Loading...

XML

Word

Printable

Type: Bug
Resolution: Cannot Reproduce
Priority: Blocker
Fix Version/s: None
Affects Version/s: 7.1.0.DR17
Component/s: Security
Labels:
- credential-store
- eap7.1-rfe-failure

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.1.0.GA
Git Pull Request:
https://issues.jboss.org/browse/ELY-1144
Steps to Reproduce:
Hide

1. Configure java to use BouncyCastleFipsProvider

copy bc-fips-1.0.0.jar into ${JAVA_HOME}/jre/lib/ext

update java.security file
java.security

security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider security.provider.2=sun.security.provider.Sun security.provider.3=sun.security.rsa.SunRsaSign security.provider.4=sun.security.ec.SunEC security.provider.5=com.sun.net.ssl.internal.ssl.Provider BCFIPS security.provider.6=com.sun.crypto.provider.SunJCE security.provider.7=sun.security.jgss.SunProvider security.provider.8=com.sun.security.sasl.Provider security.provider.9=org.jcp.xml.dsig.internal.dom.XMLDSigRI security.provider.10=sun.security.smartcardio.SunPCSC

2. Generate secret key my-key

keytool \ -genseckey \ -alias my-key \ -keyalg AES \ -keysize 128 \ -keystore /path/to/keystore.bcfks \ -storetype BCFKS \ -storepass password \ -keypass password

3. Start ./standalone.sh with this BC FIPS java

4. Run jboss-cli.sh (with normal java)

/subsystem=elytron/credential-store=test:add(relative-to=jboss.server.data.dir,credential-reference={clear-text="password"},implementation-properties={keyAlias=my-key,external=true,externalPath=/path/to/keystore.bcfks,keyStoreType=BCFKS},create=true,location=secretdatafile,modifiable=true)
Show
1. Configure java to use BouncyCastleFipsProvider copy bc-fips-1.0.0.jar into ${JAVA_HOME}/jre/lib/ext update java.security file java.security security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider security.provider.2=sun.security.provider.Sun security.provider.3=sun.security.rsa.SunRsaSign security.provider.4=sun.security.ec.SunEC security.provider.5=com.sun.net.ssl.internal.ssl.Provider BCFIPS security.provider.6=com.sun.crypto.provider.SunJCE security.provider.7=sun.security.jgss.SunProvider security.provider.8=com.sun.security.sasl.Provider security.provider.9=org.jcp.xml.dsig.internal.dom.XMLDSigRI security.provider.10=sun.security.smartcardio.SunPCSC 2. Generate secret key my-key keytool \ -genseckey \ -alias my-key \ -keyalg AES \ -keysize 128 \ -keystore /path/to/keystore.bcfks \ -storetype BCFKS \ -storepass password \ -keypass password 3. Start ./standalone.sh with this BC FIPS java 4. Run jboss-cli.sh (with normal java) /subsystem=elytron/credential-store=test:add(relative-to=jboss.server.data.dir,credential-reference={clear-text= "password" },implementation-properties={keyAlias=my-key,external= true ,externalPath=/path/to/keystore.bcfks,keyStoreType=BCFKS},create= true ,location=secretdatafile,modifiable= true )

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

External Credential Store - mechanism introduced as solution for EAP7-277 is missing parameter for specifying key store location.

This is not necessary for PKCS11 keystore, which it was designed for in first place.
However, if we left it in this way we loose posibility to configure file based keystore types e.g. JKS, BCFKS (Bouncy Castle FIPS Key Store) ...

is cloned by

ELY-1144 External CS is missing key store location attribute

Resolved

is incorporated by

JBEAP-11020 Upgrade WildFly Elytron to 1.1.0.Beta44

Closed

JBEAP-11305 Upgrade WildFly Elytron to 1.1.0.Beta51

Closed

Assignee:: Peter Skopek

Reporter:: Martin Choma

Tester:: Martin Choma

QA Contact:: Martin Choma

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2017/05/09 8:30 AM

Updated:: 2021/10/24 6:18 AM

Resolved:: 2017/06/27 9:31 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates