Details
-
Improvement
-
Resolution: Fixed
-
Medium
-
0.34
-
None
-
true
Description
Currently, if a Trusted Application request fails validation for any reason, a generic "Invalid Certificate" error is returned to the client. This is extremely unhelpful in diagnosing the problem.
Proposing the following improvements:
Failure | Current Message to client | Proposed message to client | Current JIRA Log |
---|---|---|---|
Application is not a Trusted Application | Unrecognized application: appId | Unrecognized/Unauthorized application: appId ??? | |
Application Public Key does not correctly decrypt public key* | Invalid certificate | Public Key does not match registered key for application: appId | [atlassian.seraph.filter.TrustedApplicationsFilter] Failed to login trusted application: me due to: com.atlassian.security.auth.trustedapps.InvalidCertificateException: me cause: java.lang.NumberFormatException: For input string: "k??D?[?4??2?,??A??<" |
Request Secret Key does not correctly decrypt certificate** | Invalid certificate | Error decrypting request, please see logs for details | [atlassian.seraph.filter.TrustedApplicationsFilter] Failed to login trusted application: me due to: com.atlassian.security.auth.trustedapps.InvalidCertificateException: me cause: java.lang.NumberFormatException: For input string: "?[???%<????_}" |
Request IP Address does not match allowed IP addresses | Invalid Certificate | Trusted Application request not allowed from IP address: 192.168.0.132 | [atlassian.seraph.filter.TrustedApplicationsFilter] Failed to login trusted application: me due to: com.atlassian.security.auth.trustedapps.InvalidCertificateException: me cause: com.atlassian.security.auth.trustedapps.InvalidRemoteAddressException: 192.168.0.132 |
Request X-Forwarded-For Address does not match allowed IP addresses | Invalid Certificate | Trusted Application request not allowed from X-Forwarded-For IP address: 192.168.0.132 | [atlassian.seraph.filter.TrustedApplicationsFilter] Failed to login trusted application: me due to: com.atlassian.security.auth.trustedapps.InvalidCertificateException: me cause: com.atlassian.security.auth.trustedapps.InvalidRemoteAddressException: 192.168.0.132 |
Request to unauthorised URL | Invalid Certificate | Trusted Application request not allowed to access URL: /jira/secure/DeleteProject.jspa | [atlassian.seraph.filter.TrustedApplicationsFilter] Failed to login trusted application: me due to: com.atlassian.security.auth.trustedapps.InvalidCertificateException: me cause: com.atlassian.security.auth.trustedapps.InvalidRequestUrlException: /jira/secure/DeleteProject.jspa?id=10001 |