OID Parsing Issue when Using External CA (Smallstep StepCA with ACME Provisioner) #2897
Description
Describe the Bug
When configuring Puppet Server with an external Certificate Authority (Smallstep StepCA using the ACME provisioner) on Debian 12, the server starts successfully. However, running puppet agent --test results in multiple errors across three endpoints. The issue appears to be related to the parsing of OIDs in the certificate. The ACME provisioner generates certificates using the OID 1.3.6.1.4.1.37476.9000.64.1 to associate the certificate with the provisioner. Puppet Server seems unable to handle this specific OID correctly.
Expected Behavior
The puppet agent --test command should work without errors, successfully communicating with the Puppet Server when using certificates generated by the Smallstep StepCA with the ACME provisioner.
Steps to Reproduce
-
Configure external CA with Smallstep StepCA with ACME provisioner) with
docker-compose.yml:cat <<EOF > docker-compose.yml volumes: data: services: stepca: image: smallstep/step-ca hostname: pki.example.com volumes: - data:/home/step port: - 9000:9000 - 9001:9001 environment: - DOCKER_STEPCA_INIT_NAME=Example - DOCKER_STEPCA_INIT_ADMIN_SUBJECT=example - DOCKER_STEPCA_INIT_DNS_NAMES=pki.example.com,localhost - DOCKER_STEPCA_INIT_REMOTE_MANAGEMENT=true - DOCKER_STEPCA_INIT_ACME=true EOF docker compose up -d # Generate CRLs docker compose exec --user root stepca bash apk add --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing cfssl # Decrypt keys step crypto key format --pem --password-file secrets/password secrets/root_ca_key --insecure --no-password --out root_ca.pem step crypto key format --pem --password-file secrets/password secrets/intermediate_ca_key --insecure --no-password --out intermediate_ca.pem # Generate empty crls echo '' | cfssl gencrl - certs/root_ca.crt root_ca.pem | sed -n -E 's/(.*)/-----BEGIN X509 CRL-----\n\1\n-----END X509 CRL-----/p' > crl.pem echo '' | cfssl gencrl - certs/intermediate_ca.crt intermediate_ca.pem | sed -n -E 's/(.*)/-----BEGIN X509 CRL-----\n\1\n-----END X509 CRL-----/p' >> crl.pem
-
Install Puppet Server version
8.7.0-1bookwormon a Debian 12 virtual machine.wget https://apt.puppet.com/puppet8-release-$(lsb_release -cs).deb sudo dpkg -i puppet8-release-$(lsb_release -cs).deb sudo apt update sudo apt install -y puppetserver
-
Configure Puppet Server to use an external CA (cf. documentation Puppet 8) :
-
Copy generated CRL to virtual machine
/etc/puppetlabs/puppet/ssl/crl.pem -
Generate certificates using Smallstep StepCA and certbot :
# Install requirements sudo apt update sudo apt install -y certbot cfssl # Install CA certificate curl -k 'https://pki.example.com:9000/roots.pem' --output '/usr/local/share/ca-certificates/Example_Root_CA.crt' update-ca-certificates certbot certonly --agree-tos --renew-by-default --server 'https://pki.example.com:9000/acme/acme/directory' --email '[email protected]' --key-type 'ecdsa' --elliptic-curve 'secp384r1' -n --standalone -d 'puppet.example.com' --cert-name 'puppetserver' # Copy certificates install -o puppet -g puppet -m '0600' '/etc/letsencrypt/live/puppetserver/private.pem' '/etc/puppetlabs/puppet/ssl/private_keys/puppet.example.com.pem' install -o puppet -g puppet -m '0644' '/etc/letsencrypt/live/puppetserver/cert.pem' '/etc/puppetlabs/puppet/ssl/certs/puppet.example.com.pem' install -o puppet -g puppet -m '0644' '/etc/ssl/certs/Example_Root_CA.crt' '/etc/puppetlabs/puppet/ssl/certs/ca.pem' cat '/etc/letsencrypt/live/puppetserver/chain.pem' >> '/etc/puppetlabs/puppet/ssl/certs/ca.pem'
-
Start Puppet Server
systemctl start puppetserver. -
Run
puppet agent --test.
Environment
- Version: Puppet Server
8.7.0-1bookworm - Platform: Debian 12
Additional Context
The issue appears to be specific to the OID 1.3.6.1.4.1.37476.9000.64.1, which is used by the ACME provisioner to link certificates to its system. Further investigation into how Puppet Server parses and handles custom OIDs is needed.
Puppetserver logs when puppet agent --test
2024-11-20T10:52:07.982+01:00 ERROR [qtp438764173-132] [p.r.core] Internal Server Error for GET /puppet/v3/file_metadatas/plugins: java.io.EOFException: DEF length 108 object truncated by 103
at org.bouncycastle.asn1.DefiniteLengthInputStream.read(Unknown Source)
at java.base/java.io.FilterInputStream.read(FilterInputStream.java:82)
at org.bouncycastle.asn1.DefiniteLengthInputStream.read(Unknown Source)
at java.base/java.io.FilterInputStream.read(FilterInputStream.java:82)
at org.bouncycastle.asn1.DefiniteLengthInputStream.read(Unknown Source)
at java.base/java.io.FilterInputStream.read(FilterInputStream.java:82)
at org.bouncycastle.asn1.ASN1InputStream.readLength(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readLength(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readObject(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readTaggedObjectDL(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.buildObject(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readObject(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readTaggedObjectDL(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.buildObject(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readObject(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readTaggedObjectDL(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.buildObject(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readObject(Unknown Source)
at org.bouncycastle.asn1.ASN1Primitive.fromByteArray(Unknown Source)
at com.puppetlabs.ssl_utils.ExtensionsUtils.asn1ObjToObj(ExtensionsUtils.java:665)
at com.puppetlabs.ssl_utils.ExtensionsUtils.asn1SeqToList(ExtensionsUtils.java:906)
at com.puppetlabs.ssl_utils.ExtensionsUtils.asn1ObjToObj(ExtensionsUtils.java:660)
at com.puppetlabs.ssl_utils.ExtensionsUtils.makeExtensionMap(ExtensionsUtils.java:551)
at com.puppetlabs.ssl_utils.ExtensionsUtils.getExtensionList(ExtensionsUtils.java:354)
at com.puppetlabs.ssl_utils.ExtensionsUtils.getExtensionList(ExtensionsUtils.java:143)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:569)
at clojure.lang.Reflector.invokeMatchingMethod(Reflector.java:167)
at clojure.lang.Reflector.invokeStaticMethod(Reflector.java:332)
at puppetlabs.ssl_utils.core$fn__20911$get_extensions__20916$fn__20917.invoke(core.clj:247)
at puppetlabs.ssl_utils.core$fn__20911$get_extensions__20916.invoke(core.clj:239)
at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25894$request__GT_extensions__25899$fn__25900.invoke(ring_middleware.clj:197)
at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25894$request__GT_extensions__25899.invoke(ring_middleware.clj:188)
at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25924$add_authinfo__25929$fn__25930.invoke(ring_middleware.clj:214)
at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25924$add_authinfo__25929.invoke(ring_middleware.clj:208)
at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25987$authorization_check__25992$fn__25993.invoke(ring_middleware.clj:276)
at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25987$authorization_check__25992.invoke(ring_middleware.clj:264)
at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__26015$wrap_authorization_check__26020$fn__26021$fn__26022.invoke(ring_middleware.clj:291)
at puppetlabs.ring_middleware.core$fn__23471$wrap_bad_request__23480$fn__23483$fn__23489.invoke(core.clj:188)
at puppetlabs.ring_middleware.core$fn__23572$wrap_uncaught_errors__23581$fn__23584$fn__23585.invoke(core.clj:236)
at puppetlabs.ring_middleware.core$fn__23139$wrap_request_logging__23144$fn__23145$fn__23147.invoke(core.clj:51)
at puppetlabs.i18n.core$locale_negotiator$fn__4730.invoke(core.clj:361)
at puppetlabs.ring_middleware.core$fn__23168$wrap_response_logging__23173$fn__23174$fn__23175.invoke(core.clj:57)
at puppetlabs.puppetserver.ringutils$wrap_with_puppet_version_header$fn__37237.invoke(ringutils.clj:90)
at puppetlabs.services.master.master_core$fn__44863$v3_ruby_routes__44868$fn__44869$fn__44874.invoke(master_core.clj:1040)
at bidi.ring$fn__17036.invokeStatic(ring.cljc:25)
at bidi.ring$fn__17036.invoke(ring.cljc:21)
at bidi.ring$fn__17021$G__17016__17030.invoke(ring.cljc:16)
at puppetlabs.comidi$make_handler$fn__19101.invoke(comidi.clj:245)
at puppetlabs.metrics.http$fn__43666$wrap_with_request_metrics__43671$fn__43675$fn__43677$fn__43678$fn__43679.invoke(http.clj:152)
at puppetlabs.metrics.http.proxy$java.lang.Object$Callable$7da976d4.call(Unknown Source)
at com.codahale.metrics.Timer.time(Timer.java:101)
at puppetlabs.metrics.http$fn__43666$wrap_with_request_metrics__43671$fn__43675$fn__43677$fn__43678.invoke(http.clj:152)
at puppetlabs.metrics.http.proxy$java.lang.Object$Callable$7da976d4.call(Unknown Source)
at com.codahale.metrics.Timer.time(Timer.java:101)
at puppetlabs.metrics.http$fn__43666$wrap_with_request_metrics__43671$fn__43675$fn__43677.invoke(http.clj:148)
at puppetlabs.comidi$fn__19166$wrap_with_route_metadata__19171$fn__19172$fn__19174.invoke(comidi.clj:332)
at puppetlabs.trapperkeeper.services.webserver.jetty10_core$ring_handler$fn__29581.invoke(jetty10_core.clj:533)
at puppetlabs.trapperkeeper.services.webserver.jetty10_core.proxy$org.eclipse.jetty.server.handler.HandlerWrapper$ff19274a.handle(Unknown Source)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:569)
at clojure.lang.Reflector.invokeMatchingMethod(Reflector.java:167)
at clojure.lang.Reflector.invokeInstanceMethod(Reflector.java:102)
at puppetlabs.trapperkeeper.services.webserver.normalized_uri_helpers$fn__29117$normalize_uri_handler__29122$fn__29123$fn__29124.invoke(normalized_uri_helpers.clj:73)
at puppetlabs.trapperkeeper.services.webserver.normalized_uri_helpers.proxy$org.eclipse.jetty.server.handler.HandlerWrapper$ff19274a.handle(Unknown Source)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1384)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1306)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:192)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:141)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:822)
at com.puppetlabs.trapperkeeper.services.webserver.jetty10.utils.MDCRequestLogHandler.handle(MDCRequestLogHandler.java:48)
at org.eclipse.jetty.server.handler.StatisticsHandler.handle(StatisticsHandler.java:173)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
at org.eclipse.jetty.server.Server.handle(Server.java:563)
at org.eclipse.jetty.server.HttpChannel$RequestDispatchable.dispatch(HttpChannel.java:1598)
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:753)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:501)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:287)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:558)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:379)
at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:146)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.run(AdaptiveExecutionStrategy.java:199)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:969)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1194)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1149)
at java.base/java.lang.Thread.run(Thread.java:840)
2024-11-20T10:52:08.146+01:00 ERROR [qtp438764173-134] [p.r.core] Internal Server Error for POST /puppet/v3/catalog/puppet.example.com: java.io.EOFException: DEF length 108 object truncated by 103
at org.bouncycastle.asn1.DefiniteLengthInputStream.read(Unknown Source)
at java.base/java.io.FilterInputStream.read(FilterInputStream.java:82)
at org.bouncycastle.asn1.DefiniteLengthInputStream.read(Unknown Source)
at java.base/java.io.FilterInputStream.read(FilterInputStream.java:82)
at org.bouncycastle.asn1.DefiniteLengthInputStream.read(Unknown Source)
at java.base/java.io.FilterInputStream.read(FilterInputStream.java:82)
at org.bouncycastle.asn1.ASN1InputStream.readLength(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readLength(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readObject(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readTaggedObjectDL(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.buildObject(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readObject(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readTaggedObjectDL(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.buildObject(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readObject(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readTaggedObjectDL(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.buildObject(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readObject(Unknown Source)
at org.bouncycastle.asn1.ASN1Primitive.fromByteArray(Unknown Source)
at com.puppetlabs.ssl_utils.ExtensionsUtils.asn1ObjToObj(ExtensionsUtils.java:665)
at com.puppetlabs.ssl_utils.ExtensionsUtils.asn1SeqToList(ExtensionsUtils.java:906)
at com.puppetlabs.ssl_utils.ExtensionsUtils.asn1ObjToObj(ExtensionsUtils.java:660)
at com.puppetlabs.ssl_utils.ExtensionsUtils.makeExtensionMap(ExtensionsUtils.java:551)
at com.puppetlabs.ssl_utils.ExtensionsUtils.getExtensionList(ExtensionsUtils.java:354)
at com.puppetlabs.ssl_utils.ExtensionsUtils.getExtensionList(ExtensionsUtils.java:143)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:569)
at clojure.lang.Reflector.invokeMatchingMethod(Reflector.java:167)
at clojure.lang.Reflector.invokeStaticMethod(Reflector.java:332)
at puppetlabs.ssl_utils.core$fn__20911$get_extensions__20916$fn__20917.invoke(core.clj:247)
at puppetlabs.ssl_utils.core$fn__20911$get_extensions__20916.invoke(core.clj:239)
at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25894$request__GT_extensions__25899$fn__25900.invoke(ring_middleware.clj:197)
at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25894$request__GT_extensions__25899.invoke(ring_middleware.clj:188)
at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25924$add_authinfo__25929$fn__25930.invoke(ring_middleware.clj:214)
at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25924$add_authinfo__25929.invoke(ring_middleware.clj:208)
at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25987$authorization_check__25992$fn__25993.invoke(ring_middleware.clj:276)
at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25987$authorization_check__25992.invoke(ring_middleware.clj:264)
at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__26015$wrap_authorization_check__26020$fn__26021$fn__26022.invoke(ring_middleware.clj:291)
at puppetlabs.ring_middleware.core$fn__23471$wrap_bad_request__23480$fn__23483$fn__23489.invoke(core.clj:188)
at puppetlabs.ring_middleware.core$fn__23572$wrap_uncaught_errors__23581$fn__23584$fn__23585.invoke(core.clj:236)
at puppetlabs.ring_middleware.core$fn__23139$wrap_request_logging__23144$fn__23145$fn__23147.invoke(core.clj:51)
at puppetlabs.i18n.core$locale_negotiator$fn__4730.invoke(core.clj:361)
at puppetlabs.ring_middleware.core$fn__23168$wrap_response_logging__23173$fn__23174$fn__23175.invoke(core.clj:57)
at puppetlabs.puppetserver.ringutils$wrap_with_puppet_version_header$fn__37237.invoke(ringutils.clj:90)
at puppetlabs.puppetserver.ringutils$wrap_with_certname_as_compiler$fn__37234.invoke(ringutils.clj:83)
at puppetlabs.services.master.master_core$fn__44863$v3_ruby_routes__44868$fn__44869$fn__44886.invoke(master_core.clj:1054)
at bidi.ring$fn__17036.invokeStatic(ring.cljc:25)
at bidi.ring$fn__17036.invoke(ring.cljc:21)
at bidi.ring$fn__17021$G__17016__17030.invoke(ring.cljc:16)
at puppetlabs.comidi$make_handler$fn__19101.invoke(comidi.clj:245)
at puppetlabs.metrics.http$fn__43666$wrap_with_request_metrics__43671$fn__43675$fn__43677$fn__43678$fn__43679.invoke(http.clj:152)
at puppetlabs.metrics.http.proxy$java.lang.Object$Callable$7da976d4.call(Unknown Source)
at com.codahale.metrics.Timer.time(Timer.java:101)
at puppetlabs.metrics.http$fn__43666$wrap_with_request_metrics__43671$fn__43675$fn__43677$fn__43678.invoke(http.clj:152)
at puppetlabs.metrics.http.proxy$java.lang.Object$Callable$7da976d4.call(Unknown Source)
at com.codahale.metrics.Timer.time(Timer.java:101)
at puppetlabs.metrics.http$fn__43666$wrap_with_request_metrics__43671$fn__43675$fn__43677.invoke(http.clj:148)
at puppetlabs.comidi$fn__19166$wrap_with_route_metadata__19171$fn__19172$fn__19174.invoke(comidi.clj:332)
at puppetlabs.trapperkeeper.services.webserver.jetty10_core$ring_handler$fn__29581.invoke(jetty10_core.clj:533)
at puppetlabs.trapperkeeper.services.webserver.jetty10_core.proxy$org.eclipse.jetty.server.handler.HandlerWrapper$ff19274a.handle(Unknown Source)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:569)
at clojure.lang.Reflector.invokeMatchingMethod(Reflector.java:167)
at clojure.lang.Reflector.invokeInstanceMethod(Reflector.java:102)
at puppetlabs.trapperkeeper.services.webserver.normalized_uri_helpers$fn__29117$normalize_uri_handler__29122$fn__29123$fn__29124.invoke(normalized_uri_helpers.clj:73)
at puppetlabs.trapperkeeper.services.webserver.normalized_uri_helpers.proxy$org.eclipse.jetty.server.handler.HandlerWrapper$ff19274a.handle(Unknown Source)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1384)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1306)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:192)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:141)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:822)
at com.puppetlabs.trapperkeeper.services.webserver.jetty10.utils.MDCRequestLogHandler.handle(MDCRequestLogHandler.java:48)
at org.eclipse.jetty.server.handler.StatisticsHandler.handle(StatisticsHandler.java:173)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
at org.eclipse.jetty.server.Server.handle(Server.java:563)
at org.eclipse.jetty.server.HttpChannel$RequestDispatchable.dispatch(HttpChannel.java:1598)
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:753)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:501)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:287)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:558)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:379)
at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:146)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.run(AdaptiveExecutionStrategy.java:199)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:969)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1194)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1149)
at java.base/java.lang.Thread.run(Thread.java:840)
2024-11-20T10:52:08.161+01:00 ERROR [qtp438764173-132] [p.r.core] Internal Server Error for PUT /puppet/v3/report/puppet.example.com: java.io.EOFException: DEF length 108 object truncated by 103
at org.bouncycastle.asn1.DefiniteLengthInputStream.read(Unknown Source)
at java.base/java.io.FilterInputStream.read(FilterInputStream.java:82)
at org.bouncycastle.asn1.DefiniteLengthInputStream.read(Unknown Source)
at java.base/java.io.FilterInputStream.read(FilterInputStream.java:82)
at org.bouncycastle.asn1.DefiniteLengthInputStream.read(Unknown Source)
at java.base/java.io.FilterInputStream.read(FilterInputStream.java:82)
at org.bouncycastle.asn1.ASN1InputStream.readLength(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readLength(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readObject(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readTaggedObjectDL(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.buildObject(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readObject(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readTaggedObjectDL(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.buildObject(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readObject(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readVector(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readTaggedObjectDL(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.buildObject(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readObject(Unknown Source)
at org.bouncycastle.asn1.ASN1Primitive.fromByteArray(Unknown Source)
at com.puppetlabs.ssl_utils.ExtensionsUtils.asn1ObjToObj(ExtensionsUtils.java:665)
at com.puppetlabs.ssl_utils.ExtensionsUtils.asn1SeqToList(ExtensionsUtils.java:906)
at com.puppetlabs.ssl_utils.ExtensionsUtils.asn1ObjToObj(ExtensionsUtils.java:660)
at com.puppetlabs.ssl_utils.ExtensionsUtils.makeExtensionMap(ExtensionsUtils.java:551)
at com.puppetlabs.ssl_utils.ExtensionsUtils.getExtensionList(ExtensionsUtils.java:354)
at com.puppetlabs.ssl_utils.ExtensionsUtils.getExtensionList(ExtensionsUtils.java:143)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:569)
at clojure.lang.Reflector.invokeMatchingMethod(Reflector.java:167)
at clojure.lang.Reflector.invokeStaticMethod(Reflector.java:332)
at puppetlabs.ssl_utils.core$fn__20911$get_extensions__20916$fn__20917.invoke(core.clj:247)
at puppetlabs.ssl_utils.core$fn__20911$get_extensions__20916.invoke(core.clj:239)
at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25894$request__GT_extensions__25899$fn__25900.invoke(ring_middleware.clj:197)
at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25894$request__GT_extensions__25899.invoke(ring_middleware.clj:188)
at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25924$add_authinfo__25929$fn__25930.invoke(ring_middleware.clj:214)
at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25924$add_authinfo__25929.invoke(ring_middleware.clj:208)
at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25987$authorization_check__25992$fn__25993.invoke(ring_middleware.clj:276)
at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__25987$authorization_check__25992.invoke(ring_middleware.clj:264)
at puppetlabs.trapperkeeper.authorization.ring_middleware$fn__26015$wrap_authorization_check__26020$fn__26021$fn__26022.invoke(ring_middleware.clj:291)
at puppetlabs.ring_middleware.core$fn__23471$wrap_bad_request__23480$fn__23483$fn__23489.invoke(core.clj:188)
at puppetlabs.ring_middleware.core$fn__23572$wrap_uncaught_errors__23581$fn__23584$fn__23585.invoke(core.clj:236)
at puppetlabs.ring_middleware.core$fn__23139$wrap_request_logging__23144$fn__23145$fn__23147.invoke(core.clj:51)
at puppetlabs.i18n.core$locale_negotiator$fn__4730.invoke(core.clj:361)
at puppetlabs.ring_middleware.core$fn__23168$wrap_response_logging__23173$fn__23174$fn__23175.invoke(core.clj:57)
at puppetlabs.puppetserver.ringutils$wrap_with_puppet_version_header$fn__37237.invoke(ringutils.clj:90)
at puppetlabs.services.master.master_core$fn__44863$v3_ruby_routes__44868$fn__44869$fn__44890.invoke(master_core.clj:1058)
at bidi.ring$fn__17036.invokeStatic(ring.cljc:25)
at bidi.ring$fn__17036.invoke(ring.cljc:21)
at bidi.ring$fn__17021$G__17016__17030.invoke(ring.cljc:16)
at puppetlabs.comidi$make_handler$fn__19101.invoke(comidi.clj:245)
at puppetlabs.metrics.http$fn__43666$wrap_with_request_metrics__43671$fn__43675$fn__43677$fn__43678$fn__43679.invoke(http.clj:152)
at puppetlabs.metrics.http.proxy$java.lang.Object$Callable$7da976d4.call(Unknown Source)
at com.codahale.metrics.Timer.time(Timer.java:101)
at puppetlabs.metrics.http$fn__43666$wrap_with_request_metrics__43671$fn__43675$fn__43677$fn__43678.invoke(http.clj:152)
at puppetlabs.metrics.http.proxy$java.lang.Object$Callable$7da976d4.call(Unknown Source)
at com.codahale.metrics.Timer.time(Timer.java:101)
at puppetlabs.metrics.http$fn__43666$wrap_with_request_metrics__43671$fn__43675$fn__43677.invoke(http.clj:148)
at puppetlabs.comidi$fn__19166$wrap_with_route_metadata__19171$fn__19172$fn__19174.invoke(comidi.clj:332)
at puppetlabs.trapperkeeper.services.webserver.jetty10_core$ring_handler$fn__29581.invoke(jetty10_core.clj:533)
at puppetlabs.trapperkeeper.services.webserver.jetty10_core.proxy$org.eclipse.jetty.server.handler.HandlerWrapper$ff19274a.handle(Unknown Source)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:569)
at clojure.lang.Reflector.invokeMatchingMethod(Reflector.java:167)
at clojure.lang.Reflector.invokeInstanceMethod(Reflector.java:102)
at puppetlabs.trapperkeeper.services.webserver.normalized_uri_helpers$fn__29117$normalize_uri_handler__29122$fn__29123$fn__29124.invoke(normalized_uri_helpers.clj:73)
at puppetlabs.trapperkeeper.services.webserver.normalized_uri_helpers.proxy$org.eclipse.jetty.server.handler.HandlerWrapper$ff19274a.handle(Unknown Source)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1384)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1306)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:192)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:141)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:790)
at com.puppetlabs.trapperkeeper.services.webserver.jetty10.utils.MDCRequestLogHandler.handle(MDCRequestLogHandler.java:48)
at org.eclipse.jetty.server.handler.StatisticsHandler.handle(StatisticsHandler.java:173)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
at org.eclipse.jetty.server.Server.handle(Server.java:563)
at org.eclipse.jetty.server.HttpChannel$RequestDispatchable.dispatch(HttpChannel.java:1598)
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:753)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:501)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:287)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:558)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:379)
at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:146)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.run(AdaptiveExecutionStrategy.java:199)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:969)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1194)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1149)
at java.base/java.lang.Thread.run(Thread.java:840)