Log when encountered cert but expecting key and vice-versa.. (elastic/x-pack-elasticsearch#2670)

Log when encountered cert but expecting key and vice-versa. relates elastic/x-pack-elasticsearch#2657 Original commit: elastic/x-pack-elasticsearch@4e26d8044f
2017-11-01 15:20:28 +02:00 · 2017-11-01 15:20:28 +02:00 · fb13299714
parent fe21003341
commit fb13299714
1 changed files with 10 additions and 3 deletions
--- a/plugin/src/main/java/org/elasticsearch/xpack/ssl/CertUtils.java
+++ b/plugin/src/main/java/org/elasticsearch/xpack/ssl/CertUtils.java
@ -274,8 +274,11 @@ public class CertUtils {
                    X509TrustedCertificateBlock certificateBlock = (X509TrustedCertificateBlock) parsed;
                    holder = certificateBlock.getCertificateHolder();
                } else {
-                    throw new IllegalArgumentException("parsed an unsupported object [" +
-                            parsed.getClass().getSimpleName() + "]");
+                    String msg = "parsed an unsupported object [" + parsed.getClass().getSimpleName() + "]";
+                    if (parsed instanceof PEMEncryptedKeyPair || parsed instanceof PEMKeyPair || parsed instanceof PrivateKeyInfo) {
+                        msg = msg + ". Encountered a PEM Key while expecting a PEM certificate.";
+                    }
+                    throw new IllegalArgumentException(msg);
                }
                certificates.add(certFactory.generateCertificate(new ByteArrayInputStream(holder.getEncoded())));
                parsed = pemParser.readObject();
@ -323,7 +326,11 @@ public class CertUtils {
            // skip this object and recurse into this method again to read the next object
            return innerReadPrivateKey(parser, passwordSupplier);
        } else {
-            throw new IllegalArgumentException("parsed an unsupported object [" + parsed.getClass().getSimpleName() + "]");
+            String msg = "parsed an unsupported object [" + parsed.getClass().getSimpleName() + "]";
+            if (parsed instanceof X509CertificateHolder || parsed instanceof X509TrustedCertificateBlock) {
+                msg = msg + ". Encountered a PEM Certificate while expecting a PEM Key.";
+            }
+            throw new IllegalArgumentException(msg);
        }

        return privateKeyInfo;