Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-14702

(7.1.z) Wildfly Elytron Tool, location is required even for non-filebased type e.g. PKCS11

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 7.1.3.CR1, 7.1.3.GA
    • 7.1.2.GA
    • Security
    • None
    • CR1
    • Workaround Exists
    • Hide

      use empty file

      • touch /home/mchoma/Repos/tests-security/fips/target/FipsCsElytronToolTestCase/workaround_file
      • 09:35:42,218 INFO  [com.redhat.eap.qe.cli.CommandExecutor] (main) Command:[/opt/java/jdk-9.0.4_fips/bin/java, -jar, /home/mchoma/Repos/tests-security/fips/target/dist/jboss-eap/bin/wildfly-elytron-tool.jar, credential-store, -c, -a, secret-key, -x, pass123+, -p, pass123+, -l, /home/mchoma/Repos/tests-security/fips/target/FipsCsElytronToolTestCase/workaround_file, -u, keyStoreType=PKCS11;external=true;keyAlias=my-key;externalPath=/home/mchoma/Repos/tests-security/fips/target/FipsCsElytronToolTestCase/secure-data-file, --debug]
09:35:43,601 INFO  [com.redhat.eap.qe.cli.CommandExecutor] (main) Process output:
Alias "secret-key" has been successfully stored
      Show
      use empty file touch /home/mchoma/Repos/tests-security/fips/target/FipsCsElytronToolTestCase/workaround_file 09:35:42,218 INFO [com.redhat.eap.qe.cli.CommandExecutor] (main) Command:[/opt/java/jdk-9.0.4_fips/bin/java, -jar, /home/mchoma/Repos/tests-security/fips/target/dist/jboss-eap/bin/wildfly-elytron-tool.jar, credential-store, -c, -a, secret-key, -x, pass123+, -p, pass123+, -l, /home/mchoma/Repos/tests-security/fips/target/FipsCsElytronToolTestCase/workaround_file, -u, keyStoreType=PKCS11;external= true ;keyAlias=my-key;externalPath=/home/mchoma/Repos/tests-security/fips/target/FipsCsElytronToolTestCase/secure-data-file, --debug] 09:35:43,601 INFO [com.redhat.eap.qe.cli.CommandExecutor] (main) Process output: Alias "secret-key" has been successfully stored
    • Hide 
      /opt/java/jdk-9.0.4_fips/bin/java, -jar, /home/mchoma/Repos/tests-security/fips/target/dist/jboss-eap/bin/wildfly-elytron-tool.jar, credential-store, -c, -a, secret-key, -x, pass123+, -p, pass123+, -u, keyStoreType=PKCS11;external=true;keyAlias=my-key;externalPath=/home/mchoma/Repos/tests-security/fips/target/FipsCsElytronToolTestCase/secure-data-file, --debug

      09:37:56,418 ERROR [com.redhat.eap.qe.cli.CommandExecutor] (main) Exception encountered executing the command:
org.apache.commons.cli.MissingArgumentException: ELYTOOL00016: Option "location" is not specified.
	at org.wildfly.security.tool.CredentialStoreCommand.execute(CredentialStoreCommand.java:157)
	at org.wildfly.security.tool.ElytronTool.main(ElytronTool.java:81)
      Show
      /opt/java/jdk-9.0.4_fips/bin/java, -jar, /home/mchoma/Repos/tests-security/fips/target/dist/jboss-eap/bin/wildfly-elytron-tool.jar, credential-store, -c, -a, secret-key, -x, pass123+, -p, pass123+, -u, keyStoreType=PKCS11;external= true ;keyAlias=my-key;externalPath=/home/mchoma/Repos/tests-security/fips/target/FipsCsElytronToolTestCase/secure-data-file, --debug 09:37:56,418 ERROR [com.redhat.eap.qe.cli.CommandExecutor] (main) Exception encountered executing the command: org.apache.commons.cli.MissingArgumentException: ELYTOOL00016: Option "location" is not specified. at org.wildfly.security.tool.CredentialStoreCommand.execute(CredentialStoreCommand.java:157) at org.wildfly.security.tool.ElytronTool.main(ElytronTool.java:81)
    • EAP 7.1.3

    Description

      Wildfly Elytron tool is not aligned with fix for ELY-1460 - Do not reuse location attribute for externalPath attribute. Make externalPath required when external configured.
      In Wildfly Elytron tool location is mandatory

      CredentialStoreCommand.java
              String location = cmdLine.getOptionValue(STORE_LOCATION_PARAM);
        if (location == null) {
            setStatus(GENERAL_CONFIGURATION_ERROR);
            throw ElytronToolMessages.msg.optionNotSpecified(STORE_LOCATION_PARAM);
        }

      After relaxing this check, double check usage of location, e.g. here

              if ((cmdLine.hasOption(ALIASES_PARAM) || cmdLine.hasOption(CHECK_ALIAS_PARAM)) && !Files.exists(Paths.get(location))) {
            setStatus(GENERAL_CONFIGURATION_ERROR);
            throw ElytronToolMessages.msg.storageFileDoesNotExist(location);
        }

      Attachments

        Issue Links

          causes

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-14827 (7.1.z) Adding a credential store fails when location is not specified

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed
          clones

          Bug - A problem that impairs or prevents the functions of the product. ELY-1576 Wildfly Elytron Tool, location is required even for non-filebased type e.g. PKCS11

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved
          is blocked by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-13441 (7.1.z) External CS, PKCS11 can't be configured with externalPath

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed
          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-23162 [QA](7.4.z) ELY-2304 - Wildfly Elytron Tool, location is required even for non-filebased type e.g. PKCS11

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-14456 (7.1.z) Upgrade Elytron-Tool from 1.0.6 to 1.0.7.Final

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              rhn-support-ivassile Ilia Vassilev
              rhn-support-ivassile Ilia Vassilev
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: