[jboss-jira] [JBoss JIRA] (WFLY-5226) [Migration operation] [Web to Undertow] Web subsystem attribute "password" should be migrated as "keystore-password" for both

[Radim Hatlapatka (JIRA)]

     [ https://issues.jboss.org/browse/WFLY-5226?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Radim Hatlapatka closed WFLY-5226.
----------------------------------
    Resolution: Rejected


This is my bad and misunderstanding of documentation. It is meant as Password for both keystore and key. The code is actually ok. 

Per discussion with colleague taking care of security, the public certificates are permitted to be read even from keystore with password without need to provide password (This is true at least for JKS). Thereby I've got confused as I didn't have set {{ca-certificate-password}} and still being able to read the certificates from the truststore.

> [Migration operation] [Web to Undertow] Web subsystem attribute "password" should be migrated as "keystore-password" for both 
> ------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: WFLY-5226
>                 URL: https://issues.jboss.org/browse/WFLY-5226
>             Project: WildFly
>          Issue Type: Bug
>          Components: Web (Undertow)
>    Affects Versions: 10.0.0.Beta2
>            Reporter: Radim Hatlapatka
>            Assignee: Stuart Douglas
>            Priority: Blocker
>
> When calling migrate on web with defined https connector as 
> {code:xml}
>   <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
>         <ssl key-alias="javaserver" password="tomcat" certificate-key-file="${jboss.server.config.dir}/server-cert-key-rsa.jks"
>         certificate-file="${jboss.server.config.dir}/server-cert-key-rsa.jks"
>         ca-certificate-file="${jboss.server.config.dir}/ca-cert.jks"
>         keystore-type="JKS" truststore-type="JKS"/>
> {code}
> it fails on migrating Web subystem ssl config password attribute to keystore-password in security realms, see
> {noformat}
> "migration-error" => {"operation" => {"operation" => "add","address" => [("core-service" => "management"),("security-realm" => "jbossweb-migration-security-realm1"),("authentication" => "truststore")],"keystore-path" => expression "${jboss.server.config.dir}/ca-cert.jks","keystore-password" => undefined,"keystore-provider" => "JKS","operation-headers" => {"caller-type" => "user","access-mechanism" => "NATIVE"}},"result" => {"outcome" => "failed","failure-description" => "WFLYCTL0155: keystore-password may not be null","rolled-back" => true}}},"failure-description" => "WFLYWEB0005: Migration failed, see results for more details.","rolled-back" => true}
> {noformat}
> Marking as blocker as this operation fails for migrating of critical part of Web subsystem configuration as is HTTPS ssl configuration.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)