[JBoss JIRA] (WFCORE-2403) CS tool, omitting required param leads to NPE
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2403?page=com.atlassian.jira.plugi... ]
Darran Lofthouse moved WFLY-8187 to WFCORE-2403:
------------------------------------------------
Project: WildFly Core (was: WildFly)
Key: WFCORE-2403 (was: WFLY-8187)
Component/s: Security
(was: Security)
> CS tool, omitting required param leads to NPE
> ---------------------------------------------
>
> Key: WFCORE-2403
> URL: https://issues.jboss.org/browse/WFCORE-2403
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Martin Choma
> Assignee: Darran Lofthouse
> Priority: Blocker
> Labels: credential-store
>
> Omitting required param leads to NPE, e.g. when adding alias without password (-p --password)
> {code}
> java -jar wildfly-elytron-tool.jar credential-store -a test_alis -x admin123 -c -u "cr-store://store-test-1?create=true" -salt 12345678 --iteration 230
> Exception in thread "main" java.lang.NullPointerException
> at java.util.regex.Matcher.getTextLength(Matcher.java:1283)
> at java.util.regex.Matcher.reset(Matcher.java:309)
> at java.util.regex.Matcher.<init>(Matcher.java:229)
> at java.util.regex.Pattern.matcher(Pattern.java:1093)
> at java.util.Formatter.parse(Formatter.java:2547)
> at java.util.Formatter.format(Formatter.java:2501)
> at java.io.PrintStream.format(PrintStream.java:970)
> at java.io.PrintStream.printf(PrintStream.java:871)
> at org.wildfly.security.tool.ElytronTool.main(ElytronTool.java:58)
> {code}
> Help does not document required options. If required option is ommited user is not informed about which parameter is missing. So effectivelly user have no way to find out required parameters.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 8 months
[JBoss JIRA] (WFCORE-2404) Elytron, unable to create custom principal transformer
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2404?page=com.atlassian.jira.plugi... ]
Darran Lofthouse moved WFLY-8152 to WFCORE-2404:
------------------------------------------------
Project: WildFly Core (was: WildFly)
Key: WFCORE-2404 (was: WFLY-8152)
Component/s: Security
(was: Security)
> Elytron, unable to create custom principal transformer
> ------------------------------------------------------
>
> Key: WFCORE-2404
> URL: https://issues.jboss.org/browse/WFCORE-2404
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Martin Choma
> Assignee: Jan Kalina
> Priority: Blocker
>
> When I try to register custom principal transformer I get {{NoClassDefFoundError}}
> {code}
> 07:11:37,203 WARN [org.jboss.modules] (MSC service thread 1-4) Failed to define class org.wildfly.extras.creaper.commands.elytron.mapper.AddCustomPrincipalTransformerImpl in Module "org.jboss.customprincipaltransformerimpl" from local module loader @282ba1e (finder: local module finder @13b6d03 (roots: /home/mchoma/workspace/git-repositories/creaper/testsuite/standalone/target/jboss-as/modules,/home/mchoma/workspace/git-repositories/creaper/testsuite/standalone/target/jboss-as/modules/system/layers/base)): java.lang.NoClassDefFoundError: Failed to link org/wildfly/extras/creaper/commands/elytron/mapper/AddCustomPrincipalTransformerImpl (Module "org.jboss.customprincipaltransformerimpl" from local module loader @282ba1e (finder: local module finder @13b6d03 (roots: /home/mchoma/workspace/git-repositories/creaper/testsuite/standalone/target/jboss-as/modules,/home/mchoma/workspace/git-repositories/creaper/testsuite/standalone/target/jboss-as/modules/system/layers/base))): org/wildfly/extension/elytron/capabilities/PrincipalTransformer
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
> at org.jboss.modules.ModuleClassLoader.defineClass(ModuleClassLoader.java:448)
> at org.jboss.modules.ModuleClassLoader.loadClassLocal(ModuleClassLoader.java:276)
> at org.jboss.modules.ModuleClassLoader$1.loadClassLocal(ModuleClassLoader.java:79)
> at org.jboss.modules.Module.loadModuleClass(Module.java:708)
> at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:192)
> at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:412)
> at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:400)
> at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116)
> at org.wildfly.extension.elytron.CustomComponentDefinition$ComponentAddHandler.createValue(CustomComponentDefinition.java:156)
> at org.wildfly.extension.elytron.CustomComponentDefinition$ComponentAddHandler.lambda$performRuntime$1(CustomComponentDefinition.java:135)
> at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> 07:11:37,204 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.security.principal-transformer.CreaperTestAddCustomPrincipalTransformer: org.jboss.msc.service.StartException in service org.wildfly.security.principal-transformer.CreaperTestAddCustomPrincipalTransformer: Failed to start service
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1978)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.NoClassDefFoundError: Failed to link org/wildfly/extras/creaper/commands/elytron/mapper/AddCustomPrincipalTransformerImpl (Module "org.jboss.customprincipaltransformerimpl" from local module loader @282ba1e (finder: local module finder @13b6d03 (roots: /home/mchoma/workspace/git-repositories/creaper/testsuite/standalone/target/jboss-as/modules,/home/mchoma/workspace/git-repositories/creaper/testsuite/standalone/target/jboss-as/modules/system/layers/base))): org/wildfly/extension/elytron/capabilities/PrincipalTransformer
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
> at org.jboss.modules.ModuleClassLoader.defineClass(ModuleClassLoader.java:448)
> at org.jboss.modules.ModuleClassLoader.loadClassLocal(ModuleClassLoader.java:276)
> at org.jboss.modules.ModuleClassLoader$1.loadClassLocal(ModuleClassLoader.java:79)
> at org.jboss.modules.Module.loadModuleClass(Module.java:708)
> at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:192)
> at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:412)
> at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:400)
> at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116)
> at org.wildfly.extension.elytron.CustomComponentDefinition$ComponentAddHandler.createValue(CustomComponentDefinition.java:156)
> at org.wildfly.extension.elytron.CustomComponentDefinition$ComponentAddHandler.lambda$performRuntime$1(CustomComponentDefinition.java:135)
> at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)
> ... 3 more
> 07:11:37,207 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 3) WFLYCTL0013: Operation ("add") failed - address: ([
> ("subsystem" => "elytron"),
> ("custom-principal-transformer" => "CreaperTestAddCustomPrincipalTransformer")
> ]) - failure description: {
> "WFLYCTL0080: Failed services" => {"org.wildfly.security.principal-transformer.CreaperTestAddCustomPrincipalTransformer" => "org.jboss.msc.service.StartException in service org.wildfly.security.principal-transformer.CreaperTestAddCustomPrincipalTransformer: Failed to start service
> Caused by: java.lang.NoClassDefFoundError: Failed to link org/wildfly/extras/creaper/commands/elytron/mapper/AddCustomPrincipalTransformerImpl (Module \"org.jboss.customprincipaltransformerimpl\" from local module loader @282ba1e (finder: local module finder @13b6d03 (roots: /home/mchoma/workspace/git-repositories/creaper/testsuite/standalone/target/jboss-as/modules,/home/mchoma/workspace/git-repositories/creaper/testsuite/standalone/target/jboss-as/modules/system/layers/base))): org/wildfly/extension/elytron/capabilities/PrincipalTransformer"},
> "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.principal-transformer.CreaperTestAddCustomPrincipalTransformer"]
> }
> {code}
> That works in DR11 without issue
> Here is implementation of used custom prncipal transformer
> {code:java|title=AddCustomPrincipalTransformerImpl.java}
> package org.wildfly.extras.creaper.commands.elytron.mapper;
> import org.wildfly.extension.elytron.Configurable;
> import java.security.Principal;
> import java.util.Map;
> import org.wildfly.extension.elytron.capabilities.PrincipalTransformer;
> public class AddCustomPrincipalTransformerImpl implements PrincipalTransformer, Configurable {
> @Override
> public Principal apply(Principal p) {
> return p;
> }
> @Override
> public void initialize(Map<String, String> configuration) {
> if (configuration.containsKey("throwException")) {
> throw new IllegalStateException("Only test purpose. This exception was thrown on demand.");
> }
> }
> }
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 8 months
[JBoss JIRA] (WFCORE-2405) Credential store file isn't created when we add there new entry in embed-server mode.
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2405?page=com.atlassian.jira.plugi... ]
Darran Lofthouse moved WFLY-7983 to WFCORE-2405:
------------------------------------------------
Project: WildFly Core (was: WildFly)
Key: WFCORE-2405 (was: WFLY-7983)
Component/s: Security
(was: Security)
> Credential store file isn't created when we add there new entry in embed-server mode.
> -------------------------------------------------------------------------------------
>
> Key: WFCORE-2405
> URL: https://issues.jboss.org/browse/WFCORE-2405
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Hynek Švábek
> Assignee: Darran Lofthouse
>
> Credential store file isn't created when we add there new entry in embed-server mode.
> * ./bin/jboss-cli.sh
> * embed-server
> * /subsystem=elytron/credential-store=store001:add(uri="cr-store://test/store001.jceks?create=true", credential-reference={clear-text=pass123})
> * /subsystem=elytron/credential-store=store001/alias=alias001:add(secret-value=secretValue)
> store001.jceks file should be created in JBOSS_HOME directory, but it doesn't.
> When I stop embedded server and start standalone server everything work fine.
> * stop-embedded-server
> * ./bin/standalone.sh
> * connect
> * /subsystem=elytron/credential-store=store001/alias=alias001:add(secret-value=secretValue)
> store001.jceks file is correctly created in JBOSS_HOME directory.
> *NOTE:*
> When I copy there store001.jceks file to JBOSS_HOME directory with same password to access as expected then entry is added correctly.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 8 months
[JBoss JIRA] (WFCORE-2401) Permission added using list-add should be validated before adding to Elytron constant-permission-mapper or simple-permission-mapper
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2401?page=com.atlassian.jira.plugi... ]
Darran Lofthouse moved WFLY-7678 to WFCORE-2401:
------------------------------------------------
Project: WildFly Core (was: WildFly)
Key: WFCORE-2401 (was: WFLY-7678)
Component/s: Security
(was: Security)
Affects Version/s: 3.0.0.Beta7
(was: 11.0.0.Alpha1)
> Permission added using list-add should be validated before adding to Elytron constant-permission-mapper or simple-permission-mapper
> -----------------------------------------------------------------------------------------------------------------------------------
>
> Key: WFCORE-2401
> URL: https://issues.jboss.org/browse/WFCORE-2401
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Affects Versions: 3.0.0.Beta7
> Reporter: Ondrej Kotek
> Assignee: Darran Lofthouse
> Labels: user_experience
>
> Permission object added using {{list-add}} operation should be validated before being added to {{constant-permission-mapper}} or {{simple-permission-mapper}}.
> The reproducer should behave like
> {noformat}
> [standalone@localhost:9990 /] /subsystem=elytron/constant-permission-mapper=cpm:add(permissions=[{class-name=java.io.FilePermission}])
> {
> "outcome" => "failed",
> "failure-description" => {
> "WFLYCTL0080: Failed services" => {"org.wildfly.security.permission-mapper.cpm" => "org.jboss.msc.service.StartException in service org.wildfly.security.permission-mapper.cpm: WFLYELY00021: Exception while creating the permission object for the permission mapping. Please check [class-name], [target-name] (name of permission) and [action] of [java.io.FilePermission].
> Caused by: java.lang.IllegalArgumentException: invalid actions mask"},
> "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.permission-mapper.cpm"],
> "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined
> },
> "rolled-back" => true
> }
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 8 months
[JBoss JIRA] (WFCORE-2402) Required attributes of elytron key-store creation add operation
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2402?page=com.atlassian.jira.plugi... ]
Darran Lofthouse moved WFLY-7125 to WFCORE-2402:
------------------------------------------------
Project: WildFly Core (was: WildFly)
Key: WFCORE-2402 (was: WFLY-7125)
Component/s: Security
(was: Security)
Affects Version/s: 3.0.0.Beta7
(was: 11.0.0.Alpha1)
Fix Version/s: 4.0.0.Alpha1
(was: 11.0.0.Alpha1)
> Required attributes of elytron key-store creation add operation
> ---------------------------------------------------------------
>
> Key: WFCORE-2402
> URL: https://issues.jboss.org/browse/WFCORE-2402
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Affects Versions: 3.0.0.Beta7
> Reporter: Martin Choma
> Assignee: Darran Lofthouse
> Priority: Critical
> Labels: user_experience
> Fix For: 4.0.0.Alpha1
>
>
> Minimal CLI command to create key store is
> {code}
> /subsystem=elytron/key-store=server:add(type="JKS")
> {code}
> But it has these problems:
> * Password attribute has to be required. I can't think of case when that could be ommited.
> * Attribute {{type}} could be optional. If not set default value can be Keystore.getDefaultType(). As model cant't express this, it can be documented in description.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 8 months
[JBoss JIRA] (WFCORE-2395) There is NoSuchProviderException when we want to create our custom credential store.
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2395?page=com.atlassian.jira.plugi... ]
Darran Lofthouse moved WFLY-7881 to WFCORE-2395:
------------------------------------------------
Project: WildFly Core (was: WildFly)
Key: WFCORE-2395 (was: WFLY-7881)
Component/s: Security
(was: Security)
> There is NoSuchProviderException when we want to create our custom credential store.
> ------------------------------------------------------------------------------------
>
> Key: WFCORE-2395
> URL: https://issues.jboss.org/browse/WFCORE-2395
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Hynek Švábek
> Assignee: Peter Skopek
>
> There is NoSuchProviderException when we want to create our custom credential store.
> *How to reproduce*
> # Create module
> Set your own path to customcredstoreprovider.jar downloaded from attachment
> {code}
> module add --name=org.jboss.customcredstore --resources=/tmp/customcredstoreprovider.jar --dependencies=org.wildfly.security.elytron,org.wildfly.extension.elytron --slot=main
> {code}
> # Create provider loader
> {code}
> /subsystem=elytron/provider-loader=cust001:add(providers=[{class-names=[org.jboss.as.test.integration.security.credential.store.CustomElytronProvider],module=org.jboss.customcredstore,load-services=true}],register=true)
> {code}
> # Create credential store
> {code}
> /subsystem=elytron/credential-store=cs0123456:add(uri="cr-store://test/customcredCS123.jceks?create.storage=true", provider=org.jboss.as.test.integration.security.credential.store.CustomElytronProvider, provider-loader=cust001, credential-reference={clear-text=pass123})
> {code}
> *And the result is:*
> {code}
> {
> "outcome" => "failed",
> "failure-description" => {
> "WFLYCTL0080: Failed services" => {"org.wildfly.security.credential-store.cs0123456" => "org.jboss.msc.service.StartException in service org.wildfly.security.credential-store.cs0123456: WFLYELY00004: Unable to start the service.
> Caused by: java.security.NoSuchProviderException: org.jboss.as.test.integration.security.credential.store.CustomElytronProvider"},
> "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.credential-store.cs0123456"],
> "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined
> },
> "rolled-back" => true
> }
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 8 months
[JBoss JIRA] (WFCORE-2394) Coverity static analysis, dereference after null check, KeyStoreCredentialStore (Elytron)
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2394?page=com.atlassian.jira.plugi... ]
Darran Lofthouse moved WFLY-8093 to WFCORE-2394:
------------------------------------------------
Project: WildFly Core (was: WildFly)
Key: WFCORE-2394 (was: WFLY-8093)
Component/s: Security
(was: Security)
> Coverity static analysis, dereference after null check, KeyStoreCredentialStore (Elytron)
> -----------------------------------------------------------------------------------------
>
> Key: WFCORE-2394
> URL: https://issues.jboss.org/browse/WFCORE-2394
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Martin Choma
> Assignee: Darran Lofthouse
> Priority: Critical
>
> Coverity static-analysis scan found possible call on null object in KeyStoreCredentialStore class:
> https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=95642...
> In if branch where flow will get only if location is null, location is dereferenced:
> {code:java|title=KeyStoreCredentialStore.java}
> if (location != null && Files.exists(location))
> try (InputStream fileStream = Files.newInputStream(location)) {
> keyStore.load(fileStream, getStorePassword(protectionParameter));
> enumeration = keyStore.aliases();
> } catch (GeneralSecurityException | IOException e) {
> throw log.cannotInitializeCredentialStore(e);
> } else if (create) {
> try {
> keyStore.load(null, null);
> enumeration = Collections.emptyEnumeration();
> } catch (CertificateException | IOException | NoSuchAlgorithmException e) {
> throw log.cannotInitializeCredentialStore(e);
> }
> } else {
> throw log.automaticStorageCreationDisabled(location.toString());
> }
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 8 months