powered by Jive Software

Import Signed Certificate fails if no passphrase is provided

Import cert and key and leave pass phrase empty, I get an error message:

There was an error one importing private key and signed certificate.

I provided an unencrypted key. So a pass phrase is superfluous.

openfire v3.9.3


at org.jivesoftware.util.CertificateManager.installCert(CertificateManager.java:58 7)

at org.jivesoftware.openfire.admin.import_002dcertificate_jsp._jspService(import_0 02dcertificate_jsp.java:114)

According to the code in CertificateManager passPhrase parameter is mandatory. NPE occurs when JcePEMDecryptorProviderBuilder.build method parameter is invoked. JcePEMDecryptorProviderBuilder is required if object is a PEMEncryptedKeyPair, only. If the jsp page would call the method with an empty string instead of null, it would not fail. Otherwise input parameters should be validated.

But the easiest workaround would be to defer the instantiation of PEMDecryptorProvider a few lines later.