Loading...

XML

Word

Printable

Type: Bug
Resolution: Not a Bug
Priority: Major
Fix Version/s: None
Affects Version/s: 8.0.0.GA-CR1
Component/s: Security
Labels:
None

Blocked:
False
Blocked Reason:
None
Ready:
False
CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Release Note Type:
Known Issue
Target Release:

8.0.z.GA
Steps to Reproduce:

Hide

/subsystem=elytron/key-store=keystore:add(path=keystore, relative-to=jboss.server.config.dir, credential-reference={clear-text=secret})
/subsystem=elytron/key-store=keystore:generate-key-pair(alias=user,algorithm=RSA,key-size=1024,validity=365,distinguished-name="CN=localhost")
/subsystem=elytron/key-store=keystore:store()

/subsystem=elytron/filesystem-realm=integrityfsRealm:add(path=integrityfsRealm,relative-to=jboss.server.config.dir, key-store=keystore, key-store-alias=user)
/subsystem=elytron/filesystem-realm=integrityfsRealm:add-identity(identity=quickstartUser)
/subsystem=elytron/filesystem-realm=integrityfsRealm:set-password(digest={algorithm=digest-md5, realm=fsRealm, password=password123!}, identity=quickstartUser)
/subsystem=elytron/filesystem-realm=integrityfsRealm:add-identity-attribute(identity=quickstartUser, name=Roles, value=["Admin", "Guest"])

/subsystem=elytron/filesystem-realm=integrityfsRealm:verify-integrity()

/subsystem=elytron/key-store=keystore2:add(path=keystore2, relative-to=jboss.server.config.dir, credential-reference={clear-text=secret})
/subsystem=elytron/key-store=keystore2:generate-key-pair(alias=user2,algorithm=RSA,key-size=1024,validity=365,distinguished-name="CN=localhost")
/subsystem=elytron/key-store=keystore2:store()
/subsystem=elytron/filesystem-realm=integrityfsRealm:write-attribute(name=key-store, value=keystore2)
/subsystem=elytron/filesystem-realm=integrityfsRealm:write-attribute(name=key-store-alias, value=user2)
/subsystem=elytron/filesystem-realm=integrityfsRealm:update-key-pair()
reload

/subsystem=elytron/filesystem-realm=integrityfsRealm:verify-integrity()

The last command fails with:
{ "outcome" => "failed", "failure-description" => "WFLYELY01217: Realm verification failed, invalid signatures for the identities: [quickstartUser]", "rolled-back" => true }

Show
/subsystem=elytron/key-store=keystore:add(path=keystore, relative-to=jboss.server.config.dir, credential-reference={clear-text=secret}) /subsystem=elytron/key-store=keystore:generate-key-pair(alias=user,algorithm=RSA,key-size=1024,validity=365,distinguished-name="CN=localhost") /subsystem=elytron/key-store=keystore:store() /subsystem=elytron/filesystem-realm=integrityfsRealm:add(path=integrityfsRealm,relative-to=jboss.server.config.dir, key-store=keystore, key-store-alias=user) /subsystem=elytron/filesystem-realm=integrityfsRealm:add-identity(identity=quickstartUser) /subsystem=elytron/filesystem-realm=integrityfsRealm:set-password(digest={algorithm=digest-md5, realm=fsRealm, password=password123!}, identity=quickstartUser) /subsystem=elytron/filesystem-realm=integrityfsRealm:add-identity-attribute(identity=quickstartUser, name=Roles, value= ["Admin", "Guest"] ) /subsystem=elytron/filesystem-realm=integrityfsRealm:verify-integrity() /subsystem=elytron/key-store=keystore2:add(path=keystore2, relative-to=jboss.server.config.dir, credential-reference={clear-text=secret}) /subsystem=elytron/key-store=keystore2:generate-key-pair(alias=user2,algorithm=RSA,key-size=1024,validity=365,distinguished-name="CN=localhost") /subsystem=elytron/key-store=keystore2:store() /subsystem=elytron/filesystem-realm=integrityfsRealm:write-attribute(name=key-store, value=keystore2) /subsystem=elytron/filesystem-realm=integrityfsRealm:write-attribute(name=key-store-alias, value=user2) /subsystem=elytron/filesystem-realm=integrityfsRealm:update-key-pair() reload /subsystem=elytron/filesystem-realm=integrityfsRealm:verify-integrity() The last command fails with: { "outcome" => "failed", "failure-description" => "WFLYELY01217: Realm verification failed, invalid signatures for the identities: [quickstartUser]", "rolled-back" => true }
Intelligence Requested:
Market:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

The verification of integrity fails every time after the update-key-pair() operation.
Additionally, if we manipulate an identity and call the update-key-pair operation, it passes successfully. The expected behaviour is for the operation to fail because the integrity has been compromised.

is cloned by

ELY-2702 Filesystem realm's update-key-pair operation does not work as expected

Closed

relates to

JBEAP-26696 (8.0.z) WFLY-18985 - Update WildFly docs to include reload operation required to valid key-store attributes update on Filesystem Security Realm

Closed

Assignee:: Lukas Vydra

Reporter:: Diana Krepinska (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2023/10/27 11:19 AM

Updated:: 2024/02/27 11:31 AM

Resolved:: 2024/02/27 11:31 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates