August 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-1189) Create better way of masking passwords using modern PBE algorithm

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1189?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse reassigned ELY-1189: ------------------------------------- Assignee: (was: Peter Skopek) > Create better way of masking passwords using modern PBE algorithm > ----------------------------------------------------------------- > > Key: ELY-1189 > URL: https://issues.jboss.org/browse/ELY-1189 > Project: WildFly Elytron > Issue Type: Task > Components: Credential Store > Reporter: Peter Skopek > > Create better way of masking passwords using modern PBE algorithm. > This bug contains discussion from PR: https://github.com/wildfly-security/wildfly-elytron/pull/619 > To have this documented and PR closed. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-951) Event handling queues

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-951?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse reassigned ELY-951: ------------------------------------ Assignee: (was: Darran Lofthouse) > Event handling queues > --------------------- > > Key: ELY-951 > URL: https://issues.jboss.org/browse/ELY-951 > Project: WildFly Elytron > Issue Type: Task > Components: Audit > Reporter: Darran Lofthouse > Fix For: 2.0.0.Alpha1 > > > Currently audit events are handled synchronously which may be desirable to ensure events are logged. > However this does risk performance so queuing of events may also be desirable. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-1170) The TrustManagerFactory should use a Provider from the defined Supplier<Provider[]>

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1170?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse reassigned ELY-1170: ------------------------------------- Assignee: (was: Darran Lofthouse) > The TrustManagerFactory should use a Provider from the defined Supplier<Provider[]> > ----------------------------------------------------------------------------------- > > Key: ELY-1170 > URL: https://issues.jboss.org/browse/ELY-1170 > Project: WildFly Elytron > Issue Type: Task > Components: Authentication Client > Reporter: Darran Lofthouse > Priority: Critical > Fix For: 1.2.0.Beta1 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-154) Session based DigestCredential support

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-154?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse reassigned ELY-154: ------------------------------------ Assignee: (was: Darran Lofthouse) > Session based DigestCredential support > -------------------------------------- > > Key: ELY-154 > URL: https://issues.jboss.org/browse/ELY-154 > Project: WildFly Elytron > Issue Type: Sub-task > Components: Passwords > Reporter: Darran Lofthouse > Fix For: 1.2.0.Beta1 > > > DigestCredential but where additional information is included such as nonce and cnonce to create a credential applicable to a session. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-718) Problems with creating CredentialStore from scratch when directory path doesn't exist.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-718?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse reassigned ELY-718: ------------------------------------ Assignee: (was: Peter Skopek) > Problems with creating CredentialStore from scratch when directory path doesn't exist. > -------------------------------------------------------------------------------------- > > Key: ELY-718 > URL: https://issues.jboss.org/browse/ELY-718 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Hynek Švábek > Priority: Critical > > There are problems with creating CredentialStore from scratch when directory path doesn't exist. > *How to reproduce* > * /subsystem=elytron/credential-store=cs007:add(uri="cr-store://test/folderNotExist/keystorecs007.jceks?store.password=pass123;create.storage=true") > * /subsystem=elytron/credential-store=cs007/alias=newCs007:add(secret-value=Elytron) > *You can see this error message* > {code} > { > "outcome" => "failed", > "failure-description" => "WFLYELY00009: Unable to complete operation. 'ELY09504: Cannot write storage file '/home/hsvabek/securityworkspace/AAA_prezentace/jboss-eap-7.1.0.DR7/standalone/data/folderNotExist/keystorecs007.jceks' for the store 'cs007''", > "rolled-back" => true > } > {code} > When you execute repeatedly last command /subsystem=elytron/credential-store=cs007/alias=newCs007:add(secret-value=Elytron) > you get information about duplicate resource. It's mean the entry is in Credential Store (in memory) but not in file... > {code} > { > "outcome" => "failed", > "failure-description" => "WFLYCTL0212: Duplicate resource [ > (\"subsystem\" => \"elytron\"), > (\"credential-store\" => \"cs123\"), > (\"alias\" => \"newCs007\") > ]", > "rolled-back" => true > } > {code} > *My suggestion solutions of this two problems:* > * try to create directory path > * when fails creating of CredentialStore file then we remove entry from memory too. It can be confusing have entry only in memory. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-54) Support for stronger hashes as alternatives to MD5

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-54?page=com.atlassian.jira.plugin.sys... ] Darran Lofthouse reassigned ELY-54: ----------------------------------- Assignee: (was: Darran Lofthouse) > Support for stronger hashes as alternatives to MD5 > -------------------------------------------------- > > Key: ELY-54 > URL: https://issues.jboss.org/browse/ELY-54 > Project: WildFly Elytron > Issue Type: Feature Request > Reporter: Darran Lofthouse > Fix For: 1.2.0.Beta1 > > > Presently Digest authentication is based on MD5 - however we should either update the mechanism or add new mechanisms to support the use of stronger hashes. > As this library is used both client and server side installations that require the stronger hashes can just ensure the client and server have the latest version of this library - installations that still require interaction with MD5 will need to ensure that it is still available as a mechanism. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-1031) Make the CredentialStore class final

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1031?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse reassigned ELY-1031: ------------------------------------- Assignee: (was: Peter Skopek) > Make the CredentialStore class final > ------------------------------------ > > Key: ELY-1031 > URL: https://issues.jboss.org/browse/ELY-1031 > Project: WildFly Elytron > Issue Type: Enhancement > Components: Credential Store > Reporter: Darran Lofthouse > Priority: Critical > Fix For: 1.2.0.Beta1 > > > Unless there is a reason this has not already be done the class should probably be made final to be sure extension is not possible. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-1295) KeyStoreCredentialStoreTest fails on IBM JDK

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1295?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse reassigned ELY-1295: ------------------------------------- Assignee: (was: Darran Lofthouse) > KeyStoreCredentialStoreTest fails on IBM JDK > -------------------------------------------- > > Key: ELY-1295 > URL: https://issues.jboss.org/browse/ELY-1295 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Peter Palaga > > {code} > export JAVA_HOME=path/to/ibm/java8 > > $JAVA_HOME/bin/java -version > java version "1.8.0" > Java(TM) SE Runtime Environment (build pxa6480sr3fp12-20160919_01(SR3 FP12)) > IBM J9 VM (build 2.8, JRE 1.8.0 Linux amd64-64 Compressed References 20160915_318796 (JIT enabled, AOT enabled) > J9VM - R28_Java8_SR3_20160915_0912_B318796 > JIT - tr.r14.java.green_20160818_122998 > GC - R28_Java8_SR3_20160915_0912_B318796_CMPRSS > J9CL - 20160915_318796) > JCL - 20160914_01 based on Oracle jdk8u101-b13 > > mvn clean test -Dtest=KeyStoreCredentialStoreTest > {code} > Expected: KeyStoreCredentialStoreTest should pass > Actual: First, the "hack to make JCE believe that it has verified the signature of the WildFlyElytronProvider JAR" [1] throws > {code} > java.lang.ClassNotFoundException: javax.crypto.JceSecurity > at java.lang.Class.forNameImpl(Native Method) > at java.lang.Class.forName(Class.java:278) > at org.wildfly.security.credential.store.impl.KeyStoreCredentialStoreTest.installWildFlyElytronProvider(KeyStoreCredentialStoreTest.java:89) > ... > {code} > because {{javax.crypto.JceSecurity}} does not exist in IBM JRE. > It looks like the hack is actually not necessary anymore, because {{KeyStoreCredentialStoreTest}} is passing also without the hack on both Oracle JDK and OpenJDK. > But once the hack is removed, on IBM JDK, {{shouldSupportKeyStoreFormat}} passes with format=JCEKS but fails with format=PKCS12 throwing the following exeception: > {code} > org.wildfly.security.credential.store.CredentialStoreException: ELY09504: Cannot acquire a credential from the credential store > at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:464) > at org.wildfly.security.credential.store.impl.KeyStoreCredentialStoreTest.shouldSupportKeyStoreFormat(KeyStoreCredentialStoreTest.java:137) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at java.lang.reflect.Method.invoke(Method.java:508) > at org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:367) > at org.apache.maven.surefire.junit4.JUnit4Provider.executeWithRerun(JUnit4Provider.java:274) > at org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:238) > at org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:161) > at org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:290) > at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:242) > at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:121) > Caused by: java.security.UnrecoverableKeyException: Get Key failed: 1.2.840.113549.1.7.1 SecretKeyFactory not available > at java.security.KeyStore.getEntry(KeyStore.java:1532) > at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:462) > ... 10 more > Caused by: java.security.NoSuchAlgorithmException: 1.2.840.113549.1.7.1 SecretKeyFactory not available > ... 12 more > {code} > [1] https://github.com/wildfly-security/wildfly-elytron/pull/661/commits/7296... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-1332) NSS tools based PKCS11 provider defined in Elytron doesn't survive server reload

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1332?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse reassigned ELY-1332: ------------------------------------- Assignee: (was: Darran Lofthouse) > NSS tools based PKCS11 provider defined in Elytron doesn't survive server reload > -------------------------------------------------------------------------------- > > Key: ELY-1332 > URL: https://issues.jboss.org/browse/ELY-1332 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Josef Cacek > Priority: Blocker > > When a SunPKCS11 provider is defined in Elytron subsystem on the top of NSS keystore (e.g. a FIPS one), then the server reload fails with "ProviderException: Secmod module already configured". > The server.log contains: > {noformat} > 08:12:56,073 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-3) MSC000001: Failed to start service org.wildfly.security.providers.nss: org.jboss.msc.service.StartException in service org.wildfly.security.providers.nss: java.lang.reflect.InvocationTargetException > at org.wildfly.extension.elytron.ProviderDefinitions$1$1.get(ProviderDefinitions.java:224) > at org.wildfly.extension.elytron.ProviderDefinitions$1$1.get(ProviderDefinitions.java:160) > at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:748) > Caused by: java.lang.reflect.InvocationTargetException > at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) > at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) > at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) > at java.lang.reflect.Constructor.newInstance(Constructor.java:423) > at org.wildfly.extension.elytron.ProviderDefinitions$1$1.get(ProviderDefinitions.java:190) > ... 7 more > Caused by: java.security.ProviderException: Secmod module already configured > at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:276) > at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:107) > ... 12 more > .. > 08:12:56,140 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([ > ("subsystem" => "elytron"), > ("provider-loader" => "nss") > ]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.providers.nss" => "java.lang.reflect.InvocationTargetException > Caused by: java.lang.reflect.InvocationTargetException > Caused by: java.security.ProviderException: Secmod module already configured"}} > {noformat} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-1279) principal-query attribute of jdbc-realm is required but description says false

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1279?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse reassigned ELY-1279: ------------------------------------- Assignee: (was: Darran Lofthouse) > principal-query attribute of jdbc-realm is required but description says false > ------------------------------------------------------------------------------ > > Key: ELY-1279 > URL: https://issues.jboss.org/browse/ELY-1279 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Claudio Miranda > > jdbc-realm description, for principal-query attribute says it is required=false, nillable=true, but that is false, because a jdbc-realm cannot be added without a principal-query. > {code} > /profile=full/subsystem=elytron/jdbc-realm=*:read-resource-description > { > "outcome" => "success", > "result" => [{ > "address" => [ > ("profile" => "full"), > ("subsystem" => "elytron"), > ("jdbc-realm" => "*") > ], > "outcome" => "success", > "result" => { > "description" => "A security realm definition backed by database using JDBC.", > "capabilities" => [{ > "name" => "org.wildfly.security.security-realm", > "dynamic" => true > }], > "access-constraints" => { > "sensitive" => {"elytron-security" => {"type" => "elytron"}}, > "application" => {"elytron-security" => {"type" => "elytron"}} > }, > "attributes" => {"principal-query" => { > "type" => LIST, > "description" => "The authentication query used to authenticate users based on specific key types.", > "expressions-allowed" => false, > "required" => false, > "nillable" => true, > "value-type" => { > {code} > The add operation with no principal-query > {code} > /profile=full/subsystem=elytron/jdbc-realm=jdbc2:add > { > "outcome" => "failed", > "failure-description" => {"domain-failure-description" => "WFLYCTL0155: 'principal-query' may not be null"}, > "rolled-back" => true > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira August 2017