From 5b2df4778f222694005c6d9a9032d87b0c52ed9f Mon Sep 17 00:00:00 2001
From: Bjørn Christian Seime <bjorncs@yahooinc.com>
Date: Mon, 19 Jun 2023 11:44:59 +0200
Subject: Fail if PEM does not contain any certificate entries

---
 .../yahoo/jdisc/http/filter/security/cloud/CloudDataPlaneFilter.java    | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'jdisc-security-filters/src')

diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cloud/CloudDataPlaneFilter.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cloud/CloudDataPlaneFilter.java
index 7d8b9ba3c60..96602fcd899 100644
--- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cloud/CloudDataPlaneFilter.java
+++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cloud/CloudDataPlaneFilter.java
@@ -103,6 +103,8 @@ public class CloudDataPlaneFilter extends JsonSecurityRequestFilterBase {
                     throw new IllegalArgumentException(
                             "Client '%s' contains invalid X.509 certificate PEM: %s".formatted(c.id(), e.toString()), e);
                 }
+                if (certs.isEmpty()) throw new IllegalArgumentException(
+                        "Client '%s' certificate PEM contains no valid X.509 entries".formatted(c.id()));
                 clients.add(new Client(c.id(), permissions, certs, Map.of()));
                 hasClientRequiringCertificate = true;
             } else {
-- 
cgit v1.2.3