(SERVER-2550) Process InputStream into ByteArrayStream

The utilities for turning pems into PKI objects cannot handle a basic input stream. This commit converts the input from the endpoint into a ByteArrayInputStream, which is handled correctly by the ssl-utils helpers.
puppetlabs · May 21, 2021 · f83e3d1 · f83e3d1
1 parent e4145e8
commit f83e3d1
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/src/clj/puppetlabs/services/ca/certificate_authority_core.clj b/src/clj/puppetlabs/services/ca/certificate_authority_core.clj
@@ -1,5 +1,5 @@
 (ns puppetlabs.services.ca.certificate-authority-core
-  (:import [java.io InputStream]
+  (:import [java.io InputStream ByteArrayInputStream]
            (clojure.lang IFn)
            (org.joda.time DateTime))
   (:require [puppetlabs.puppetserver.certificate-authority :as ca]
@@ -100,7 +100,10 @@
    {:keys [cacrl cacert enable-infra-crl infra-crl-path]} :- ca/CaSettings]
   (locking crl-write-serializer
     (try
-      (let [incoming-crls (utils/pem->crls incoming-crl-pem)]
+      (let [byte-stream (-> incoming-crl-pem
+                            ca/input-stream->byte-array
+                            ByteArrayInputStream.)
+            incoming-crls (utils/pem->crls byte-stream)]
         (ca/update-crls incoming-crls cacrl cacert)
         (when enable-infra-crl
           (ca/update-crls incoming-crls infra-crl-path cacert)))