[JBoss JIRA] (WFCORE-2395) There is NoSuchProviderException when we want to create our custom credential store.
by Hynek Švábek (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2395?page=com.atlassian.jira.plugi... ]
Hynek Švábek resolved WFCORE-2395.
----------------------------------
Resolution: Cannot Reproduce Bug
Wrong configuration, for details see comments on JBEAP jira.
> There is NoSuchProviderException when we want to create our custom credential store.
> ------------------------------------------------------------------------------------
>
> Key: WFCORE-2395
> URL: https://issues.jboss.org/browse/WFCORE-2395
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Hynek Švábek
> Assignee: Peter Skopek
>
> There is NoSuchProviderException when we want to create our custom credential store.
> *How to reproduce*
> # Create module
> Set your own path to customcredstoreprovider.jar downloaded from attachment
> {code}
> module add --name=org.jboss.customcredstore --resources=/tmp/customcredstoreprovider.jar --dependencies=org.wildfly.security.elytron,org.wildfly.extension.elytron --slot=main
> {code}
> # Create provider loader
> {code}
> /subsystem=elytron/provider-loader=cust001:add(providers=[{class-names=[org.jboss.as.test.integration.security.credential.store.CustomElytronProvider],module=org.jboss.customcredstore,load-services=true}],register=true)
> {code}
> # Create credential store
> {code}
> /subsystem=elytron/credential-store=cs0123456:add(uri="cr-store://test/customcredCS123.jceks?create.storage=true", provider=org.jboss.as.test.integration.security.credential.store.CustomElytronProvider, provider-loader=cust001, credential-reference={clear-text=pass123})
> {code}
> *And the result is:*
> {code}
> {
> "outcome" => "failed",
> "failure-description" => {
> "WFLYCTL0080: Failed services" => {"org.wildfly.security.credential-store.cs0123456" => "org.jboss.msc.service.StartException in service org.wildfly.security.credential-store.cs0123456: WFLYELY00004: Unable to start the service.
> Caused by: java.security.NoSuchProviderException: org.jboss.as.test.integration.security.credential.store.CustomElytronProvider"},
> "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.credential-store.cs0123456"],
> "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined
> },
> "rolled-back" => true
> }
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months
[JBoss JIRA] (ELY-836) CredentialStore resource name and CS alias in memory are case sensitive but CredentialStore aliases are persisted in lowercase.
by Hynek Švábek (JIRA)
[ https://issues.jboss.org/browse/ELY-836?page=com.atlassian.jira.plugin.sy... ]
Hynek Švábek edited comment on ELY-836 at 4/5/17 7:23 AM:
----------------------------------------------------------
It was already fixed.
was (Author: hsvabek):
It was fixed yet.
> CredentialStore resource name and CS alias in memory are case sensitive but CredentialStore aliases are persisted in lowercase.
> -------------------------------------------------------------------------------------------------------------------------------
>
> Key: ELY-836
> URL: https://issues.jboss.org/browse/ELY-836
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Credential Store
> Reporter: Hynek Švábek
> Assignee: Peter Skopek
>
> CredentialStore resource name is case sensitive but CredentialStore alias is convert to lowercase.
> *How to reproduce*
> {code}
> /subsystem=elytron/credential-store=csfile001:add(uri="cr-store://test/csfile001.jceks?store.password=pass123;create.storage=true")
> {code}
> {code}
> /subsystem=elytron/credential-store=csfile001/alias=csname001:add(secret-value=secValue123456)
> {code}
> {code}
> /subsystem=elytron/credential-store=csfile001/alias=csNAME001:add(secret-value=secValue987654)
> {code}
> In csfile001.jceks you can see only "csname001" entry.
> *There is biggest problem that in memory are right case sensitive aliases and you can load them. But in backed CS file is only last one in lowercase.*
> {code}
> /subsystem=elytron/credential-store=csfile001/alias=csFF:add(secret-value=Elytron)
> {code}
> {code}
> /subsystem=elytron/credential-store=csfile001/alias=csff:add(secret-value=ElytronWrong)
> {code}
> And now you can use both (csFF and csff) as CredStoreRef alias
> e.g.
> {code}
> /subsystem=elytron/key-store=fireflyKS001:add(path=firefly.keystore,relative-to=jboss.server.data.dir,type=JKS,credential-reference= {store=csfile001,alias=csFF})
> {code}
> Another big problem for me is that you have a lot of CS Alias RESOURCES which reference to ONE entry and update value in CS.
> *NOTE*
> https://docs.oracle.com/javase/8/docs/api/java/security/KeyStore.html
> {code}
> Whether aliases are case sensitive is implementation dependent. In order to avoid problems, it is recommended not to use aliases in a KeyStore that only differ in case.
> {code}
> *Suggestions for solution*
> * We must unite case (in)sensitive between CS keystore file and CS in memory
> * implement case sensitive (Our implementation looks ok, IMO there is another problem with it...)
> * something else
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months
[JBoss JIRA] (ELY-820) CredentialStore is not able to create CS file which was deleted after server startup.
by Hynek Švábek (JIRA)
[ https://issues.jboss.org/browse/ELY-820?page=com.atlassian.jira.plugin.sy... ]
Hynek Švábek resolved ELY-820.
------------------------------
Resolution: Done
It was already fixed.
> CredentialStore is not able to create CS file which was deleted after server startup.
> -------------------------------------------------------------------------------------
>
> Key: ELY-820
> URL: https://issues.jboss.org/browse/ELY-820
> Project: WildFly Elytron
> Issue Type: Bug
> Reporter: Hynek Švábek
> Assignee: Peter Skopek
>
> CredentialStore is not able to create CS file which was deleted after server startup.
> CS file is recreated only if create.storage is set to true. But this feature would work with create.storage too.
> What do you think about it?
> *How to reproduce:*
> these steps are for creating CS file
> /subsystem=elytron/credential-store=recreate001:add(uri="cr-store://test/recreate001.jceks?store.password=pass123;create.storage=true")
> /subsystem=elytron/credential-store=recreate001/alias=alias001:add(secret-value=Elytron)
> *Own reproducer:*
> * /subsystem=elytron/credential-store=recreateCS:add(uri="cr-store://test/recreate001.jceks?store.password=pass123;create.storage=false")
> * /subsystem=elytron/credential-store=recreateCS/alias=alias2:add(secret-value=Elytron123)
> * *NOW* delete recreate001.jceks from filesystem
> * /subsystem=elytron/credential-store=recreateCS/alias=alias3:add(secret-value=Elytron123)
> * FAIL
> {code}
> {
> "outcome" => "failed",
> "failure-description" => "WFLYELY00009: Unable to complete operation. 'ELY09504: Cannot write storage file '/home/hsvabek/securityworkspace/VERIFICATION/CredentialStore_2016_09_14/jboss-eap-7.1.0.DR9/standalone/data/recreate001.jceks' for the store 'recreateCS''",
> "rolled-back" => true
> }
> {code}
> * https://github.com/wildfly-security/wildfly-elytron/blob/5f0ed115ea265240...
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months
[JBoss JIRA] (ELY-836) CredentialStore resource name and CS alias in memory are case sensitive but CredentialStore aliases are persisted in lowercase.
by Hynek Švábek (JIRA)
[ https://issues.jboss.org/browse/ELY-836?page=com.atlassian.jira.plugin.sy... ]
Hynek Švábek resolved ELY-836.
------------------------------
Resolution: Done
It was fixed yet.
> CredentialStore resource name and CS alias in memory are case sensitive but CredentialStore aliases are persisted in lowercase.
> -------------------------------------------------------------------------------------------------------------------------------
>
> Key: ELY-836
> URL: https://issues.jboss.org/browse/ELY-836
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Credential Store
> Reporter: Hynek Švábek
> Assignee: Peter Skopek
>
> CredentialStore resource name is case sensitive but CredentialStore alias is convert to lowercase.
> *How to reproduce*
> {code}
> /subsystem=elytron/credential-store=csfile001:add(uri="cr-store://test/csfile001.jceks?store.password=pass123;create.storage=true")
> {code}
> {code}
> /subsystem=elytron/credential-store=csfile001/alias=csname001:add(secret-value=secValue123456)
> {code}
> {code}
> /subsystem=elytron/credential-store=csfile001/alias=csNAME001:add(secret-value=secValue987654)
> {code}
> In csfile001.jceks you can see only "csname001" entry.
> *There is biggest problem that in memory are right case sensitive aliases and you can load them. But in backed CS file is only last one in lowercase.*
> {code}
> /subsystem=elytron/credential-store=csfile001/alias=csFF:add(secret-value=Elytron)
> {code}
> {code}
> /subsystem=elytron/credential-store=csfile001/alias=csff:add(secret-value=ElytronWrong)
> {code}
> And now you can use both (csFF and csff) as CredStoreRef alias
> e.g.
> {code}
> /subsystem=elytron/key-store=fireflyKS001:add(path=firefly.keystore,relative-to=jboss.server.data.dir,type=JKS,credential-reference= {store=csfile001,alias=csFF})
> {code}
> Another big problem for me is that you have a lot of CS Alias RESOURCES which reference to ONE entry and update value in CS.
> *NOTE*
> https://docs.oracle.com/javase/8/docs/api/java/security/KeyStore.html
> {code}
> Whether aliases are case sensitive is implementation dependent. In order to avoid problems, it is recommended not to use aliases in a KeyStore that only differ in case.
> {code}
> *Suggestions for solution*
> * We must unite case (in)sensitive between CS keystore file and CS in memory
> * implement case sensitive (Our implementation looks ok, IMO there is another problem with it...)
> * something else
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months