February 2021 - jboss-jira - Jboss List Archives

[Red Hat JIRA] (WFWIP-376) The error message from import-secret-key on credential store should be more helpful

by Darran Lofthouse (Jira)

[ https://issues.redhat.com/browse/WFWIP-376?page=com.atlassian.jira.plugin... ] Darran Lofthouse updated WFWIP-376: ----------------------------------- Priority: Critical (was: Major) > The error message from import-secret-key on credential store should be more helpful > ----------------------------------------------------------------------------------- > > Key: WFWIP-376 > URL: https://issues.redhat.com/browse/WFWIP-376 > Project: WildFly WIP > Issue Type: Bug > Components: Security > Reporter: Ondrej Kotek > Assignee: Darran Lofthouse > Priority: Critical > > The error message from the {{import-secret-key}} operation on the {{credential store}} resourece should be more helpful when importing invalid key (truncated in this case) > {noformat} > [standalone@localhost:9990 /] /subsystem=elytron/credential-store=a:import-secret-key(alias=a2,key=RUxZA) > { > "outcome" => "failed", > "failure-description" => "COM00501: Expected padding", > "rolled-back" => true > } > {noformat} -- This message was sent by Atlassian Jira (v8.13.1#813001)

3 years, 2 months

1
0
0 / 0

[Red Hat JIRA] (WFWIP-376) The error message from import-secret-key on credential store should be more helpful

by Darran Lofthouse (Jira)

[ https://issues.redhat.com/browse/WFWIP-376?page=com.atlassian.jira.plugin... ] Darran Lofthouse commented on WFWIP-376: ---------------------------------------- Adding to my priorities as should be a simple fix to report a more meaningful error. > The error message from import-secret-key on credential store should be more helpful > ----------------------------------------------------------------------------------- > > Key: WFWIP-376 > URL: https://issues.redhat.com/browse/WFWIP-376 > Project: WildFly WIP > Issue Type: Bug > Components: Security > Reporter: Ondrej Kotek > Assignee: Darran Lofthouse > Priority: Critical > > The error message from the {{import-secret-key}} operation on the {{credential store}} resourece should be more helpful when importing invalid key (truncated in this case) > {noformat} > [standalone@localhost:9990 /] /subsystem=elytron/credential-store=a:import-secret-key(alias=a2,key=RUxZA) > { > "outcome" => "failed", > "failure-description" => "COM00501: Expected padding", > "rolled-back" => true > } > {noformat} -- This message was sent by Atlassian Jira (v8.13.1#813001)

3 years, 2 months

1
0
0 / 0

[Red Hat JIRA] (WFWIP-376) The error message from import-secret-key on credential store should be more helpful

by Ondrej Kotek (Jira)

Ondrej Kotek created WFWIP-376: ---------------------------------- Summary: The error message from import-secret-key on credential store should be more helpful Key: WFWIP-376 URL: https://issues.redhat.com/browse/WFWIP-376 Project: WildFly WIP Issue Type: Bug Components: Security Reporter: Ondrej Kotek Assignee: Darran Lofthouse The error message from the {{import-secret-key}} operation on the {{credential store}} resourece should be more helpful when importing invalid key (truncated in this case) {noformat} [standalone@localhost:9990 /] /subsystem=elytron/credential-store=a:import-secret-key(alias=a2,key=RUxZA) { "outcome" => "failed", "failure-description" => "COM00501: Expected padding", "rolled-back" => true } {noformat} -- This message was sent by Atlassian Jira (v8.13.1#813001)

3 years, 2 months

1
0
0 / 0

[Red Hat JIRA] (WFWIP-375) remove-alias on credential-store removes all entries for the given alias

by Darran Lofthouse (Jira)

[ https://issues.redhat.com/browse/WFWIP-375?page=com.atlassian.jira.plugin... ] Darran Lofthouse commented on WFWIP-375: ---------------------------------------- I think this is another one I will prioritise to avoid the loss of previously stored credentials. > remove-alias on credential-store removes all entries for the given alias > ------------------------------------------------------------------------ > > Key: WFWIP-375 > URL: https://issues.redhat.com/browse/WFWIP-375 > Project: WildFly WIP > Issue Type: Bug > Components: Security > Reporter: Ondrej Kotek > Assignee: Darran Lofthouse > Priority: Critical > > The {{remove-alias}} operation of the {{credential-store}} resource removes all entries for the given alias, not just one entry according to the given type. > {noformat} > [standalone@localhost:9990 /] /subsystem=elytron/credential-store=a:add-alias(alias=a2,secret-value=a2) > {"outcome" => "success"} > [standalone@localhost:9990 /] /subsystem=elytron/credential-store=a:remove-alias(alias=a2,entry-type=SecretKeyCredential) > { > "outcome" => "failed", > "failure-description" => "WFLYELY00920: Credential alias 'a2' of credential type 'SecretKeyCredential' does not exist in the store", > "rolled-back" => true > } > > [standalone@localhost:9990 /] /subsystem=elytron/credential-store=a:generate-secret-key(alias=a2) > {"outcome" => "success"} > [standalone@localhost:9990 /] /subsystem=elytron/credential-store=a:remove-alias(alias=a2,entry-type=SecretKeyCredential) > { > "outcome" => "success", > "response-headers" => {"warnings" => [{ > "warning" => "Update dependent resources as alias 'a2' does not exist anymore", > "level" => "WARNING", > "operation" => { > "address" => [ > ("subsystem" => "elytron"), > ("credential-store" => "a") > ], > "operation" => "remove-alias" > } > }]} > } > [standalone@localhost:9990 /] /subsystem=elytron/credential-store=a:add-alias(alias=a2,secret-value=a2) > {"outcome" => "success"} > {noformat} -- This message was sent by Atlassian Jira (v8.13.1#813001)

3 years, 2 months

1
0
0 / 0

[Red Hat JIRA] (WFWIP-375) remove-alias on credential-store removes all entries for the given alias

by Darran Lofthouse (Jira)

[ https://issues.redhat.com/browse/WFWIP-375?page=com.atlassian.jira.plugin... ] Darran Lofthouse updated WFWIP-375: ----------------------------------- Priority: Critical (was: Major) > remove-alias on credential-store removes all entries for the given alias > ------------------------------------------------------------------------ > > Key: WFWIP-375 > URL: https://issues.redhat.com/browse/WFWIP-375 > Project: WildFly WIP > Issue Type: Bug > Components: Security > Reporter: Ondrej Kotek > Assignee: Darran Lofthouse > Priority: Critical > > The {{remove-alias}} operation of the {{credential-store}} resource removes all entries for the given alias, not just one entry according to the given type. > {noformat} > [standalone@localhost:9990 /] /subsystem=elytron/credential-store=a:add-alias(alias=a2,secret-value=a2) > {"outcome" => "success"} > [standalone@localhost:9990 /] /subsystem=elytron/credential-store=a:remove-alias(alias=a2,entry-type=SecretKeyCredential) > { > "outcome" => "failed", > "failure-description" => "WFLYELY00920: Credential alias 'a2' of credential type 'SecretKeyCredential' does not exist in the store", > "rolled-back" => true > } > > [standalone@localhost:9990 /] /subsystem=elytron/credential-store=a:generate-secret-key(alias=a2) > {"outcome" => "success"} > [standalone@localhost:9990 /] /subsystem=elytron/credential-store=a:remove-alias(alias=a2,entry-type=SecretKeyCredential) > { > "outcome" => "success", > "response-headers" => {"warnings" => [{ > "warning" => "Update dependent resources as alias 'a2' does not exist anymore", > "level" => "WARNING", > "operation" => { > "address" => [ > ("subsystem" => "elytron"), > ("credential-store" => "a") > ], > "operation" => "remove-alias" > } > }]} > } > [standalone@localhost:9990 /] /subsystem=elytron/credential-store=a:add-alias(alias=a2,secret-value=a2) > {"outcome" => "success"} > {noformat} -- This message was sent by Atlassian Jira (v8.13.1#813001)

3 years, 2 months

1
0
0 / 0

[Red Hat JIRA] (WFWIP-371) NullPointerException when expression=encryption:create-expression uses resolver with invalid secret-key

by Darran Lofthouse (Jira)

[ https://issues.redhat.com/browse/WFWIP-371?page=com.atlassian.jira.plugin... ] Darran Lofthouse commented on WFWIP-371: ---------------------------------------- Going to move this one up to critical as well to prioritise, I think accurate error reporting of the new operations is going to be important. Moving into using expressions we do loose some of the referential integrity that capabilities and requirements provided but where we have a situation like this we should have something more meaningful to report. > NullPointerException when expression=encryption:create-expression uses resolver with invalid secret-key > ------------------------------------------------------------------------------------------------------- > > Key: WFWIP-371 > URL: https://issues.redhat.com/browse/WFWIP-371 > Project: WildFly WIP > Issue Type: Bug > Components: Security > Reporter: Ondrej Kotek > Assignee: Darran Lofthouse > Priority: Critical > > NullPointerException when {{/subsystem=elytron/expression=encryption:create-expression}} uses resolver with invalid secret-key (no key under the given alias). > The failure at the end is OK, but it should not be {{NullPointerException}}: > {noformat} > [standalone@localhost:9990 /] /subsystem=elytron/secret-key-credential-store=credentialstorethree:read-aliases > { > "outcome" => "success", > "result" => [ > "secretkey", > "key" > ] > } > [standalone@localhost:9990 /] /subsystem=elytron/expression=encryption:read-resource > { > "outcome" => "success", > "result" => { > "default-resolver" => "Default", > "prefix" => "ENC", > "resolvers" => [ > { > "name" => "Default", > "credential-store" => "credentialstorethree", > "secret-key" => "secretkey" > }, > { > "name" => "resolver2", > "credential-store" => "credentialstorethree", > "secret-key" => "secretkey2" > } > ] > } > } > [standalone@localhost:9990 /] /subsystem=elytron/expression=encryption:create-expression(clear-text=CredentialStoreTwoPassword) > { > "outcome" => "success", > "result" => {"expression" => "${ENC::RUxZAUMQ+LZYf7LtJiSPV4EqY4FEk3WK2V2i4ywGhTTu/3uRQirYtvphB2A8fmK6CSlUnYUd}"} > } > [standalone@localhost:9990 /] /subsystem=elytron/expression=encryption:create-expression(clear-text=CredentialStoreTwoPassword,resolver=resolver2) > { > "outcome" => "failed", > "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.NullPointerException", > "rolled-back" => true > } > {noformat} > {noformat} > 08:52:49,669 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("create-expression") failed - address: ([ > ("subsystem" => "elytron"), > ("expression" => "encryption") > ]): java.lang.NullPointerException > at org.wildfly.extension.elytron@15.0.0.Beta1-SNAPSHOT//org.wildfly.extension.elytron.expression.ElytronExpressionResolver.createExpression(ElytronExpressionResolver.java:139) > at org.wildfly.extension.elytron@15.0.0.Beta1-SNAPSHOT//org.wildfly.extension.elytron.ExpressionResolverResourceDefinition$CreateExpressionHandler.executeRuntimeStep(ExpressionResolverResourceDefinition.java:217) > at org.jboss.as.controller@15.0.0.Beta1-SNAPSHOT//org.jboss.as.controller.AbstractRuntimeOnlyHandler$1.execute(AbstractRuntimeOnlyHandler.java:59) > at org.jboss.as.controller@15.0.0.Beta1-SNAPSHOT//org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:1040) > at org.jboss.as.controller@15.0.0.Beta1-SNAPSHOT//org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:779) > at org.jboss.as.controller@15.0.0.Beta1-SNAPSHOT//org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:468) > at org.jboss.as.controller@15.0.0.Beta1-SNAPSHOT//org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1415) > at org.jboss.as.controller@15.0.0.Beta1-SNAPSHOT//org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:431) > at org.jboss.as.controller@15.0.0.Beta1-SNAPSHOT//org.jboss.as.controller.ModelControllerImpl.lambda$execute$1(ModelControllerImpl.java:248) > at org.wildfly.security.elytron-private@1.14.3.CR1-SNAPSHOT//org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:304) > at org.wildfly.security.elytron-private@1.14.3.CR1-SNAPSHOT//org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:270) > at org.jboss.as.controller@15.0.0.Beta1-SNAPSHOT//org.jboss.as.controller.ModelControllerImpl.execute(ModelControllerImpl.java:248) > at org.jboss.as.controller@15.0.0.Beta1-SNAPSHOT//org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.doExecute(ModelControllerClientOperationHandler.java:240) > at org.jboss.as.controller@15.0.0.Beta1-SNAPSHOT//org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.access$400(ModelControllerClientOperationHandler.java:138) > at org.jboss.as.controller@15.0.0.Beta1-SNAPSHOT//org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:162) > at org.jboss.as.controller@15.0.0.Beta1-SNAPSHOT//org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:158) > at org.wildfly.security.elytron-private@1.14.3.CR1-SNAPSHOT//org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:328) > at org.wildfly.security.elytron-private@1.14.3.CR1-SNAPSHOT//org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:285) > at org.jboss.as.controller@15.0.0.Beta1-SNAPSHOT//org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:254) > at org.jboss.as.controller@15.0.0.Beta1-SNAPSHOT//org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:225) > at org.jboss.as.controller@15.0.0.Beta1-SNAPSHOT//org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1.execute(ModelControllerClientOperationHandler.java:158) > at org.jboss.as.protocol@15.0.0.Beta1-SNAPSHOT//org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$1.doExecute(ManagementRequestContextImpl.java:70) > at org.jboss.as.protocol@15.0.0.Beta1-SNAPSHOT//org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$AsyncTaskRunner.run(ManagementRequestContextImpl.java:160) > at org.jboss.threads@2.4.0.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990) > at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) > at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377) > at java.base/java.lang.Thread.run(Thread.java:834) > at org.jboss.threads@2.4.0.Final//org.jboss.threads.JBossThread.run(JBossThread.java:513) > {noformat} -- This message was sent by Atlassian Jira (v8.13.1#813001)

3 years, 2 months

1
0
0 / 0

[Red Hat JIRA] (WFWIP-375) remove-alias on credential-store removes all entries for the given alias

by Ondrej Kotek (Jira)

Ondrej Kotek created WFWIP-375: ---------------------------------- Summary: remove-alias on credential-store removes all entries for the given alias Key: WFWIP-375 URL: https://issues.redhat.com/browse/WFWIP-375 Project: WildFly WIP Issue Type: Bug Components: Security Reporter: Ondrej Kotek Assignee: Darran Lofthouse The {{remove-alias}} operation of the {{credential-store}} resource removes all entries for the given alias, not just one entry according to the given type. {noformat} [standalone@localhost:9990 /] /subsystem=elytron/credential-store=a:add-alias(alias=a2,secret-value=a2) {"outcome" => "success"} [standalone@localhost:9990 /] /subsystem=elytron/credential-store=a:remove-alias(alias=a2,entry-type=SecretKeyCredential) { "outcome" => "failed", "failure-description" => "WFLYELY00920: Credential alias 'a2' of credential type 'SecretKeyCredential' does not exist in the store", "rolled-back" => true } [standalone@localhost:9990 /] /subsystem=elytron/credential-store=a:generate-secret-key(alias=a2) {"outcome" => "success"} [standalone@localhost:9990 /] /subsystem=elytron/credential-store=a:remove-alias(alias=a2,entry-type=SecretKeyCredential) { "outcome" => "success", "response-headers" => {"warnings" => [{ "warning" => "Update dependent resources as alias 'a2' does not exist anymore", "level" => "WARNING", "operation" => { "address" => [ ("subsystem" => "elytron"), ("credential-store" => "a") ], "operation" => "remove-alias" } }]} } [standalone@localhost:9990 /] /subsystem=elytron/credential-store=a:add-alias(alias=a2,secret-value=a2) {"outcome" => "success"} {noformat} -- This message was sent by Atlassian Jira (v8.13.1#813001)

3 years, 2 months

1
0
0 / 0

[Red Hat JIRA] (WFWIP-374) credential-store overwrites existing aliases when generating or importing keys

by Darran Lofthouse (Jira)

[ https://issues.redhat.com/browse/WFWIP-374?page=com.atlassian.jira.plugin... ] Darran Lofthouse commented on WFWIP-374: ---------------------------------------- I am going to promote this to critical for now, I think we can follow up next week with the fix but we should add the protection against accidental writes as accidentally deleting a secret key makes previously encrypted expressions unusable as there is no alternative to recover them. This is also something we should make sure we cover in all documentation the importance of backing up any created secret key securely as on loss of the secret key the only option will be to regenerate all expressions. > credential-store overwrites existing aliases when generating or importing keys > ------------------------------------------------------------------------------ > > Key: WFWIP-374 > URL: https://issues.redhat.com/browse/WFWIP-374 > Project: WildFly WIP > Issue Type: Bug > Components: Security > Reporter: Ondrej Kotek > Assignee: Darran Lofthouse > Priority: Critical > > The Elytron {{credential-store}} resource overwrites existing aliases when generating or importing keys, this is not consistent with the behaviour of the {{add-alias}} operation. > {noformat} > [standalone@localhost:9990 /] /subsystem=elytron/credential-store=a:generate-secret-key(alias=a1) > {"outcome" => "success"} > [standalone@localhost:9990 /] /subsystem=elytron/credential-store=a:read-aliases > { > "outcome" => "success", > "result" => ["a1"] > } > [standalone@localhost:9990 /] /subsystem=elytron/credential-store=a:generate-secret-key(alias=a1) > {"outcome" => "success"} > ------------------------- > [standalone@localhost:9990 /] /subsystem=elytron/credential-store=a:export-secret-key(alias=a2) > { > "outcome" => "success", > "result" => {"key" => "RUxZAUuJqp+mNwIEDMrUz0iK6dyG"} > } > [standalone@localhost:9990 /] /subsystem=elytron/credential-store=a:import-secret-key(alias=a2,key=RUxZAUuJqp+mNwIEDMrUz0iK6dyG) > {"outcome" => "success"} > ------------------------- > [standalone@localhost:9990 /] /subsystem=elytron/credential-store=a:add-alias(alias=a2,secret-value=a2) > {"outcome" => "success"} > [standalone@localhost:9990 /] /subsystem=elytron/credential-store=a:add-alias(alias=a2,secret-value=a2) > { > "outcome" => "failed", > "failure-description" => "WFLYELY00913: Credential alias 'a2' of credential type 'org.wildfly.security.credential.PasswordCredential' already exists in the store", > "rolled-back" => true > } > {noformat} -- This message was sent by Atlassian Jira (v8.13.1#813001)

3 years, 2 months

1
0
0 / 0

[Red Hat JIRA] (WFWIP-371) NullPointerException when expression=encryption:create-expression uses resolver with invalid secret-key

by Darran Lofthouse (Jira)

[ https://issues.redhat.com/browse/WFWIP-371?page=com.atlassian.jira.plugin... ] Darran Lofthouse updated WFWIP-371: ----------------------------------- Priority: Critical (was: Major) > NullPointerException when expression=encryption:create-expression uses resolver with invalid secret-key > ------------------------------------------------------------------------------------------------------- > > Key: WFWIP-371 > URL: https://issues.redhat.com/browse/WFWIP-371 > Project: WildFly WIP > Issue Type: Bug > Components: Security > Reporter: Ondrej Kotek > Assignee: Darran Lofthouse > Priority: Critical > > NullPointerException when {{/subsystem=elytron/expression=encryption:create-expression}} uses resolver with invalid secret-key (no key under the given alias). > The failure at the end is OK, but it should not be {{NullPointerException}}: > {noformat} > [standalone@localhost:9990 /] /subsystem=elytron/secret-key-credential-store=credentialstorethree:read-aliases > { > "outcome" => "success", > "result" => [ > "secretkey", > "key" > ] > } > [standalone@localhost:9990 /] /subsystem=elytron/expression=encryption:read-resource > { > "outcome" => "success", > "result" => { > "default-resolver" => "Default", > "prefix" => "ENC", > "resolvers" => [ > { > "name" => "Default", > "credential-store" => "credentialstorethree", > "secret-key" => "secretkey" > }, > { > "name" => "resolver2", > "credential-store" => "credentialstorethree", > "secret-key" => "secretkey2" > } > ] > } > } > [standalone@localhost:9990 /] /subsystem=elytron/expression=encryption:create-expression(clear-text=CredentialStoreTwoPassword) > { > "outcome" => "success", > "result" => {"expression" => "${ENC::RUxZAUMQ+LZYf7LtJiSPV4EqY4FEk3WK2V2i4ywGhTTu/3uRQirYtvphB2A8fmK6CSlUnYUd}"} > } > [standalone@localhost:9990 /] /subsystem=elytron/expression=encryption:create-expression(clear-text=CredentialStoreTwoPassword,resolver=resolver2) > { > "outcome" => "failed", > "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.NullPointerException", > "rolled-back" => true > } > {noformat} > {noformat} > 08:52:49,669 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("create-expression") failed - address: ([ > ("subsystem" => "elytron"), > ("expression" => "encryption") > ]): java.lang.NullPointerException > at org.wildfly.extension.elytron@15.0.0.Beta1-SNAPSHOT//org.wildfly.extension.elytron.expression.ElytronExpressionResolver.createExpression(ElytronExpressionResolver.java:139) > at org.wildfly.extension.elytron@15.0.0.Beta1-SNAPSHOT//org.wildfly.extension.elytron.ExpressionResolverResourceDefinition$CreateExpressionHandler.executeRuntimeStep(ExpressionResolverResourceDefinition.java:217) > at org.jboss.as.controller@15.0.0.Beta1-SNAPSHOT//org.jboss.as.controller.AbstractRuntimeOnlyHandler$1.execute(AbstractRuntimeOnlyHandler.java:59) > at org.jboss.as.controller@15.0.0.Beta1-SNAPSHOT//org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:1040) > at org.jboss.as.controller@15.0.0.Beta1-SNAPSHOT//org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:779) > at org.jboss.as.controller@15.0.0.Beta1-SNAPSHOT//org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:468) > at org.jboss.as.controller@15.0.0.Beta1-SNAPSHOT//org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1415) > at org.jboss.as.controller@15.0.0.Beta1-SNAPSHOT//org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:431) > at org.jboss.as.controller@15.0.0.Beta1-SNAPSHOT//org.jboss.as.controller.ModelControllerImpl.lambda$execute$1(ModelControllerImpl.java:248) > at org.wildfly.security.elytron-private@1.14.3.CR1-SNAPSHOT//org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:304) > at org.wildfly.security.elytron-private@1.14.3.CR1-SNAPSHOT//org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:270) > at org.jboss.as.controller@15.0.0.Beta1-SNAPSHOT//org.jboss.as.controller.ModelControllerImpl.execute(ModelControllerImpl.java:248) > at org.jboss.as.controller@15.0.0.Beta1-SNAPSHOT//org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.doExecute(ModelControllerClientOperationHandler.java:240) > at org.jboss.as.controller@15.0.0.Beta1-SNAPSHOT//org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.access$400(ModelControllerClientOperationHandler.java:138) > at org.jboss.as.controller@15.0.0.Beta1-SNAPSHOT//org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:162) > at org.jboss.as.controller@15.0.0.Beta1-SNAPSHOT//org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:158) > at org.wildfly.security.elytron-private@1.14.3.CR1-SNAPSHOT//org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:328) > at org.wildfly.security.elytron-private@1.14.3.CR1-SNAPSHOT//org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:285) > at org.jboss.as.controller@15.0.0.Beta1-SNAPSHOT//org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:254) > at org.jboss.as.controller@15.0.0.Beta1-SNAPSHOT//org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:225) > at org.jboss.as.controller@15.0.0.Beta1-SNAPSHOT//org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1.execute(ModelControllerClientOperationHandler.java:158) > at org.jboss.as.protocol@15.0.0.Beta1-SNAPSHOT//org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$1.doExecute(ManagementRequestContextImpl.java:70) > at org.jboss.as.protocol@15.0.0.Beta1-SNAPSHOT//org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$AsyncTaskRunner.run(ManagementRequestContextImpl.java:160) > at org.jboss.threads@2.4.0.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990) > at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) > at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377) > at java.base/java.lang.Thread.run(Thread.java:834) > at org.jboss.threads@2.4.0.Final//org.jboss.threads.JBossThread.run(JBossThread.java:513) > {noformat} -- This message was sent by Atlassian Jira (v8.13.1#813001)

3 years, 2 months

1
0
0 / 0

[Red Hat JIRA] (WFWIP-374) credential-store overwrites existing aliases when generating or importing keys

by Darran Lofthouse (Jira)

[ https://issues.redhat.com/browse/WFWIP-374?page=com.atlassian.jira.plugin... ] Darran Lofthouse updated WFWIP-374: ----------------------------------- Priority: Critical (was: Major) > credential-store overwrites existing aliases when generating or importing keys > ------------------------------------------------------------------------------ > > Key: WFWIP-374 > URL: https://issues.redhat.com/browse/WFWIP-374 > Project: WildFly WIP > Issue Type: Bug > Components: Security > Reporter: Ondrej Kotek > Assignee: Darran Lofthouse > Priority: Critical > > The Elytron {{credential-store}} resource overwrites existing aliases when generating or importing keys, this is not consistent with the behaviour of the {{add-alias}} operation. > {noformat} > [standalone@localhost:9990 /] /subsystem=elytron/credential-store=a:generate-secret-key(alias=a1) > {"outcome" => "success"} > [standalone@localhost:9990 /] /subsystem=elytron/credential-store=a:read-aliases > { > "outcome" => "success", > "result" => ["a1"] > } > [standalone@localhost:9990 /] /subsystem=elytron/credential-store=a:generate-secret-key(alias=a1) > {"outcome" => "success"} > ------------------------- > [standalone@localhost:9990 /] /subsystem=elytron/credential-store=a:export-secret-key(alias=a2) > { > "outcome" => "success", > "result" => {"key" => "RUxZAUuJqp+mNwIEDMrUz0iK6dyG"} > } > [standalone@localhost:9990 /] /subsystem=elytron/credential-store=a:import-secret-key(alias=a2,key=RUxZAUuJqp+mNwIEDMrUz0iK6dyG) > {"outcome" => "success"} > ------------------------- > [standalone@localhost:9990 /] /subsystem=elytron/credential-store=a:add-alias(alias=a2,secret-value=a2) > {"outcome" => "success"} > [standalone@localhost:9990 /] /subsystem=elytron/credential-store=a:add-alias(alias=a2,secret-value=a2) > { > "outcome" => "failed", > "failure-description" => "WFLYELY00913: Credential alias 'a2' of credential type 'org.wildfly.security.credential.PasswordCredential' already exists in the store", > "rolled-back" => true > } > {noformat} -- This message was sent by Atlassian Jira (v8.13.1#813001)

3 years, 2 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira February 2021