asn1SeqToList(ExtensionsUtils.java:906)
    at com.puppetlabs.ssl_utils.ExtensionsUtils.asn1ObjToObj(ExtensionsUtils.java:660)
    at com.puppetlabs.ssl_utils.ExtensionsUtils.makeExtensionMap(ExtensionsUtils.java:551)
    at com.puppetlabs.ssl_utils.ExtensionsUtils.getExtensionList(ExtensionsUtils.java:354)
    at com.puppetlabs.ssl_utils.ExtensionsUtils.getExtensionList(ExtensionsUtils.java:143)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:569)
    at clojure.lang.Reflector.invokeMatchingMethod(Reflector.java:167)
    at clojure.lang.Reflector.invokeStaticMethod(Reflector.java:332)
    at puppetlabs.ssl_utils.core$fn__20911$get_extensions__20916$fn__20917.invoke(core.clj:247)
    at puppetlabs.ssl_utils.core$fn__20911$get_extensions__20916.invoke(core.clj:239)
    at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25894$request__GT_extensions__25899$fn__25900.invoke(ring_middleware.clj:197)
    at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25894$request__GT_extensions__25899.invoke(ring_middleware.clj:188)
    at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25924$add_authinfo__25929$fn__25930.invoke(ring_middleware.clj:214)
    at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25924$add_authinfo__25929.invoke(ring_middleware.clj:208)
    at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25987$authorization_check__25992$fn__25993.invoke(ring_middleware.clj:276)
    at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25987$authorization_check__25992.invoke(ring_middleware.clj:264)
    at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__26015$wrap_authorization_check__26020$fn__26021$fn__26022.invoke(ring_middleware.clj:291)
    at puppetlabs.ring_middleware.core$fn__23471$wrap_bad_request__23480$fn__23483$fn__23489.invoke(core.clj:188)
    at puppetlabs.ring_middleware.core$fn__23572$wrap_uncaught_errors__23581$fn__23584$fn__23585.invoke(core.clj:236)
    at puppetlabs.ring_middleware.core$fn__23139$wrap_request_logging__23144$fn__23145$fn__23147.invoke(core.clj:51)
    at puppetlabs.i18n.core$locale_negotiator$fn__4730.invoke(core.clj:361)
    at puppetlabs.ring_middleware.core$fn__23168$wrap_response_logging__23173$fn__23174$fn__23175.invoke(core.clj:57)
    at puppetlabs.puppetserver.ringutils$wrap_with_puppet_version_header$fn__37237.invoke(ringutils.clj:90)
    at puppetlabs.puppetserver.ringutils$wrap_with_certname_as_compiler$fn__37234.invoke(ringutils.clj:83)
    at puppetlabs.services.master.master_core$fn__44863$v3_ruby_routes__44868$fn__44869$fn__44886.invoke(master_core.clj:1054)
    at bidi.ring$fn__17036.invokeStatic(ring.cljc:25)
    at bidi.ring$fn__17036.invoke(ring.cljc:21)
    at bidi.ring$fn__17021$G__17016__17030.invoke(ring.cljc:16)
    at puppetlabs.comidi$make_handler$fn__19101.invoke(comidi.clj:245)
    at puppetlabs.metrics.http$fn__43666$wrap_with_request_metrics__43671$fn__43675$fn__43677$fn__43678$fn__43679.invoke(http.clj:152)
    at puppetlabs.metrics.http.proxy$java.lang.Object$Callable$7da976d4.call(Unknown Source)
    at com.codahale.metrics.Timer.time(Timer.java:101)
    at puppetlabs.metrics.http$fn__43666$wrap_with_request_metrics__43671$fn__43675$fn__43677$fn__43678.invoke(http.clj:152)
    at puppetlabs.metrics.http.proxy$java.lang.Object$Callable$7da976d4.call(Unknown Source)
    at com.codahale.metrics.Timer.time(Timer.java:101)
    at puppetlabs.metrics.http$fn__43666$wrap_with_request_metrics__43671$fn__43675$fn__43677.invoke(http.clj:148)
    at puppetlabs.comidi$fn__19166$wrap_with_route_metadata__19171$fn__19172$fn__19174.invoke(comidi.clj:332)
    at puppetlabs.trapperkeeper.services.webserver.jetty10_core$ring_handler$fn__29581.invoke(jetty10_core.clj:533)
    at puppetlabs.trapperkeeper.services.webserver.jetty10_core.proxy$org.eclipse.jetty.server.handler.HandlerWrapper$ff19274a.handle(Unknown Source)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:569)
    at clojure.lang.Reflector.invokeMatchingMethod(Reflector.java:167)
    at clojure.lang.Reflector.invokeInstanceMethod(Reflector.java:102)
    at puppetlabs.trapperkeeper.services.webserver.normalized_uri_helpers$fn__29117$normalize_uri_handler__29122$fn__29123$fn__29124.invoke(normalized_uri_helpers.clj:73)
    at puppetlabs.trapperkeeper.services.webserver.normalized_uri_helpers.proxy$org.eclipse.jetty.server.handler.HandlerWrapper$ff19274a.handle(Unknown Source)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1384)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1306)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129)
    at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:192)
    at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:141)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
    at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:822)
    at com.puppetlabs.trapperkeeper.services.webserver.jetty10.utils.MDCRequestLogHandler.handle(MDCRequestLogHandler.java:48)
    at org.eclipse.jetty.server.handler.StatisticsHandler.handle(StatisticsHandler.java:173)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
    at org.eclipse.jetty.server.Server.handle(Server.java:563)
    at org.eclipse.jetty.server.HttpChannel$RequestDispatchable.dispatch(HttpChannel.java:1598)
    at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:753)
    at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:501)
    at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:287)
    at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314)
    at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
    at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:558)
    at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:379)
    at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:146)
    at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
    at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)
    at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421)
    at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390)
    at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277)
    at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.run(AdaptiveExecutionStrategy.java:199)
    at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411)
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:969)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1194)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1149)
    at java.base/java.lang.Thread.run(Thread.java:840)

2024-11-20T10:52:08.161+01:00 ERROR [qtp438764173-132] [p.r.core] Internal Server Error for PUT /puppet/v3/report/puppet.example.com: java.io.EOFException: DEF length 108 object truncated by 103
    at org.bouncycastle.asn1.DefiniteLengthInputStream.read(Unknown Source)
    at java.base/java.io.FilterInputStream.read(FilterInputStream.java:82)
    at org.bouncycastle.asn1.DefiniteLengthInputStream.read(Unknown Source)
    at java.base/java.io.FilterInputStream.read(FilterInputStream.java:82)
    at org.bouncycastle.asn1.DefiniteLengthInputStream.read(Unknown Source)
    at java.base/java.io.FilterInputStream.read(FilterInputStream.java:82)
    at org.bouncycastle.asn1.ASN1InputStream.readLength(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readLength(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readObject(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readTaggedObjectDL(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.buildObject(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readObject(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readTaggedObjectDL(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.buildObject(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readObject(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readTaggedObjectDL(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.buildObject(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readObject(Unknown Source)
    at org.bouncycastle.asn1.ASN1Primitive.fromByteArray(Unknown Source)
    at com.puppetlabs.ssl_utils.ExtensionsUtils.asn1ObjToObj(ExtensionsUtils.java:665)
    at com.puppetlabs.ssl_utils.ExtensionsUtils.asn1SeqToList(ExtensionsUtils.java:906)
    at com.puppetlabs.ssl_utils.ExtensionsUtils.asn1ObjToObj(ExtensionsUtils.java:660)
    at com.puppetlabs.ssl_utils.ExtensionsUtils.makeExtensionMap(ExtensionsUtils.java:551)
    at com.puppetlabs.ssl_utils.ExtensionsUtils.getExtensionList(ExtensionsUtils.java:354)
    at com.puppetlabs.ssl_utils.ExtensionsUtils.getExtensionList(ExtensionsUtils.java:143)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:569)
    at clojure.lang.Reflector.invokeMatchingMethod(Reflector.java:167)
    at clojure.lang.Reflector.invokeStaticMethod(Reflector.java:332)
    at puppetlabs.ssl_utils.core$fn__20911$get_extensions__20916$fn__20917.invoke(core.clj:247)
    at puppetlabs.ssl_utils.core$fn__20911$get_extensions__20916.invoke(core.clj:239)
    at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25894$request__GT_extensions__25899$fn__25900.invoke(ring_middleware.clj:197)
    at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25894$request__GT_extensions__25899.invoke(ring_middleware.clj:188)
    at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25924$add_authinfo__25929$fn__25930.invoke(ring_middleware.clj:214)
    at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25924$add_authinfo__25929.invoke(ring_middleware.clj:208)
    at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25987$authorization_check__25992$fn__25993.invoke(ring_middleware.clj:276)
    at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25987$authorization_check__25992.invoke(ring_middleware.clj:264)
    at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__26015$wrap_authorization_check__26020$fn__26021$fn__26022.invoke(ring_middleware.clj:291)
    at puppetlabs.ring_middleware.core$fn__23471$wrap_bad_request__23480$fn__23483$fn__23489.invoke(core.clj:188)
    at puppetlabs.ring_middleware.core$fn__23572$wrap_uncaught_errors__23581$fn__23584$fn__23585.invoke(core.clj:236)
    at puppetlabs.ring_middleware.core$fn__23139$wrap_request_logging__23144$fn__23145$fn__23147.invoke(core.clj:51)
    at puppetlabs.i18n.core$locale_negotiator$fn__4730.invoke(core.clj:361)
    at puppetlabs.ring_middleware.core$fn__23168$wrap_response_logging__23173$fn__23174$fn__23175.invoke(core.clj:57)
    at puppetlabs.puppetserver.ringutils$wrap_with_puppet_version_header$fn__37237.invoke(ringutils.clj:90)
    at puppetlabs.services.master.master_core$fn__44863$v3_ruby_routes__44868$fn__44869$fn__44890.invoke(master_core.clj:1058)
    at bidi.ring$fn__17036.invokeStatic(ring.cljc:25)
    at bidi.ring$fn__17036.invoke(ring.cljc:21)
    at bidi.ring$fn__17021$G__17016__17030.invoke(ring.cljc:16)
    at puppetlabs.comidi$make_handler$fn__19101.invoke(comidi.clj:245)
    at puppetlabs.metrics.http$fn__43666$wrap_with_request_metrics__43671$fn__43675$fn__43677$fn__43678$fn__43679.invoke(http.clj:152)
    at puppetlabs.metrics.http.proxy$java.lang.Object$Callable$7da976d4.call(Unknown Source)
    at com.codahale.metrics.Timer.time(Timer.java:101)
    at puppetlabs.metrics.http$fn__43666$wrap_with_request_metrics__43671$fn__43675$fn__43677$fn__43678.invoke(http.clj:152)
    at puppetlabs.metrics.http.proxy$java.lang.Object$Callable$7da976d4.call(Unknown Source)
    at com.codahale.metrics.Timer.time(Timer.java:101)
    at puppetlabs.metrics.http$fn__43666$wrap_with_request_metrics__43671$fn__43675$fn__43677.invoke(http.clj:148)
    at puppetlabs.comidi$fn__19166$wrap_with_route_metadata__19171$fn__19172$fn__19174.invoke(comidi.clj:332)
    at puppetlabs.trapperkeeper.services.webserver.jetty10_core$ring_handler$fn__29581.invoke(jetty10_core.clj:533)
    at puppetlabs.trapperkeeper.services.webserver.jetty10_core.proxy$org.eclipse.jetty.server.handler.HandlerWrapper$ff19274a.handle(Unknown Source)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:569)
    at clojure.lang.Reflector.invokeMatchingMethod(Reflector.java:167)
    at clojure.lang.Reflector.invokeInstanceMethod(Reflector.java:102)
    at puppetlabs.trapperkeeper.services.webserver.normalized_uri_helpers$fn__29117$normalize_uri_handler__29122$fn__29123$fn__29124.invoke(normalized_uri_helpers.clj:73)
    at puppetlabs.trapperkeeper.services.webserver.normalized_uri_helpers.proxy$org.eclipse.jetty.server.handler.HandlerWrapper$ff19274a.handle(Unknown Source)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1384)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1306)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129)
    at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:192)
    at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:141)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
    at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:790)
    at com.puppetlabs.trapperkeeper.services.webserver.jetty10.utils.MDCRequestLogHandler.handle(MDCRequestLogHandler.java:48)
    at org.eclipse.jetty.server.handler.StatisticsHandler.handle(StatisticsHandler.java:173)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
    at org.eclipse.jetty.server.Server.handle(Server.java:563)
    at org.eclipse.jetty.server.HttpChannel$RequestDispatchable.dispatch(HttpChannel.java:1598)
    at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:753)
    at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:501)
    at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:287)
    at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314)
    at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
    at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:558)
    at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:379)
    at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:146)
    at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
    at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)
    at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421)
    at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390)
    at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277)
    at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.run(AdaptiveExecutionStrategy.java:199)
    at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411)
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:969)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1194)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1149)
    at java.base/java.lang.Thread.run(Thread.java:840)
@melck melck added the bug label Nov 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@melck