[JBoss JIRA] (WFCORE-2923) Credential reference integration with client-certificate-store does not work
by Martin Choma (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2923?page=com.atlassian.jira.plugi... ]
Martin Choma updated WFCORE-2923:
---------------------------------
Description:
By WFCORE-2483 there were introduced attributes {{keystore-password-credential-reference}} and {{key-password-credential-reference}} in resource {{client-certificate-store}}, which is used when syslog server requires client authentication during TLS handshake.
However this integration does not work.
Looking into SyslogAuditLogHandler.java I am missing credential reference retrieving code {{CredentialReference.getCredentialSourceSupplier}}
{code:java|title=SyslogAuditLogHandler.java}
if (transport == Transport.TLS){
final SSLContext context = SSLContext.getInstance("TLS");
KeyManager[] keyManagers = null;
if (tlsClientCertStorePath != null){
final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
final FileInputStream in = new FileInputStream(pathManager.resolveRelativePathEntry(tlsClientCertStorePath, tlsClientCertStoreRelativeTo));
try {
final KeyStore ks = KeyStore.getInstance("JKS");
ks.load(in, tlsClientCertStorePassword.toCharArray());
kmf.init(ks, tlsClientCertStoreKeyPassword != null ? tlsClientCertStoreKeyPassword.toCharArray() : tlsClientCertStorePassword.toCharArray());
keyManagers = kmf.getKeyManagers();
} finally {
IoUtils.safeClose(in);
}
}
TrustManager[] trustManagers = null;
if (tlsTrustStorePath != null){
final TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
final FileInputStream in = new FileInputStream(pathManager.resolveRelativePathEntry(tlsTrustStorePath, tlsTrustStoreRelativeTo));
try {
final KeyStore ks = KeyStore.getInstance("JKS");
ks.load(in, tlsTrustStorePassword.toCharArray());
tmf.init(ks);
trustManagers = tmf.getTrustManagers();
} finally {
IoUtils.safeClose(in);
}
}
{code}
Tes (Ignored) https://github.com/wildfly/wildfly-core/pull/2513
was:
By WFCORE-2483 there were introduced attributes {{keystore-password-credential-reference}} and {{key-password-credential-reference}} in resource {{client-certificate-store}}, which is used when syslog server requires client authentication during TLS handshake.
However this integration does not work.
Looking into SyslogAuditLogHandler.java I am missing credential reference retrieving code {{CredentialReference.getCredentialSourceSupplier}}
{code:java|title=SyslogAuditLogHandler.java}
if (transport == Transport.TLS){
final SSLContext context = SSLContext.getInstance("TLS");
KeyManager[] keyManagers = null;
if (tlsClientCertStorePath != null){
final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
final FileInputStream in = new FileInputStream(pathManager.resolveRelativePathEntry(tlsClientCertStorePath, tlsClientCertStoreRelativeTo));
try {
final KeyStore ks = KeyStore.getInstance("JKS");
ks.load(in, tlsClientCertStorePassword.toCharArray());
kmf.init(ks, tlsClientCertStoreKeyPassword != null ? tlsClientCertStoreKeyPassword.toCharArray() : tlsClientCertStorePassword.toCharArray());
keyManagers = kmf.getKeyManagers();
} finally {
IoUtils.safeClose(in);
}
}
TrustManager[] trustManagers = null;
if (tlsTrustStorePath != null){
final TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
final FileInputStream in = new FileInputStream(pathManager.resolveRelativePathEntry(tlsTrustStorePath, tlsTrustStoreRelativeTo));
try {
final KeyStore ks = KeyStore.getInstance("JKS");
ks.load(in, tlsTrustStorePassword.toCharArray());
tmf.init(ks);
trustManagers = tmf.getTrustManagers();
} finally {
IoUtils.safeClose(in);
}
}
{code}
> Credential reference integration with client-certificate-store does not work
> ----------------------------------------------------------------------------
>
> Key: WFCORE-2923
> URL: https://issues.jboss.org/browse/WFCORE-2923
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Martin Choma
> Assignee: Darran Lofthouse
> Priority: Blocker
>
> By WFCORE-2483 there were introduced attributes {{keystore-password-credential-reference}} and {{key-password-credential-reference}} in resource {{client-certificate-store}}, which is used when syslog server requires client authentication during TLS handshake.
> However this integration does not work.
> Looking into SyslogAuditLogHandler.java I am missing credential reference retrieving code {{CredentialReference.getCredentialSourceSupplier}}
> {code:java|title=SyslogAuditLogHandler.java}
> if (transport == Transport.TLS){
> final SSLContext context = SSLContext.getInstance("TLS");
> KeyManager[] keyManagers = null;
> if (tlsClientCertStorePath != null){
> final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
> final FileInputStream in = new FileInputStream(pathManager.resolveRelativePathEntry(tlsClientCertStorePath, tlsClientCertStoreRelativeTo));
> try {
> final KeyStore ks = KeyStore.getInstance("JKS");
> ks.load(in, tlsClientCertStorePassword.toCharArray());
> kmf.init(ks, tlsClientCertStoreKeyPassword != null ? tlsClientCertStoreKeyPassword.toCharArray() : tlsClientCertStorePassword.toCharArray());
> keyManagers = kmf.getKeyManagers();
> } finally {
> IoUtils.safeClose(in);
> }
> }
> TrustManager[] trustManagers = null;
> if (tlsTrustStorePath != null){
> final TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
> final FileInputStream in = new FileInputStream(pathManager.resolveRelativePathEntry(tlsTrustStorePath, tlsTrustStoreRelativeTo));
> try {
> final KeyStore ks = KeyStore.getInstance("JKS");
> ks.load(in, tlsTrustStorePassword.toCharArray());
> tmf.init(ks);
> trustManagers = tmf.getTrustManagers();
> } finally {
> IoUtils.safeClose(in);
> }
> }
> {code}
> Tes (Ignored) https://github.com/wildfly/wildfly-core/pull/2513
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 1 month
[JBoss JIRA] (WFCORE-2923) Credential reference integration with client-certificate-store does not work
by Martin Choma (JIRA)
Martin Choma created WFCORE-2923:
------------------------------------
Summary: Credential reference integration with client-certificate-store does not work
Key: WFCORE-2923
URL: https://issues.jboss.org/browse/WFCORE-2923
Project: WildFly Core
Issue Type: Bug
Components: Security
Reporter: Martin Choma
Assignee: Darran Lofthouse
Priority: Blocker
By WFCORE-2483 there were introduced attributes {{keystore-password-credential-reference}} and {{key-password-credential-reference}} in resource {{client-certificate-store}}, which is used when syslog server requires client authentication during TLS handshake.
However this integration does not work.
Looking into SyslogAuditLogHandler.java I am missing credential reference retrieving code {{CredentialReference.getCredentialSourceSupplier}}
{code:java|title=SyslogAuditLogHandler.java}
if (transport == Transport.TLS){
final SSLContext context = SSLContext.getInstance("TLS");
KeyManager[] keyManagers = null;
if (tlsClientCertStorePath != null){
final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
final FileInputStream in = new FileInputStream(pathManager.resolveRelativePathEntry(tlsClientCertStorePath, tlsClientCertStoreRelativeTo));
try {
final KeyStore ks = KeyStore.getInstance("JKS");
ks.load(in, tlsClientCertStorePassword.toCharArray());
kmf.init(ks, tlsClientCertStoreKeyPassword != null ? tlsClientCertStoreKeyPassword.toCharArray() : tlsClientCertStorePassword.toCharArray());
keyManagers = kmf.getKeyManagers();
} finally {
IoUtils.safeClose(in);
}
}
TrustManager[] trustManagers = null;
if (tlsTrustStorePath != null){
final TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
final FileInputStream in = new FileInputStream(pathManager.resolveRelativePathEntry(tlsTrustStorePath, tlsTrustStoreRelativeTo));
try {
final KeyStore ks = KeyStore.getInstance("JKS");
ks.load(in, tlsTrustStorePassword.toCharArray());
tmf.init(ks);
trustManagers = tmf.getTrustManagers();
} finally {
IoUtils.safeClose(in);
}
}
{code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 1 month
[JBoss JIRA] (WFLY-8895) Upstream dependencies BOMs
by Tomaz Cerar (JIRA)
[ https://issues.jboss.org/browse/WFLY-8895?page=com.atlassian.jira.plugin.... ]
Tomaz Cerar moved JBEAP-11362 to WFLY-8895:
-------------------------------------------
Project: WildFly (was: JBoss Enterprise Application Platform)
Key: WFLY-8895 (was: JBEAP-11362)
Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1)
Component/s: Build System
(was: Maven Repository)
Affects Version/s: (was: 7.1.0.DR19)
> Upstream dependencies BOMs
> --------------------------
>
> Key: WFLY-8895
> URL: https://issues.jboss.org/browse/WFLY-8895
> Project: WildFly
> Issue Type: Bug
> Components: Build System
> Reporter: Tomaz Cerar
> Assignee: Petr Sakař
> Priority: Critical
> Labels: eap71_beta
>
> There is upstream dependency in EJB client legacy BOM dependency tree:
> {{org.wildfly.client:wildfly-client-config:jar:1.0.0.Beta4:compile}}
> Full dependency tree is:
> {code}
> \- org.jboss.eap:wildfly-ejb-client-legacy-bom:pom:7.1.0.Beta1-redhat-4:compile
> +- org.jboss:jboss-ejb-client-legacy:jar:3.0.0.Beta7-redhat-1:compile
> +- org.jboss.logging:jboss-logging:jar:3.3.1.Final-redhat-1:compile
> +- org.jboss.marshalling:jboss-marshalling:jar:2.0.0.Beta8-redhat-1:compile
> +- org.jboss.marshalling:jboss-marshalling-river:jar:2.0.0.Beta8-redhat-1:compile
> +- org.jboss.remoting:jboss-remoting:jar:5.0.0.Beta24-redhat-1:compile
> | \- org.wildfly.client:wildfly-client-config:jar:1.0.0.Beta4:compile
> +- org.jboss.spec.javax.transaction:jboss-transaction-api_1.2_spec:jar:1.0.1.Final-redhat-1:compile
> +- org.jboss.spec.javax.ejb:jboss-ejb-api_3.2_spec:jar:1.0.0.Final-redhat-1:compile
> +- org.jboss.xnio:xnio-api:jar:3.5.0.Beta6-redhat-1:compile
> +- org.jboss.xnio:xnio-nio:jar:3.5.0.Beta6-redhat-1:compile
> +- org.wildfly:wildfly-naming-client:jar:1.0.0.Beta15-redhat-1:compile
> +- org.wildfly.common:wildfly-common:jar:1.2.0.Beta10-redhat-1:compile
> \- org.wildfly.security:wildfly-elytron:jar:1.1.0.Beta47-redhat-1:compile
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 1 month
[JBoss JIRA] (WFLY-8895) Upstream dependencies BOMs
by Tomaz Cerar (JIRA)
[ https://issues.jboss.org/browse/WFLY-8895?page=com.atlassian.jira.plugin.... ]
Tomaz Cerar reassigned WFLY-8895:
---------------------------------
Assignee: Tomaz Cerar (was: Petr Sakař)
> Upstream dependencies BOMs
> --------------------------
>
> Key: WFLY-8895
> URL: https://issues.jboss.org/browse/WFLY-8895
> Project: WildFly
> Issue Type: Bug
> Components: Build System
> Reporter: Tomaz Cerar
> Assignee: Tomaz Cerar
> Priority: Critical
> Labels: eap71_beta
>
> There is upstream dependency in EJB client legacy BOM dependency tree:
> {{org.wildfly.client:wildfly-client-config:jar:1.0.0.Beta4:compile}}
> Full dependency tree is:
> {code}
> \- org.jboss.eap:wildfly-ejb-client-legacy-bom:pom:7.1.0.Beta1-redhat-4:compile
> +- org.jboss:jboss-ejb-client-legacy:jar:3.0.0.Beta7-redhat-1:compile
> +- org.jboss.logging:jboss-logging:jar:3.3.1.Final-redhat-1:compile
> +- org.jboss.marshalling:jboss-marshalling:jar:2.0.0.Beta8-redhat-1:compile
> +- org.jboss.marshalling:jboss-marshalling-river:jar:2.0.0.Beta8-redhat-1:compile
> +- org.jboss.remoting:jboss-remoting:jar:5.0.0.Beta24-redhat-1:compile
> | \- org.wildfly.client:wildfly-client-config:jar:1.0.0.Beta4:compile
> +- org.jboss.spec.javax.transaction:jboss-transaction-api_1.2_spec:jar:1.0.1.Final-redhat-1:compile
> +- org.jboss.spec.javax.ejb:jboss-ejb-api_3.2_spec:jar:1.0.0.Final-redhat-1:compile
> +- org.jboss.xnio:xnio-api:jar:3.5.0.Beta6-redhat-1:compile
> +- org.jboss.xnio:xnio-nio:jar:3.5.0.Beta6-redhat-1:compile
> +- org.wildfly:wildfly-naming-client:jar:1.0.0.Beta15-redhat-1:compile
> +- org.wildfly.common:wildfly-common:jar:1.2.0.Beta10-redhat-1:compile
> \- org.wildfly.security:wildfly-elytron:jar:1.1.0.Beta47-redhat-1:compile
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 1 month
[JBoss JIRA] (ELY-1225) Elytron - Write SASL mechanism implementing class into trace log
by Jan Kalina (JIRA)
[ https://issues.jboss.org/browse/ELY-1225?page=com.atlassian.jira.plugin.s... ]
Jan Kalina moved JBEAP-11360 to ELY-1225:
-----------------------------------------
Project: WildFly Elytron (was: JBoss Enterprise Application Platform)
Key: ELY-1225 (was: JBEAP-11360)
Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1)
Component/s: Authentication Client
(was: Security)
Affects Version/s: 1.1.0.Beta50
(was: 7.1.0.DR19)
> Elytron - Write SASL mechanism implementing class into trace log
> ----------------------------------------------------------------
>
> Key: ELY-1225
> URL: https://issues.jboss.org/browse/ELY-1225
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Authentication Client
> Affects Versions: 1.1.0.Beta50
> Reporter: Jan Kalina
> Assignee: Jan Kalina
> Priority: Critical
>
> It's very hard to debug issues when a wrong SASL mechanism implementation is used (e.g. JDK provided one instead Elytron one). The class name implementing the mechanism should be logged by Elytron.
> One place to cover this could be {{org.wildfly.security.auth.client.AuthenticationConfiguration.createSaslClient()}} method, but there are probably more places to look into.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 1 month