Fail if PEM does not contain any certificate entries

author: Bjørn Christian Seime <bjorncs@yahooinc.com> 2023-06-19 11:44:59 +0200
committer: Bjørn Christian Seime <bjorncs@yahooinc.com> 2023-06-19 11:46:13 +0200
commit: 5b2df4778f222694005c6d9a9032d87b0c52ed9f (patch)
tree: 5a37aba35c50ea02fa5758e113b2b9808480b960 /jdisc-security-filters
parent: 3caa0acf54f360a3cd090ea583a933376461a32b (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cloud/CloudDataPlaneFilter.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cloud/CloudDataPlaneFilter.java
index 7d8b9ba3c60..96602fcd899 100644
--- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cloud/CloudDataPlaneFilter.java
+++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cloud/CloudDataPlaneFilter.java
@@ -103,6 +103,8 @@ public class CloudDataPlaneFilter extends JsonSecurityRequestFilterBase {
                     throw new IllegalArgumentException(
                             "Client '%s' contains invalid X.509 certificate PEM: %s".formatted(c.id(), e.toString()), e);
                 }
+                if (certs.isEmpty()) throw new IllegalArgumentException(
+                        "Client '%s' certificate PEM contains no valid X.509 entries".formatted(c.id()));
                 clients.add(new Client(c.id(), permissions, certs, Map.of()));
                 hasClientRequiringCertificate = true;
             } else {
author	Bjørn Christian Seime <bjorncs@yahooinc.com>	2023-06-19 11:44:59 +0200
committer	Bjørn Christian Seime <bjorncs@yahooinc.com>	2023-06-19 11:46:13 +0200
commit	5b2df4778f222694005c6d9a9032d87b0c52ed9f (patch)
tree	5a37aba35c50ea02fa5758e113b2b9808480b960 /jdisc-security-filters
parent	3caa0acf54f360a3cd090ea583a933376461a32b (diff)