Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-13586

(7.1.z) Credential store type PKCS12 works fine when using OracleJDK and OpenJDK but doesn't work using IBM JDK.

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Critical
    • Resolution: Won't Fix
    • Affects Version/s: 7.1.0.CR3
    • Fix Version/s: None
    • Component/s: Security
    • Labels:
      None
    • Target Release:
    • Steps to Reproduce:
      Hide
      • /subsystem=elytron/credential-store=cs001:add(create=true, location=cs001.pkcs12, relative-to=jboss.server.data.dir, implementation-properties={keyStoreType=PKCS12},credential-reference={clear-text=pass123})
      • /subsystem=elytron/credential-store=cs001:add-alias(alias=alias001, secret-value=alias001secret)

        Then it is enough call same CLI command again (tou can call remove-alias, ..)

      • /subsystem=elytron/credential-store=cs001:add-alias(alias=alias001, secret-value=alias001secret)
        {
            "outcome" => "failed",
            "result" => undefined,
            "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.RuntimeException: WFLYELY00009: Unable to complete operation. 'ELY09504: Cannot acquire a credential from the credential store->Get Key failed: 1.2.840.113549.1.7.1 SecretKeyFactory not available->1.2.840.113549.1.7.1 SecretKeyFactory not available'",
            "rolled-back" => true
        }
        

        We expects here message about Alias already exists in the store

      Show
      /subsystem=elytron/credential-store=cs001:add(create= true , location=cs001.pkcs12, relative-to=jboss.server.data.dir, implementation-properties={keyStoreType=PKCS12},credential-reference={clear-text=pass123}) /subsystem=elytron/credential-store=cs001:add-alias(alias=alias001, secret-value=alias001secret) Then it is enough call same CLI command again (tou can call remove-alias, ..) /subsystem=elytron/credential-store=cs001:add-alias(alias=alias001, secret-value=alias001secret) { "outcome" => "failed" , "result" => undefined, "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.RuntimeException: WFLYELY00009: Unable to complete operation. 'ELY09504: Cannot acquire a credential from the credential store->Get Key failed: 1.2.840.113549.1.7.1 SecretKeyFactory not available->1.2.840.113549.1.7.1 SecretKeyFactory not available' " , "rolled-back" => true } We expects here message about Alias already exists in the store
    • Workaround:
      Workaround Exists

      Description

      Credential store type PKCS12 works fine when using OracleJDK and OpenJDK.
      Problem occurs when we use IBM JDK, add-alias works fine for first time, but for add-alias for second time with same alias name we expect message about duplicity rather than current error message about SecretKeyFactory not availability.

      "WFLYCTL0158: Operation handler failed: java.lang.RuntimeException: WFLYELY00009: Unable to complete operation. 'ELY09504: Cannot acquire a credential from the credential store->Get Key failed: 1.2.840.113549.1.7.1 SecretKeyFactory not available->1.2.840.113549.1.7.1 SecretKeyFactory not available'",
      

      NOTE
      I met same problem with Oracle JDK 1.8 u66, with u144 is everythink ok.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  iweiss Ingo Weiss
                  Reporter:
                  hsvabek Hynek Švábek
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  9 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: