Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-14702

(7.1.z) Wildfly Elytron Tool, location is required even for non-filebased type e.g. PKCS11

    Details

    • Target Release:
    • Fix Build:
      CR1
    • Steps to Reproduce:
      Hide
      /opt/java/jdk-9.0.4_fips/bin/java, -jar, /home/mchoma/Repos/tests-security/fips/target/dist/jboss-eap/bin/wildfly-elytron-tool.jar, credential-store, -c, -a, secret-key, -x, pass123+, -p, pass123+, -u, keyStoreType=PKCS11;external=true;keyAlias=my-key;externalPath=/home/mchoma/Repos/tests-security/fips/target/FipsCsElytronToolTestCase/secure-data-file, --debug
      
      09:37:56,418 ERROR [com.redhat.eap.qe.cli.CommandExecutor] (main) Exception encountered executing the command:
      org.apache.commons.cli.MissingArgumentException: ELYTOOL00016: Option "location" is not specified.
      	at org.wildfly.security.tool.CredentialStoreCommand.execute(CredentialStoreCommand.java:157)
      	at org.wildfly.security.tool.ElytronTool.main(ElytronTool.java:81)
      
      Show
      /opt/java/jdk-9.0.4_fips/bin/java, -jar, /home/mchoma/Repos/tests-security/fips/target/dist/jboss-eap/bin/wildfly-elytron-tool.jar, credential-store, -c, -a, secret-key, -x, pass123+, -p, pass123+, -u, keyStoreType=PKCS11;external= true ;keyAlias=my-key;externalPath=/home/mchoma/Repos/tests-security/fips/target/FipsCsElytronToolTestCase/secure-data-file, --debug 09:37:56,418 ERROR [com.redhat.eap.qe.cli.CommandExecutor] (main) Exception encountered executing the command: org.apache.commons.cli.MissingArgumentException: ELYTOOL00016: Option "location" is not specified. at org.wildfly.security.tool.CredentialStoreCommand.execute(CredentialStoreCommand.java:157) at org.wildfly.security.tool.ElytronTool.main(ElytronTool.java:81)
    • Workaround:
      Workaround Exists
    • Workaround Description:
      Hide

      use empty file

      • touch /home/mchoma/Repos/tests-security/fips/target/FipsCsElytronToolTestCase/workaround_file
      • 09:35:42,218 INFO  [com.redhat.eap.qe.cli.CommandExecutor] (main) Command:[/opt/java/jdk-9.0.4_fips/bin/java, -jar, /home/mchoma/Repos/tests-security/fips/target/dist/jboss-eap/bin/wildfly-elytron-tool.jar, credential-store, -c, -a, secret-key, -x, pass123+, -p, pass123+, -l, /home/mchoma/Repos/tests-security/fips/target/FipsCsElytronToolTestCase/workaround_file, -u, keyStoreType=PKCS11;external=true;keyAlias=my-key;externalPath=/home/mchoma/Repos/tests-security/fips/target/FipsCsElytronToolTestCase/secure-data-file, --debug]
        09:35:43,601 INFO  [com.redhat.eap.qe.cli.CommandExecutor] (main) Process output:
        Alias "secret-key" has been successfully stored
        
      Show
      use empty file touch /home/mchoma/Repos/tests-security/fips/target/FipsCsElytronToolTestCase/workaround_file 09:35:42,218 INFO [com.redhat.eap.qe.cli.CommandExecutor] (main) Command:[/opt/java/jdk-9.0.4_fips/bin/java, -jar, /home/mchoma/Repos/tests-security/fips/target/dist/jboss-eap/bin/wildfly-elytron-tool.jar, credential-store, -c, -a, secret-key, -x, pass123+, -p, pass123+, -l, /home/mchoma/Repos/tests-security/fips/target/FipsCsElytronToolTestCase/workaround_file, -u, keyStoreType=PKCS11;external= true ;keyAlias=my-key;externalPath=/home/mchoma/Repos/tests-security/fips/target/FipsCsElytronToolTestCase/secure-data-file, --debug] 09:35:43,601 INFO [com.redhat.eap.qe.cli.CommandExecutor] (main) Process output: Alias "secret-key" has been successfully stored
    • Sprint:
      EAP 7.1.3

      Description

      Wildfly Elytron tool is not aligned with fix for ELY-1460 - Do not reuse location attribute for externalPath attribute. Make externalPath required when external configured.
      In Wildfly Elytron tool location is mandatory

      CredentialStoreCommand.java
              String location = cmdLine.getOptionValue(STORE_LOCATION_PARAM);
              if (location == null) {
                  setStatus(GENERAL_CONFIGURATION_ERROR);
                  throw ElytronToolMessages.msg.optionNotSpecified(STORE_LOCATION_PARAM);
              }
      

      After relaxing this check, double check usage of location, e.g. here

              if ((cmdLine.hasOption(ALIASES_PARAM) || cmdLine.hasOption(CHECK_ALIAS_PARAM)) && !Files.exists(Paths.get(location))) {
                  setStatus(GENERAL_CONFIGURATION_ERROR);
                  throw ElytronToolMessages.msg.storageFileDoesNotExist(location);
              }
      

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  ivassile Ilia Vassilev
                  Reporter:
                  ivassile Ilia Vassilev
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: