Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-678

Credential-reference(alias=) should be resolved in time of request.

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Obsolete
    • Icon: Major Major
    • None
    • 1.1.0.Beta10
    • Credential Store
    • None
    • Hide
      • firefly.keystore and credentialstore.jceks which are attached copy to eap_home/standalone/data/cs.
      • run EAP server
        ./bin/standalone.sh
      • run CLI
        ./bin/jboss-cli.sh -c
        if applicaple add Elytron extension and Elytron subsystem and reload server
        /extension=org.wildfly.extension.elytron:add()
        /subsystem=elytron:add()
        reload
      • /subsystem=elytron/credential-store=credStore2:add(uri="cr-store://test/cs/credentialstore.jceks?store.password=pass123;key.password=pass456"
      • /subsystem=elytron/credential-store=credStore2/alias=ffWithWrongPass:add(secret-value=ElytronWrongPass)
      • /subsystem=elytron/key-store=fireflyWrong:add(path=cs/firefly.keystore,relative-to=jboss.server.data.dir,type=JKS,credential-reference= {store=credStore2,alias=ffWithWrongPass}

        )

      Show
      firefly.keystore and credentialstore.jceks which are attached copy to eap_home/standalone/data/cs. run EAP server ./bin/standalone.sh run CLI ./bin/jboss-cli.sh -c if applicaple add Elytron extension and Elytron subsystem and reload server /extension=org.wildfly.extension.elytron:add() /subsystem=elytron:add() reload /subsystem=elytron/credential-store=credStore2:add(uri="cr-store://test/cs/credentialstore.jceks?store.password=pass123;key.password=pass456" /subsystem=elytron/credential-store=credStore2/alias=ffWithWrongPass:add(secret-value=ElytronWrongPass) /subsystem=elytron/key-store=fireflyWrong:add(path=cs/firefly.keystore,relative-to=jboss.server.data.dir,type=JKS,credential-reference= {store=credStore2,alias=ffWithWrongPass} )

      Credential-reference should be resolved in time of request - in this case the alias which contains wrong password in CredentialStore (we can change it later to right password...).

      If I add credential reference with alias which contains wrong password then I get this error:

      {
              "outcome" => "failed",                                                                                           
              "failure-description" => {                                                                                       
                  "WFLYCTL0080: Failed services" => {"org.wildfly.security.key-store.fireflyWrong" => "org.jboss.msc.service.StartException in service org.wildfly.security.key-store.fireflyWrong: WFLYELY00004: Unable to start the service.      
              Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect                            
              Caused by: java.security.UnrecoverableKeyException: Password verification failed"},                              
                  "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.key-store.fireflyWrong"], 
                  "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined                                   
              },                                                                                                               
              "rolled-back" => true                                                                                            
          }
      

      When I reload server then same command pass!
      But I nowhere got information about reload-required

      /subsystem=elytron/key-store=fireflyWrong:add(path=cs/firefly.keystore,relative-to=jboss.server.data.dir,type=JKS,credential-reference= {store=credStore2,alias=ffWithWrongPass})
      

        1. credentialstore.jceks
          0.5 kB
          Hynek Švábek
        2. firefly.keystore
          4 kB
          Hynek Švábek

            Unassigned Unassigned
            hsvabek_jira Hynek Švábek (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: