Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-2682

Elytron token-realm attributes validations

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Major Major
    • 3.0.0.Beta16
    • 3.0.0.Beta13
    • Security
    • None
    • Hide
      • Alternatives 
        • keytool -genkeypair   -keystore localhost.keystore   -alias jboss   -keyalg RSA   -keysize 3072   -validity 36500   -storepass password   -keypass password   -dname "CN=localhost, OU=QE, O=example.com, L=Brno, C=CZ"

          **

          /subsystem=elytron/key-store=myKeyStore:add(type="jks", credential-reference={clear-text=password}, path=localhost.keystore, relative-to=jboss.server.config.dir)

        • [standalone@localhost:9990 /] /subsystem=elytron/token-realm=d:add(jwt={key-store=myKeyStore,certificate=jboss,public-key="-----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA61BjmfXGEvWmegnBGSuS+rU9soUg2FnODva32D1AqhwdziwHINFaD1MVlcrYG6XRKfkcxnaXGfFDWHLEvNBSEVCgJjtHAGZIm5GL/KA86KDp/CwDFMSwluowcXwDwoyinmeOY9eKyh6aY72xJh7noLBBq1N0bWi1e2i+83txOCg4yV2oVXhBo8pYEJ8LT3el6Smxol3C1oFMVdwPgc0vTl25XucMcG/ALE/KNY6pqC2AQ6R2ERlVgPiUWOPatVkt7+Bs3h5Ramxh7XjBOXeulmCpGSynXNcpZ/06+vofGi/2MlpQZNhHAo8eayMp6FcvNucIpUndo1X8dKMv3Y26ZQIDAQAB-----END PUBLIC KEY-----"})
{"outcome" => "success"}
      • Requires 
        • [standalone@localhost:9990 /] /subsystem=elytron/token-realm=f:add(jwt={certificate=alias})
{"outcome" => "success"}

          **

          [standalone@localhost:9990 /] /subsystem=elytron/token-realm=e:add(jwt={key-store=myKeyStore})
{
    "outcome" => "failed",
    "failure-description" => {
        "WFLYCTL0080: Failed services" => {"org.wildfly.security.modifiable-security-realm.e" => "org.jboss.msc.service.StartException in service org.wildfly.security.modifiable-security-realm.e: Failed to start service
    Caused by: java.lang.NullPointerException"},
        "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.modifiable-security-realm.e"]
    },
    "rolled-back" => true
}
      server.log
      	07:44:08,710 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-3) MSC000001: Failed to start service org.wildfly.security.modifiable-security-realm.e: org.jboss.msc.service.StartException in service org.wildfly.security.modifiable-security-realm.e: Failed to start service
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1978)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.NullPointerException
	at sun.security.provider.JavaKeyStore$JKS.convertAlias(JavaKeyStore.java:58)
	at sun.security.provider.JavaKeyStore.engineGetCertificate(JavaKeyStore.java:190)
	at sun.security.provider.JavaKeyStore$JKS.engineGetCertificate(JavaKeyStore.java:56)
	at sun.security.provider.KeyStoreDelegator.engineGetCertificate(KeyStoreDelegator.java:106)
	at sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetCertificate(JavaKeyStore.java:70)
	at java.security.KeyStore.getCertificate(KeyStore.java:1081)
	at org.wildfly.security.keystore.DelegatingKeyStoreSpi.engineGetCertificate(DelegatingKeyStoreSpi.java:65)
	at java.security.KeyStore.getCertificate(KeyStore.java:1081)
	at org.wildfly.security.keystore.DelegatingKeyStoreSpi.engineGetCertificate(DelegatingKeyStoreSpi.java:65)
	at java.security.KeyStore.getCertificate(KeyStore.java:1081)
	at org.wildfly.extension.elytron.TokenRealmDefinition$RealmAddHandler$1.get(TokenRealmDefinition.java:268)
	at org.wildfly.extension.elytron.TokenRealmDefinition$RealmAddHandler$1.get(TokenRealmDefinition.java:247)
	at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)
	... 3 more
      Show
      Alternatives keytool -genkeypair -keystore localhost.keystore -alias jboss -keyalg RSA -keysize 3072 -validity 36500 -storepass password -keypass password -dname "CN=localhost, OU=QE, O=example.com, L=Brno, C=CZ" ** /subsystem=elytron/key-store=myKeyStore:add(type= "jks" , credential-reference={clear-text=password}, path=localhost.keystore, relative-to=jboss.server.config.dir) [standalone@localhost:9990 /] /subsystem=elytron/token-realm=d:add(jwt={key-store=myKeyStore,certificate=jboss, public -key= "-----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA61BjmfXGEvWmegnBGSuS+rU9soUg2FnODva32D1AqhwdziwHINFaD1MVlcrYG6XRKfkcxnaXGfFDWHLEvNBSEVCgJjtHAGZIm5GL/KA86KDp/CwDFMSwluowcXwDwoyinmeOY9eKyh6aY72xJh7noLBBq1N0bWi1e2i+83txOCg4yV2oVXhBo8pYEJ8LT3el6Smxol3C1oFMVdwPgc0vTl25XucMcG/ALE/KNY6pqC2AQ6R2ERlVgPiUWOPatVkt7+Bs3h5Ramxh7XjBOXeulmCpGSynXNcpZ/06+vofGi/2MlpQZNhHAo8eayMp6FcvNucIpUndo1X8dKMv3Y26ZQIDAQAB-----END PUBLIC KEY-----" }) { "outcome" => "success" } Requires [standalone@localhost:9990 /] /subsystem=elytron/token-realm=f:add(jwt={certificate=alias}) { "outcome" => "success" } ** [standalone@localhost:9990 /] /subsystem=elytron/token-realm=e:add(jwt={key-store=myKeyStore}) { "outcome" => "failed" , "failure-description" => { "WFLYCTL0080: Failed services" => { "org.wildfly.security.modifiable-security-realm.e" => "org.jboss.msc.service.StartException in service org.wildfly.security.modifiable-security-realm.e: Failed to start service Caused by: java.lang.NullPointerException"}, "WFLYCTL0412: Required services that are not installed:" => [ "org.wildfly.security.modifiable-security-realm.e" ] }, "rolled-back" => true } server.log 07:44:08,710 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-3) MSC000001: Failed to start service org.wildfly.security.modifiable-security-realm.e: org.jboss.msc.service.StartException in service org.wildfly.security.modifiable-security-realm.e: Failed to start service at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1978) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang. Thread .run( Thread .java:745) Caused by: java.lang.NullPointerException at sun.security.provider.JavaKeyStore$JKS.convertAlias(JavaKeyStore.java:58) at sun.security.provider.JavaKeyStore.engineGetCertificate(JavaKeyStore.java:190) at sun.security.provider.JavaKeyStore$JKS.engineGetCertificate(JavaKeyStore.java:56) at sun.security.provider.KeyStoreDelegator.engineGetCertificate(KeyStoreDelegator.java:106) at sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetCertificate(JavaKeyStore.java:70) at java.security.KeyStore.getCertificate(KeyStore.java:1081) at org.wildfly.security.keystore.DelegatingKeyStoreSpi.engineGetCertificate(DelegatingKeyStoreSpi.java:65) at java.security.KeyStore.getCertificate(KeyStore.java:1081) at org.wildfly.security.keystore.DelegatingKeyStoreSpi.engineGetCertificate(DelegatingKeyStoreSpi.java:65) at java.security.KeyStore.getCertificate(KeyStore.java:1081) at org.wildfly.extension.elytron.TokenRealmDefinition$RealmAddHandler$1.get(TokenRealmDefinition.java:268) at org.wildfly.extension.elytron.TokenRealmDefinition$RealmAddHandler$1.get(TokenRealmDefinition.java:247) at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032) at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955) ... 3 more

      • I am able to set both key-store and public-key attributes. However based on model they should be alternatives and thus only one of them should be allowed.
      • Althought, key-store and certificate are configured as requires in model, validation does not work.

      Seems it is caused by WFCORE-2317.

      "public-key" => {
    "type" => STRING,
    "description" => "A public key in PEM Format. During validation, if a public key is provided, signature will be verified based on the key you provided here.",
    "expressions-allowed" => true,
    "required" => false,
    "nillable" => true,
    "alternatives" => [
        "key-store",
        "certificate"
    ],
    "min-length" => 1L,
    "max-length" => 2147483647L
},
"key-store" => {
    "type" => STRING,
    "description" => "A key store from where the certificate with a public key should be loaded from.",
    "expressions-allowed" => false,
    "required" => false,
    "nillable" => true,
    "alternatives" => ["public-key"],
    "requires" => ["certificate"],
    "capability-reference" => "org.wildfly.security.key-store",
    "min-length" => 1L,
    "max-length" => 2147483647L
},
"certificate" => {
    "type" => STRING,
    "description" => "The name of the certificate with a public key to load from the key store.",
    "expressions-allowed" => true,
    "required" => false,
    "nillable" => true,
    "alternatives" => ["public-key"],
    "requires" => ["key-store"],
    "min-length" => 1L,
    "max-length" => 2147483647L
}

              Unassigned Unassigned
              mchoma@redhat.com Martin Choma
              Martin Choma Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: