Jargon breaking GSI by zapping list of CAs

[vladimir-mencl-eresearch]

Hi,

I had an issue where GSI login wasn't working for me with Jargon 4.0.2.3-RELEASE - I was getting an Unknown CA error despite having the CA certificates installed.

I tracked it down to this piece of code in GSIAuth.java

                String caLocations = irodsAccount.getCertificateAuthority();
....
                        if (caLocations != null ) {
                                cog = CoGProperties.getDefault();
                                defaultCA = cog.getCaCertLocations();
                                cog.setCaCertLocations(caLocations);
                        }

The problem is that GSIIRODSAccount.certificateAuthority is initialized as an empty String, not null:

    private String certificateAuthority = "";

I got around this with:

--- a/jargon-core/src/main/java/org/irods/jargon/core/connection/GSIAuth.java
+++ b/jargon-core/src/main/java/org/irods/jargon/core/connection/GSIAuth.java
@@ -124,7 +124,7 @@ class GSIAuth extends AuthMechanism {

                try {

-                       if (caLocations != null) {
+                       if (caLocations != null && caLocations.length()>0 ) {
                                cog = CoGProperties.getDefault();
                                defaultCA = cog.getCaCertLocations();
                                cog.setCaCertLocations(caLocations);

but the proper solution would (likely) be to change the default value of GSIIRODSAccount.certificateAuthority to null.

Submitting this as an Issue and not a Pull Request as further discussion may be needed...

Cheers,
Vlad

[michael-conway]

thanks!

I'll stick that in the master so we can test it out.

On Wed, Jul 29, 2015 at 1:31 AM, Vladimir Mencl [email protected]
wrote:

Hi,

I had an issue where GSI login wasn't working for me with Jargon
4.0.2.3-RELEASE - I was getting an Unknown CA error despite having the CA
certificates installed.

I tracked it down to this piece of code in GSIAuth.java

            String caLocations = irodsAccount.getCertificateAuthority();

....
if (caLocations != null ) {
cog = CoGProperties.getDefault();
defaultCA = cog.getCaCertLocations();
cog.setCaCertLocations(caLocations);
}

The problem is that GSIIRODSAccount.certificateAuthority is initialized as
an empty String, not null:

private String certificateAuthority = "";

I got around this with:

--- a/jargon-core/src/main/java/org/irods/jargon/core/connection/GSIAuth.java
+++ b/jargon-core/src/main/java/org/irods/jargon/core/connection/GSIAuth.java
@@ -124,7 +124,7 @@ class GSIAuth extends AuthMechanism {

            try {

•                   if (caLocations != null) {
  

•                   if (caLocations != null && caLocations.length()>0 ) {
                          cog = CoGProperties.getDefault();
                          defaultCA = cog.getCaCertLocations();
                          cog.setCaCertLocations(caLocations);
  

but the proper solution would (likely) be to change the default value of
GSIIRODSAccount.certificateAuthority to null.

Submitting this as an Issue and not a Pull Request as further discussion
may be needed...

Cheers,
Vlad

—
Reply to this email directly or view it on GitHub
#137.

[vladimir-mencl-eresearch]

Hi Michael,

Thanks!

Not sure which of the options is more appropriate - following general Java conventions, I'd think changing the default value of GSIIRODSAccount.certificateAuthority to null as the best option...

Cheers,
Vlad

[michael-conway]

I decided on the former (length check) because generally I've tried to avoid nulls in string values as an indicator (to avoid surprise NPEs)