Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-2505

Key store exported from legacy security domain does not work Elytron filtering-key-store

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • 3.0.0.Beta16
    • 3.0.0.Beta6
    • Security
    • None
    • Hide
      1. /subsystem=security/security-domain=cert-roles-domain:add
      2. /subsystem=security/security-domain=cert-roles-domain/jsse=classic:add(truststore={password=secret, url="/path/to/server.truststore.jks"}, keystore={password=secret, url="/path/to/server.keystore.jks"}, client-auth=true)
      3. /subsystem=security/elytron-key-store=eks:add(legacy-jsse-config=cert-roles-domain)
      4. /subsystem=elytron/filtering-key-store=fks:add(alias-filter=ALL,key-store=eks)
      Show
      /subsystem=security/security-domain=cert-roles-domain:add /subsystem=security/security-domain=cert-roles-domain/jsse=classic:add(truststore={password=secret, url="/path/to/server.truststore.jks"}, keystore={password=secret, url="/path/to/server.keystore.jks"}, client-auth=true) /subsystem=security/elytron-key-store=eks:add(legacy-jsse-config=cert-roles-domain) /subsystem=elytron/filtering-key-store=fks:add(alias-filter=ALL,key-store=eks)

      It is not possible to use a key store exported from legacy security domain (i.e. elytron-key-store) in Elytron filtering-key-store. It results in:

      {
    "outcome" => "failed",
    "failure-description" => {
        "WFLYCTL0080: Failed services" => {"org.wildfly.security.key-store.fks" => "org.jboss.msc.service.StartException in service org.wildfly.security.key-store.fks: java.lang.ClassCastException: org.jboss.as.security.elytron.BasicService cannot be cast to org.wildfly.extension.elytron.ModifiableKeyStoreService
    Caused by: java.lang.ClassCastException: org.jboss.as.security.elytron.BasicService cannot be cast to org.wildfly.extension.elytron.ModifiableKeyStoreService"},
        "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.key-store.fks"]
    },
    "rolled-back" => true
}

      The exported key store is announced as org.wildfly.security.key-store capability. Hence it is expected to work wherever the capability is requested.

      The same applies to elytron-trust-store.

              yborgess1@redhat.com Yeray Borges Santana
              okotek@redhat.com Ondrej Kotek
              Ondrej Kotek Ondrej Kotek
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: