Loading...

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.1.0.DR17
Affects Version/s: 7.1.0.DR16
Component/s: Security
Labels:

Target Release:

7.1.0.GA
Steps to Reproduce:
Hide

Alternatives

keytool -genkeypair -keystore localhost.keystore -alias jboss -keyalg RSA -keysize 3072 -validity 36500 -storepass password -keypass password -dname "CN=localhost, OU=QE, O=example.com, L=Brno, C=CZ"

**

/subsystem=elytron/key-store=myKeyStore:add(type="jks", credential-reference={clear-text=password}, path=localhost.keystore, relative-to=jboss.server.config.dir)

[standalone@localhost:9990 /] /subsystem=elytron/token-realm=d:add(jwt={key-store=myKeyStore,certificate=jboss,public-key="-----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA61BjmfXGEvWmegnBGSuS+rU9soUg2FnODva32D1AqhwdziwHINFaD1MVlcrYG6XRKfkcxnaXGfFDWHLEvNBSEVCgJjtHAGZIm5GL/KA86KDp/CwDFMSwluowcXwDwoyinmeOY9eKyh6aY72xJh7noLBBq1N0bWi1e2i+83txOCg4yV2oVXhBo8pYEJ8LT3el6Smxol3C1oFMVdwPgc0vTl25XucMcG/ALE/KNY6pqC2AQ6R2ERlVgPiUWOPatVkt7+Bs3h5Ramxh7XjBOXeulmCpGSynXNcpZ/06+vofGi/2MlpQZNhHAo8eayMp6FcvNucIpUndo1X8dKMv3Y26ZQIDAQAB-----END PUBLIC KEY-----"}) {"outcome" => "success"}

Requires

[standalone@localhost:9990 /] /subsystem=elytron/token-realm=f:add(jwt={certificate=alias}) {"outcome" => "success"}

**

[standalone@localhost:9990 /] /subsystem=elytron/token-realm=e:add(jwt={key-store=myKeyStore}) { "outcome" => "failed", "failure-description" => { "WFLYCTL0080: Failed services" => {"org.wildfly.security.modifiable-security-realm.e" => "org.jboss.msc.service.StartException in service org.wildfly.security.modifiable-security-realm.e: Failed to start service Caused by: java.lang.NullPointerException"}, "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.modifiable-security-realm.e"] }, "rolled-back" => true }

server.log

07:44:08,710 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-3) MSC000001: Failed to start service org.wildfly.security.modifiable-security-realm.e: org.jboss.msc.service.StartException in service org.wildfly.security.modifiable-security-realm.e: Failed to start service at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1978) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.NullPointerException at sun.security.provider.JavaKeyStore$JKS.convertAlias(JavaKeyStore.java:58) at sun.security.provider.JavaKeyStore.engineGetCertificate(JavaKeyStore.java:190) at sun.security.provider.JavaKeyStore$JKS.engineGetCertificate(JavaKeyStore.java:56) at sun.security.provider.KeyStoreDelegator.engineGetCertificate(KeyStoreDelegator.java:106) at sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetCertificate(JavaKeyStore.java:70) at java.security.KeyStore.getCertificate(KeyStore.java:1081) at org.wildfly.security.keystore.DelegatingKeyStoreSpi.engineGetCertificate(DelegatingKeyStoreSpi.java:65) at java.security.KeyStore.getCertificate(KeyStore.java:1081) at org.wildfly.security.keystore.DelegatingKeyStoreSpi.engineGetCertificate(DelegatingKeyStoreSpi.java:65) at java.security.KeyStore.getCertificate(KeyStore.java:1081) at org.wildfly.extension.elytron.TokenRealmDefinition$RealmAddHandler$1.get(TokenRealmDefinition.java:268) at org.wildfly.extension.elytron.TokenRealmDefinition$RealmAddHandler$1.get(TokenRealmDefinition.java:247) at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032) at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955) ... 3 more
Show
Alternatives keytool -genkeypair -keystore localhost.keystore -alias jboss -keyalg RSA -keysize 3072 -validity 36500 -storepass password -keypass password -dname "CN=localhost, OU=QE, O=example.com, L=Brno, C=CZ" ** /subsystem=elytron/key-store=myKeyStore:add(type= "jks" , credential-reference={clear-text=password}, path=localhost.keystore, relative-to=jboss.server.config.dir) [standalone@localhost:9990 /] /subsystem=elytron/token-realm=d:add(jwt={key-store=myKeyStore,certificate=jboss, public -key= "-----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA61BjmfXGEvWmegnBGSuS+rU9soUg2FnODva32D1AqhwdziwHINFaD1MVlcrYG6XRKfkcxnaXGfFDWHLEvNBSEVCgJjtHAGZIm5GL/KA86KDp/CwDFMSwluowcXwDwoyinmeOY9eKyh6aY72xJh7noLBBq1N0bWi1e2i+83txOCg4yV2oVXhBo8pYEJ8LT3el6Smxol3C1oFMVdwPgc0vTl25XucMcG/ALE/KNY6pqC2AQ6R2ERlVgPiUWOPatVkt7+Bs3h5Ramxh7XjBOXeulmCpGSynXNcpZ/06+vofGi/2MlpQZNhHAo8eayMp6FcvNucIpUndo1X8dKMv3Y26ZQIDAQAB-----END PUBLIC KEY-----" }) { "outcome" => "success" } Requires [standalone@localhost:9990 /] /subsystem=elytron/token-realm=f:add(jwt={certificate=alias}) { "outcome" => "success" } ** [standalone@localhost:9990 /] /subsystem=elytron/token-realm=e:add(jwt={key-store=myKeyStore}) { "outcome" => "failed" , "failure-description" => { "WFLYCTL0080: Failed services" => { "org.wildfly.security.modifiable-security-realm.e" => "org.jboss.msc.service.StartException in service org.wildfly.security.modifiable-security-realm.e: Failed to start service Caused by: java.lang.NullPointerException"}, "WFLYCTL0412: Required services that are not installed:" => [ "org.wildfly.security.modifiable-security-realm.e" ] }, "rolled-back" => true } server.log 07:44:08,710 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-3) MSC000001: Failed to start service org.wildfly.security.modifiable-security-realm.e: org.jboss.msc.service.StartException in service org.wildfly.security.modifiable-security-realm.e: Failed to start service at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1978) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang. Thread .run( Thread .java:745) Caused by: java.lang.NullPointerException at sun.security.provider.JavaKeyStore$JKS.convertAlias(JavaKeyStore.java:58) at sun.security.provider.JavaKeyStore.engineGetCertificate(JavaKeyStore.java:190) at sun.security.provider.JavaKeyStore$JKS.engineGetCertificate(JavaKeyStore.java:56) at sun.security.provider.KeyStoreDelegator.engineGetCertificate(KeyStoreDelegator.java:106) at sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetCertificate(JavaKeyStore.java:70) at java.security.KeyStore.getCertificate(KeyStore.java:1081) at org.wildfly.security.keystore.DelegatingKeyStoreSpi.engineGetCertificate(DelegatingKeyStoreSpi.java:65) at java.security.KeyStore.getCertificate(KeyStore.java:1081) at org.wildfly.security.keystore.DelegatingKeyStoreSpi.engineGetCertificate(DelegatingKeyStoreSpi.java:65) at java.security.KeyStore.getCertificate(KeyStore.java:1081) at org.wildfly.extension.elytron.TokenRealmDefinition$RealmAddHandler$1.get(TokenRealmDefinition.java:268) at org.wildfly.extension.elytron.TokenRealmDefinition$RealmAddHandler$1.get(TokenRealmDefinition.java:247) at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032) at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955) ... 3 more

SFDC Cases Counter:
SFDC Cases Links:

Description

I am able to set both key-store and public-key attributes. However based on model they should be alternatives and thus only one of them should be allowed.
Althought, key-store and certificate are configured as requires in model, validation does not work.

Seems it is caused by ~~WFCORE-2317~~.

"public-key" => {
    "type" => STRING,
    "description" => "A public key in PEM Format. During validation, if a public key is provided, signature will be verified based on the key you provided here.",
    "expressions-allowed" => true,
    "required" => false,
    "nillable" => true,
    "alternatives" => [
        "key-store",
        "certificate"
    ],
    "min-length" => 1L,
    "max-length" => 2147483647L
},
"key-store" => {
    "type" => STRING,
    "description" => "A key store from where the certificate with a public key should be loaded from.",
    "expressions-allowed" => false,
    "required" => false,
    "nillable" => true,
    "alternatives" => ["public-key"],
    "requires" => ["certificate"],
    "capability-reference" => "org.wildfly.security.key-store",
    "min-length" => 1L,
    "max-length" => 2147483647L
},
"certificate" => {
    "type" => STRING,
    "description" => "The name of the certificate with a public key to load from the key store.",
    "expressions-allowed" => true,
    "required" => false,
    "nillable" => true,
    "alternatives" => ["public-key"],
    "requires" => ["key-store"],
    "min-length" => 1L,
    "max-length" => 2147483647L
}

Attachments

Issue Links

is blocked by

WFCORE-2317 Nested attributes are not validated

Resolved

is cloned by

WFCORE-2682 Elytron token-realm attributes validations

Resolved

relates to

JBEAP-7120 Elytron expects certificate in PEM format as user input

Verified

Elytron token-realm attributes validations

Details

Description

Attachments

Issue Links

Activity

People

Dates