Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-7652

CredentialStore resource name and CS alias in memory are case sensitive but CredentialStore aliases are persisted in lowercase.

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • 7.1.0.DR11
    • 7.1.0.DR9
    • Security
    • None

      CredentialStore resource name is case sensitive but CredentialStore alias is convert to lowercase.

      How to reproduce

      /subsystem=elytron/credential-store=csfile001:add(uri="cr-store://test/csfile001.jceks?store.password=pass123;create.storage=true")
      
      /subsystem=elytron/credential-store=csfile001/alias=csname001:add(secret-value=secValue123456)
      
      /subsystem=elytron/credential-store=csfile001/alias=csNAME001:add(secret-value=secValue987654)
      

      In csfile001.jceks you can see only "csname001" entry.

      There is biggest problem that in memory are right case sensitive aliases and you can load them. But in backed CS file is only last one in lowercase.

      /subsystem=elytron/credential-store=csfile001/alias=csFF:add(secret-value=Elytron)
      
      /subsystem=elytron/credential-store=csfile001/alias=csff:add(secret-value=ElytronWrong)
      

      And now you can use both (csFF and csff) as CredStoreRef alias
      e.g.

      /subsystem=elytron/key-store=fireflyKS001:add(path=firefly.keystore,relative-to=jboss.server.data.dir,type=JKS,credential-reference= {store=csfile001,alias=csFF})
      

      Another big problem for me is that you have a lot of CS Alias RESOURCES which reference to ONE entry and update value in CS.

      NOTE
      https://docs.oracle.com/javase/8/docs/api/java/security/KeyStore.html

      Whether aliases are case sensitive is implementation dependent. In order to avoid problems, it is recommended not to use aliases in a KeyStore that only differ in case. 
      

      Suggestions for solution

      • We must unite case (in)sensitive between CS keystore file and CS in memory
      • implement case sensitive (Our implementation looks ok, IMO there is another problem with it...)
      • something else

              pskopek@redhat.com Peter Skopek
              hsvabek_jira Hynek Švábek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: