Loading...

XML

Word

Printable

Type: Bug
Resolution: Not a Bug
Priority: Major
Fix Version/s: None
Affects Version/s: None
Component/s: Realms
Labels:
None

Steps to Reproduce:

Hide

/subsystem=elytron/key-store=keystore:add(path=keystore, relative-to=jboss.server.config.dir, credential-reference=
{clear-text=secret})
/subsystem=elytron/key-store=keystore:generate-key-pair(alias=user,algorithm=RSA,key-size=1024,validity=365,distinguished-name="CN=localhost")
/subsystem=elytron/key-store=keystore:store()

/subsystem=elytron/filesystem-realm=integrityfsRealm:add(path=integrityfsRealm,relative-to=jboss.server.config.dir, key-store=keystore, key-store-alias=user)
/subsystem=elytron/filesystem-realm=integrityfsRealm:add-identity(identity=quickstartUser)
/subsystem=elytron/filesystem-realm=integrityfsRealm:set-password(digest={algorithm=digest-md5, realm=fsRealm, password=password123!}, identity=quickstartUser)
/subsystem=elytron/filesystem-realm=integrityfsRealm:add-identity-attribute(identity=quickstartUser, name=Roles, value=["Admin", "Guest"])

/subsystem=elytron/filesystem-realm=integrityfsRealm:verify-integrity()

/subsystem=elytron/key-store=keystore2:add(path=keystore2, relative-to=jboss.server.config.dir, credential-reference={clear-text=secret}
)
/subsystem=elytron/key-store=keystore2:generate-key-pair(alias=user2,algorithm=RSA,key-size=1024,validity=365,distinguished-name="CN=localhost")
/subsystem=elytron/key-store=keystore2:store()
/subsystem=elytron/filesystem-realm=integrityfsRealm:write-attribute(name=key-store, value=keystore2)
/subsystem=elytron/filesystem-realm=integrityfsRealm:write-attribute(name=key-store-alias, value=user2)
/subsystem=elytron/filesystem-realm=integrityfsRealm:update-key-pair()
reload

/subsystem=elytron/filesystem-realm=integrityfsRealm:verify-integrity()

The last command fails with:
{ "outcome" => "failed", "failure-description" => "WFLYELY01217: Realm verification failed, invalid signatures for the identities: [quickstartUser]", "rolled-back" => true }

Show
/subsystem=elytron/key-store=keystore:add(path=keystore, relative-to=jboss.server.config.dir, credential-reference= {clear-text=secret}) /subsystem=elytron/key-store=keystore:generate-key-pair(alias=user,algorithm=RSA,key-size=1024,validity=365,distinguished-name="CN=localhost") /subsystem=elytron/key-store=keystore:store() /subsystem=elytron/filesystem-realm=integrityfsRealm:add(path=integrityfsRealm,relative-to=jboss.server.config.dir, key-store=keystore, key-store-alias=user) /subsystem=elytron/filesystem-realm=integrityfsRealm:add-identity(identity=quickstartUser) /subsystem=elytron/filesystem-realm=integrityfsRealm:set-password(digest={algorithm=digest-md5, realm=fsRealm, password=password123!}, identity=quickstartUser) /subsystem=elytron/filesystem-realm=integrityfsRealm:add-identity-attribute(identity=quickstartUser, name=Roles, value= ["Admin", "Guest"] ) /subsystem=elytron/filesystem-realm=integrityfsRealm:verify-integrity() /subsystem=elytron/key-store=keystore2:add(path=keystore2, relative-to=jboss.server.config.dir, credential-reference={clear-text=secret} ) /subsystem=elytron/key-store=keystore2:generate-key-pair(alias=user2,algorithm=RSA,key-size=1024,validity=365,distinguished-name="CN=localhost") /subsystem=elytron/key-store=keystore2:store() /subsystem=elytron/filesystem-realm=integrityfsRealm:write-attribute(name=key-store, value=keystore2) /subsystem=elytron/filesystem-realm=integrityfsRealm:write-attribute(name=key-store-alias, value=user2) /subsystem=elytron/filesystem-realm=integrityfsRealm:update-key-pair() reload /subsystem=elytron/filesystem-realm=integrityfsRealm:verify-integrity() The last command fails with: { "outcome" => "failed", "failure-description" => "WFLYELY01217: Realm verification failed, invalid signatures for the identities: [quickstartUser]", "rolled-back" => true }

The verification of integrity fails every time after the update-key-pair() operation.
Additionally, if we manipulate an identity and call the update-key-pair operation, it passes successfully. The expected behaviour is for the operation to fail because the integrity has been compromised.

clones

JBEAP-25960 (8.0.z) Filesystem realm's update-key-pair operation does not work as expected

Closed

relates to

WFLY-18985 Update WildFly docs to include reload operation required to valid key-store attributes update on Filesystem Security Realm

Resolved

Assignee:: Lukas Vydra

Reporter:: Diana Krepinska

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2023/10/27 11:23 AM

Updated:: 2024/02/27 11:28 AM

Resolved:: 2024/02/27 11:28 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates