Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Blocker
Fix Version/s: 7.1.0.DR17
Affects Version/s: 7.1.0.DR13
Component/s: Security
Labels:
- keystore
- legacy-integration

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.1.0.GA
Git Pull Request:
https://github.com/wildfly-security-incubator/wildfly-core/pull/136
Steps to Reproduce:
Hide

/subsystem=security/security-domain=cert-roles-domain:add

/subsystem=security/security-domain=cert-roles-domain/jsse=classic:add(truststore={password=secret, url="/path/to/server.truststore.jks"}, keystore={password=secret, url="/path/to/server.keystore.jks"}, client-auth=true)

/subsystem=security/elytron-key-store=eks:add(legacy-jsse-config=cert-roles-domain)

/subsystem=elytron/filtering-key-store=fks:add(alias-filter=ALL,key-store=eks)
Show
/subsystem=security/security-domain=cert-roles-domain:add /subsystem=security/security-domain=cert-roles-domain/jsse=classic:add(truststore={password=secret, url="/path/to/server.truststore.jks"}, keystore={password=secret, url="/path/to/server.keystore.jks"}, client-auth=true) /subsystem=security/elytron-key-store=eks:add(legacy-jsse-config=cert-roles-domain) /subsystem=elytron/filtering-key-store=fks:add(alias-filter=ALL,key-store=eks)

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

It is not possible to use a key store exported from legacy security domain (i.e. elytron-key-store) in Elytron filtering-key-store. It results in:

{
    "outcome" => "failed",
    "failure-description" => {
        "WFLYCTL0080: Failed services" => {"org.wildfly.security.key-store.fks" => "org.jboss.msc.service.StartException in service org.wildfly.security.key-store.fks: java.lang.ClassCastException: org.jboss.as.security.elytron.BasicService cannot be cast to org.wildfly.extension.elytron.ModifiableKeyStoreService
    Caused by: java.lang.ClassCastException: org.jboss.as.security.elytron.BasicService cannot be cast to org.wildfly.extension.elytron.ModifiableKeyStoreService"},
        "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.key-store.fks"]
    },
    "rolled-back" => true
}

The exported key store is announced as org.wildfly.security.key-store capability. Hence it is expected to work wherever the capability is requested.

The same applies to elytron-trust-store.

is cloned by

WFCORE-2505 Key store exported from legacy security domain does not work Elytron filtering-key-store

Resolved

is incorporated by

JBEAP-10387 Bulk backport Elytron wfcore changes

Closed

JBEAP-10119 (7.1.0) Upgrade to WildFly Core to 3.0.0.Beta16

Closed

Assignee:: Yeray Borges Santana

Reporter:: Ondrej Kotek

Tester:: Ondrej Kotek

QA Contact:: Ondrej Kotek

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2017/03/08 7:04 AM

Updated:: 2024/09/02 4:44 PM

Resolved:: 2017/04/19 4:27 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates