Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-2505

Key store exported from legacy security domain does not work Elytron filtering-key-store

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Critical
    • 3.0.0.Beta16
    • 3.0.0.Beta6
    • Security
    • None
    • Hide
      1. /subsystem=security/security-domain=cert-roles-domain:add
      2. /subsystem=security/security-domain=cert-roles-domain/jsse=classic:add(truststore={password=secret, url="/path/to/server.truststore.jks"}, keystore={password=secret, url="/path/to/server.keystore.jks"}, client-auth=true)
      3. /subsystem=security/elytron-key-store=eks:add(legacy-jsse-config=cert-roles-domain)
      4. /subsystem=elytron/filtering-key-store=fks:add(alias-filter=ALL,key-store=eks)
      Show
      /subsystem=security/security-domain=cert-roles-domain:add /subsystem=security/security-domain=cert-roles-domain/jsse=classic:add(truststore={password=secret, url="/path/to/server.truststore.jks"}, keystore={password=secret, url="/path/to/server.keystore.jks"}, client-auth=true) /subsystem=security/elytron-key-store=eks:add(legacy-jsse-config=cert-roles-domain) /subsystem=elytron/filtering-key-store=fks:add(alias-filter=ALL,key-store=eks)

    Description

      It is not possible to use a key store exported from legacy security domain (i.e. elytron-key-store) in Elytron filtering-key-store. It results in:

      {
    "outcome" => "failed",
    "failure-description" => {
        "WFLYCTL0080: Failed services" => {"org.wildfly.security.key-store.fks" => "org.jboss.msc.service.StartException in service org.wildfly.security.key-store.fks: java.lang.ClassCastException: org.jboss.as.security.elytron.BasicService cannot be cast to org.wildfly.extension.elytron.ModifiableKeyStoreService
    Caused by: java.lang.ClassCastException: org.jboss.as.security.elytron.BasicService cannot be cast to org.wildfly.extension.elytron.ModifiableKeyStoreService"},
        "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.key-store.fks"]
    },
    "rolled-back" => true
}

      The exported key store is announced as org.wildfly.security.key-store capability. Hence it is expected to work wherever the capability is requested.

      The same applies to elytron-trust-store.

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-9396 Key store exported from legacy security domain does not work Elytron filtering-key-store

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Verified

          Activity

            People

              yborgess1@redhat.com Yeray Borges Santana
              okotek@redhat.com Ondrej Kotek
              Ondrej Kotek Ondrej Kotek
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: