Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-9396

Key store exported from legacy security domain does not work Elytron filtering-key-store

XMLWordPrintable

    • Hide
      1. /subsystem=security/security-domain=cert-roles-domain:add
      2. /subsystem=security/security-domain=cert-roles-domain/jsse=classic:add(truststore={password=secret, url="/path/to/server.truststore.jks"}, keystore={password=secret, url="/path/to/server.keystore.jks"}, client-auth=true)
      3. /subsystem=security/elytron-key-store=eks:add(legacy-jsse-config=cert-roles-domain)
      4. /subsystem=elytron/filtering-key-store=fks:add(alias-filter=ALL,key-store=eks)
      Show
      /subsystem=security/security-domain=cert-roles-domain:add /subsystem=security/security-domain=cert-roles-domain/jsse=classic:add(truststore={password=secret, url="/path/to/server.truststore.jks"}, keystore={password=secret, url="/path/to/server.keystore.jks"}, client-auth=true) /subsystem=security/elytron-key-store=eks:add(legacy-jsse-config=cert-roles-domain) /subsystem=elytron/filtering-key-store=fks:add(alias-filter=ALL,key-store=eks)

      It is not possible to use a key store exported from legacy security domain (i.e. elytron-key-store) in Elytron filtering-key-store. It results in:

      {
          "outcome" => "failed",
          "failure-description" => {
              "WFLYCTL0080: Failed services" => {"org.wildfly.security.key-store.fks" => "org.jboss.msc.service.StartException in service org.wildfly.security.key-store.fks: java.lang.ClassCastException: org.jboss.as.security.elytron.BasicService cannot be cast to org.wildfly.extension.elytron.ModifiableKeyStoreService
          Caused by: java.lang.ClassCastException: org.jboss.as.security.elytron.BasicService cannot be cast to org.wildfly.extension.elytron.ModifiableKeyStoreService"},
              "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.key-store.fks"]
          },
          "rolled-back" => true
      }
      

      The exported key store is announced as org.wildfly.security.key-store capability. Hence it is expected to work wherever the capability is requested.

      The same applies to elytron-trust-store.

              yborgess1@redhat.com Yeray Borges Santana
              okotek@redhat.com Ondrej Kotek
              Ondrej Kotek Ondrej Kotek
              Ondrej Kotek Ondrej Kotek
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: