[jboss-jira] [JBoss JIRA] (SECURITY-710) Vault : if the storepass is not equal to the keypass, the exception "PB00019: Processing Failed:Unable to get Keystore" is raised

[guillaume cornet (JIRA)]

guillaume cornet created SECURITY-710:
-----------------------------------------

             Summary: Vault : if the storepass is not equal to the keypass, the exception "PB00019: Processing Failed:Unable to get Keystore" is raised
                 Key: SECURITY-710
                 URL: https://issues.jboss.org/browse/SECURITY-710
             Project: PicketBox 
          Issue Type: Bug
      Security Level: Public (Everyone can see)
            Reporter: guillaume cornet
            Assignee: Anil Saldhana


vault.sh terminates on error "Exception encountered:PB00019: Processing Failed:Unable to get Keystore:" when the storepass and the keypass are differents.


I beleive this behavior is caused by a bug in the method org.picketbox.plugins.vault.PicketBoxSecurityVault.init(Map<String, Object> options).
 

I'm using picketbox 4.0.9, which contains the following code :
 

package org.picketbox.plugins.vault;
...
class PicketBoxSecurityVault  ... {
   ...
   public void init(Map<String, Object> options) throws SecurityVaultException
   {
        ...
         keystore = KeyStoreUtil.getKeyStore(keystoreURL, keystorePass.toCharArray());
         keypair = KeyStoreUtil.getPrivateKey(keystore, alias, keystorePass.toCharArray());
        ...
   }
...

 
As you can see, this code loads the store (e.g. 'getKeyStore()') and the key (e.g. 'getPrivateKey()') with the same password (e.g. 'keystorePass') ...


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira