Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-11363

Credential reference integration with client-certificate-store does not work

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • 7.1.0.ER1
    • 7.1.0.DR19
    • Security
    • None

      By WFCORE-2483 there were introduced attributes keystore-password-credential-reference and key-password-credential-reference in resource client-certificate-store, which is used when syslog server requires client authentication during TLS handshake.

      However this integration does not work.

      Looking into SyslogAuditLogHandler.java I am missing credential reference retrieving code CredentialReference.getCredentialSourceSupplier

      SyslogAuditLogHandler.java
      if (transport == Transport.TLS){
                          final SSLContext context = SSLContext.getInstance("TLS");
                          KeyManager[] keyManagers = null;
                          if (tlsClientCertStorePath != null){
                              final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                              final FileInputStream in = new FileInputStream(pathManager.resolveRelativePathEntry(tlsClientCertStorePath, tlsClientCertStoreRelativeTo));
                              try {
                                  final KeyStore ks = KeyStore.getInstance("JKS");
                                  ks.load(in, tlsClientCertStorePassword.toCharArray());
                                  kmf.init(ks, tlsClientCertStoreKeyPassword != null ? tlsClientCertStoreKeyPassword.toCharArray() : tlsClientCertStorePassword.toCharArray());
                                  keyManagers = kmf.getKeyManagers();
                              } finally {
                                  IoUtils.safeClose(in);
                              }
                          }
                          TrustManager[] trustManagers = null;
                          if (tlsTrustStorePath != null){
                              final TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                              final FileInputStream in = new FileInputStream(pathManager.resolveRelativePathEntry(tlsTrustStorePath, tlsTrustStoreRelativeTo));
                              try {
                                  final KeyStore ks = KeyStore.getInstance("JKS");
                                  ks.load(in, tlsTrustStorePassword.toCharArray());
                                  tmf.init(ks);
                                  trustManagers = tmf.getTrustManagers();
                              } finally {
                                  IoUtils.safeClose(in);
                              }
                          }
      

              ehugonne1@redhat.com Emmanuel Hugonnet
              mchoma@redhat.com Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: