Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-2923

Credential reference integration with client-certificate-store does not work

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Blocker
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 3.0.0.Beta25
    • Component/s: Security
    • Labels:
      None

      Description

      By WFCORE-2483 there were introduced attributes keystore-password-credential-reference and key-password-credential-reference in resource client-certificate-store, which is used when syslog server requires client authentication during TLS handshake.

      However this integration does not work.

      Looking into SyslogAuditLogHandler.java I am missing credential reference retrieving code CredentialReference.getCredentialSourceSupplier

      SyslogAuditLogHandler.java
      if (transport == Transport.TLS){
                          final SSLContext context = SSLContext.getInstance("TLS");
                          KeyManager[] keyManagers = null;
                          if (tlsClientCertStorePath != null){
                              final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                              final FileInputStream in = new FileInputStream(pathManager.resolveRelativePathEntry(tlsClientCertStorePath, tlsClientCertStoreRelativeTo));
                              try {
                                  final KeyStore ks = KeyStore.getInstance("JKS");
                                  ks.load(in, tlsClientCertStorePassword.toCharArray());
                                  kmf.init(ks, tlsClientCertStoreKeyPassword != null ? tlsClientCertStoreKeyPassword.toCharArray() : tlsClientCertStorePassword.toCharArray());
                                  keyManagers = kmf.getKeyManagers();
                              } finally {
                                  IoUtils.safeClose(in);
                              }
                          }
                          TrustManager[] trustManagers = null;
                          if (tlsTrustStorePath != null){
                              final TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                              final FileInputStream in = new FileInputStream(pathManager.resolveRelativePathEntry(tlsTrustStorePath, tlsTrustStoreRelativeTo));
                              try {
                                  final KeyStore ks = KeyStore.getInstance("JKS");
                                  ks.load(in, tlsTrustStorePassword.toCharArray());
                                  tmf.init(ks);
                                  trustManagers = tmf.getTrustManagers();
                              } finally {
                                  IoUtils.safeClose(in);
                              }
                          }
      

      Tes (Ignored) https://github.com/wildfly/wildfly-core/pull/2513

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  ehugonnet Emmanuel Hugonnet
                  Reporter:
                  mchoma Martin Choma
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: