Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-2702

Filesystem realm's update-key-pair operation does not work as expected

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Major Major
    • None
    • None
    • Realms
    • None
    • Hide

      /subsystem=elytron/key-store=keystore:add(path=keystore, relative-to=jboss.server.config.dir, credential-reference=

      {clear-text=secret})
      /subsystem=elytron/key-store=keystore:generate-key-pair(alias=user,algorithm=RSA,key-size=1024,validity=365,distinguished-name="CN=localhost")
      /subsystem=elytron/key-store=keystore:store()

      /subsystem=elytron/filesystem-realm=integrityfsRealm:add(path=integrityfsRealm,relative-to=jboss.server.config.dir, key-store=keystore, key-store-alias=user)
      /subsystem=elytron/filesystem-realm=integrityfsRealm:add-identity(identity=quickstartUser)
      /subsystem=elytron/filesystem-realm=integrityfsRealm:set-password(digest={algorithm=digest-md5, realm=fsRealm, password=password123!}, identity=quickstartUser)
      /subsystem=elytron/filesystem-realm=integrityfsRealm:add-identity-attribute(identity=quickstartUser, name=Roles, value=["Admin", "Guest"])

      /subsystem=elytron/filesystem-realm=integrityfsRealm:verify-integrity()

      /subsystem=elytron/key-store=keystore2:add(path=keystore2, relative-to=jboss.server.config.dir, credential-reference={clear-text=secret}

      )
      /subsystem=elytron/key-store=keystore2:generate-key-pair(alias=user2,algorithm=RSA,key-size=1024,validity=365,distinguished-name="CN=localhost")
      /subsystem=elytron/key-store=keystore2:store()
      /subsystem=elytron/filesystem-realm=integrityfsRealm:write-attribute(name=key-store, value=keystore2)
      /subsystem=elytron/filesystem-realm=integrityfsRealm:write-attribute(name=key-store-alias, value=user2)
      /subsystem=elytron/filesystem-realm=integrityfsRealm:update-key-pair()
      reload

      /subsystem=elytron/filesystem-realm=integrityfsRealm:verify-integrity()

      The last command fails with:

      { "outcome" => "failed", "failure-description" => "WFLYELY01217: Realm verification failed, invalid signatures for the identities: [quickstartUser]", "rolled-back" => true }
      Show
      /subsystem=elytron/key-store=keystore:add(path=keystore, relative-to=jboss.server.config.dir, credential-reference= {clear-text=secret}) /subsystem=elytron/key-store=keystore:generate-key-pair(alias=user,algorithm=RSA,key-size=1024,validity=365,distinguished-name="CN=localhost") /subsystem=elytron/key-store=keystore:store() /subsystem=elytron/filesystem-realm=integrityfsRealm:add(path=integrityfsRealm,relative-to=jboss.server.config.dir, key-store=keystore, key-store-alias=user) /subsystem=elytron/filesystem-realm=integrityfsRealm:add-identity(identity=quickstartUser) /subsystem=elytron/filesystem-realm=integrityfsRealm:set-password(digest={algorithm=digest-md5, realm=fsRealm, password=password123!}, identity=quickstartUser) /subsystem=elytron/filesystem-realm=integrityfsRealm:add-identity-attribute(identity=quickstartUser, name=Roles, value= ["Admin", "Guest"] ) /subsystem=elytron/filesystem-realm=integrityfsRealm:verify-integrity() /subsystem=elytron/key-store=keystore2:add(path=keystore2, relative-to=jboss.server.config.dir, credential-reference={clear-text=secret} ) /subsystem=elytron/key-store=keystore2:generate-key-pair(alias=user2,algorithm=RSA,key-size=1024,validity=365,distinguished-name="CN=localhost") /subsystem=elytron/key-store=keystore2:store() /subsystem=elytron/filesystem-realm=integrityfsRealm:write-attribute(name=key-store, value=keystore2) /subsystem=elytron/filesystem-realm=integrityfsRealm:write-attribute(name=key-store-alias, value=user2) /subsystem=elytron/filesystem-realm=integrityfsRealm:update-key-pair() reload /subsystem=elytron/filesystem-realm=integrityfsRealm:verify-integrity() The last command fails with: { "outcome" => "failed", "failure-description" => "WFLYELY01217: Realm verification failed, invalid signatures for the identities: [quickstartUser]", "rolled-back" => true }

      The verification of integrity fails every time after the update-key-pair() operation.
      Additionally, if we manipulate an identity and call the update-key-pair operation, it passes successfully. The expected behaviour is for the operation to fail because the integrity has been compromised.

            lvydra Lukas Vydra
            dvilkola@redhat.com Diana Krepinska (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: