[
https://issues.jboss.org/browse/ELY-783?page=com.atlassian.jira.plugin.sy...
]
Yeray Borges commented on ELY-783:
----------------------------------
[~dlofthouse] KeyStore java doc states the following regarding aliases in a key store:
"Whether aliases are case sensitive is implementation dependent. In order to avoid
problems, it is recommended not to use aliases in a KeyStore that only differ in
case."
At the current moment writing this, Elytron subsystem doesn't allow alias creation
using CLI, so, What's the plan here? is Elytron going to allow aliases creation as
case sensitive?, if yes, maybe we shouldn't do anything here apart from the
documentation.
I don't know exactly what was the intention using alias-filter, should we avoid case
sensitive in alias filter or shouldn't?
alias-filter from Elytron key-store does not work for non-lower-case
alias with JKS
-----------------------------------------------------------------------------------
Key: ELY-783
URL:
https://issues.jboss.org/browse/ELY-783
Project: WildFly Elytron
Issue Type: Bug
Affects Versions: 1.1.0.Beta13
Reporter: Ondrej Lukas
Assignee: Yeray Borges
In case when {{alias-filter}} attribute from Elytron {{key-store}} references
non-lower-case alias (e.g. elytronAppServer) then SSL is not working. In case when this
alias is set to lower-case in alias-filter (e.g. elytronappserver), then SSL works
correctly.
It seems JKS always transforms aliases to lower-case (even if they are created with some
upper-case characters). However legacy security solution was able to use alias filter with
non-lower-case characters to assign key from JKS keystore (probably through some internal
{{.toLowerCase()}}).
In case it is intended to do not use alias-filter with some upper-case for JKS then this
issue can be changed to documentation issue. This is different behavior than was provided
by legacy solution.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)