Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-783

alias-filter from Elytron key-store does not work for non-lower-case alias with JKS

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Major Major
    • None
    • 1.1.0.Beta13
    • None
    • None
    • Hide

      1) Configure server to use SSL according to [1], but use alias which contains some upper-case character - e.g. elytronAppServer
      2) Add alias-filter="elytronAppServer" to Elytron key-store and try that SSL does not work
      3) Change alias-filter="elytronAppServer" to alias-filter="elytronappserver" and try that SSL works

      [1] https://docs.jboss.org/author/display/WFLY/WildFly+Elytron+Security#ElytronExamples-EnableHTTPSforApplications

      Show
      1) Configure server to use SSL according to [1] , but use alias which contains some upper-case character - e.g. elytronAppServer 2) Add alias-filter="elytronAppServer" to Elytron key-store and try that SSL does not work 3) Change alias-filter="elytronAppServer" to alias-filter="elytronappserver" and try that SSL works [1] https://docs.jboss.org/author/display/WFLY/WildFly+Elytron+Security#ElytronExamples-EnableHTTPSforApplications

      In case when alias-filter attribute from Elytron key-store references non-lower-case alias (e.g. elytronAppServer) then SSL is not working. In case when this alias is set to lower-case in alias-filter (e.g. elytronappserver), then SSL works correctly.

      It seems JKS always transforms aliases to lower-case (even if they are created with some upper-case characters). However legacy security solution was able to use alias filter with non-lower-case characters to assign key from JKS keystore (probably through some internal .toLowerCase()).

      In case it is intended to do not use alias-filter with some upper-case for JKS then this issue can be changed to documentation issue. This is different behavior than was provided by legacy solution.

            yborgess1@redhat.com Yeray Borges Santana
            olukas Ondrej Lukas (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: