-
Bug
-
Resolution: Done
-
Critical
-
7.1.0.DR9
-
None
CredentialStore resource name is case sensitive but CredentialStore alias is convert to lowercase.
How to reproduce
/subsystem=elytron/credential-store=csfile001:add(uri="cr-store://test/csfile001.jceks?store.password=pass123;create.storage=true")
/subsystem=elytron/credential-store=csfile001/alias=csname001:add(secret-value=secValue123456)
/subsystem=elytron/credential-store=csfile001/alias=csNAME001:add(secret-value=secValue987654)
In csfile001.jceks you can see only "csname001" entry.
There is biggest problem that in memory are right case sensitive aliases and you can load them. But in backed CS file is only last one in lowercase.
/subsystem=elytron/credential-store=csfile001/alias=csFF:add(secret-value=Elytron)
/subsystem=elytron/credential-store=csfile001/alias=csff:add(secret-value=ElytronWrong)
And now you can use both (csFF and csff) as CredStoreRef alias
e.g.
/subsystem=elytron/key-store=fireflyKS001:add(path=firefly.keystore,relative-to=jboss.server.data.dir,type=JKS,credential-reference= {store=csfile001,alias=csFF})
Another big problem for me is that you have a lot of CS Alias RESOURCES which reference to ONE entry and update value in CS.
NOTE
https://docs.oracle.com/javase/8/docs/api/java/security/KeyStore.html
Whether aliases are case sensitive is implementation dependent. In order to avoid problems, it is recommended not to use aliases in a KeyStore that only differ in case.
Suggestions for solution
- We must unite case (in)sensitive between CS keystore file and CS in memory
- implement case sensitive (Our implementation looks ok, IMO there is another problem with it...)
- something else
- blocks
-
JBEAP-8571 CredentialStore issues
- Resolved
- is cloned by
-
ELY-836 CredentialStore resource name and CS alias in memory are case sensitive but CredentialStore aliases are persisted in lowercase.
- Resolved
- relates to
-
WFCORE-2556 Aliases in credential stores should be case insensitive
- Resolved