[jboss-jira] [JBoss JIRA] (WFLY-7742) CredentialStore resource name is case sensitive but CredentialStore alias is convert to lowercase.

Hynek Švábek (JIRA) issues at jboss.org
Tue Dec 6 09:19:02 EST 2016 

     [ https://issues.jboss.org/browse/WFLY-7742?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Hynek Švábek reassigned WFLY-7742:
----------------------------------

    Assignee: Peter Skopek  (was: Darran Lofthouse)


> CredentialStore resource name is case sensitive but CredentialStore alias is convert to lowercase.
> --------------------------------------------------------------------------------------------------
>
>                 Key: WFLY-7742
>                 URL: https://issues.jboss.org/browse/WFLY-7742
>             Project: WildFly
>          Issue Type: Bug
>          Components: Security
>            Reporter: Hynek Švábek
>            Assignee: Peter Skopek
>
> CredentialStore resource name is case sensitive but CredentialStore alias is convert to lowercase.
> *How to reproduce*
> {code}
> /subsystem=elytron/credential-store=csfile001:add(uri="cr-store://test/csfile001.jceks?store.password=pass123;create.storage=true")
> {code}
> {code}
> /subsystem=elytron/credential-store=csfile001/alias=csname001:add(secret-value=secValue123456)
> {code}
> {code}
> /subsystem=elytron/credential-store=csfile001/alias=csNAME001:add(secret-value=secValue987654)
> {code}
> In csfile001.jceks you can see only "csname001" entry.
> *What is the biggest problem for me is that you have a lot of CS Alias RESOURCES which reference to ONE entry and update value in CS.*
> *NOTE*
> https://docs.oracle.com/javase/8/docs/api/java/security/KeyStore.html
> {code}
> Whether aliases are case sensitive is implementation dependent. In order to avoid problems, it is recommended not to use aliases in a KeyStore that only differ in case. 
> {code}
> *Suggestions for solution*
> * implement case sensitive (Our implementation looks ok, IMO there is another problem with it...)
> * add NOTE to documentation
> * something else



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list