[jboss-jira] [JBoss JIRA] (WFLY-7742) CredentialStore resource name is case sensitive but CredentialStore alias is convert to lowercase.
Hynek Švábek (JIRA)
issues at jboss.org
Tue Dec 6 10:11:01 EST 2016
[ https://issues.jboss.org/browse/WFLY-7742?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Hynek Švábek updated WFLY-7742:
-------------------------------
Description:
CredentialStore resource name is case sensitive but CredentialStore alias is convert to lowercase.
*How to reproduce*
{code}
/subsystem=elytron/credential-store=csfile001:add(uri="cr-store://test/csfile001.jceks?store.password=pass123;create.storage=true")
{code}
{code}
/subsystem=elytron/credential-store=csfile001/alias=csname001:add(secret-value=secValue123456)
{code}
{code}
/subsystem=elytron/credential-store=csfile001/alias=csNAME001:add(secret-value=secValue987654)
{code}
In csfile001.jceks you can see only "csname001" entry.
*There is biggest problem that in memory are right case sensitive aliases and you can load them. But in backed CS file is only last one in lowercase.*
{code}
/subsystem=elytron/credential-store=csfile001/alias=csFF:add(secret-value=Elytron)
{code}
{code}
/subsystem=elytron/credential-store=csfile001/alias=csff:add(secret-value=ElytronWrong)
{code}
And now you can use both (csFF and csff) as CredStoreRef alias
e.g.
{code}
/subsystem=elytron/key-store=fireflyKS001:add(path=firefly.keystore,relative-to=jboss.server.data.dir,type=JKS,credential-reference= {store=csfile001,alias=csFF})
{code}
Another big problem for me is that you have a lot of CS Alias RESOURCES which reference to ONE entry and update value in CS.
*NOTE*
https://docs.oracle.com/javase/8/docs/api/java/security/KeyStore.html
{code}
Whether aliases are case sensitive is implementation dependent. In order to avoid problems, it is recommended not to use aliases in a KeyStore that only differ in case.
{code}
*Suggestions for solution*
* We must unite case (in)sensitive between CS keystore file and CS in memory
* implement case sensitive (Our implementation looks ok, IMO there is another problem with it...)
* something else
was:
CredentialStore resource name is case sensitive but CredentialStore alias is convert to lowercase.
*How to reproduce*
{code}
/subsystem=elytron/credential-store=csfile001:add(uri="cr-store://test/csfile001.jceks?store.password=pass123;create.storage=true")
{code}
{code}
/subsystem=elytron/credential-store=csfile001/alias=csname001:add(secret-value=secValue123456)
{code}
{code}
/subsystem=elytron/credential-store=csfile001/alias=csNAME001:add(secret-value=secValue987654)
{code}
In csfile001.jceks you can see only "csname001" entry.
*What is the biggest problem for me is that you have a lot of CS Alias RESOURCES which reference to ONE entry and update value in CS.*
*NOTE*
https://docs.oracle.com/javase/8/docs/api/java/security/KeyStore.html
{code}
Whether aliases are case sensitive is implementation dependent. In order to avoid problems, it is recommended not to use aliases in a KeyStore that only differ in case.
{code}
*Suggestions for solution*
* implement case sensitive (Our implementation looks ok, IMO there is another problem with it...)
* add NOTE to documentation
* something else
> CredentialStore resource name is case sensitive but CredentialStore alias is convert to lowercase.
> --------------------------------------------------------------------------------------------------
>
> Key: WFLY-7742
> URL: https://issues.jboss.org/browse/WFLY-7742
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Reporter: Hynek Švábek
> Assignee: Peter Skopek
>
> CredentialStore resource name is case sensitive but CredentialStore alias is convert to lowercase.
> *How to reproduce*
> {code}
> /subsystem=elytron/credential-store=csfile001:add(uri="cr-store://test/csfile001.jceks?store.password=pass123;create.storage=true")
> {code}
> {code}
> /subsystem=elytron/credential-store=csfile001/alias=csname001:add(secret-value=secValue123456)
> {code}
> {code}
> /subsystem=elytron/credential-store=csfile001/alias=csNAME001:add(secret-value=secValue987654)
> {code}
> In csfile001.jceks you can see only "csname001" entry.
> *There is biggest problem that in memory are right case sensitive aliases and you can load them. But in backed CS file is only last one in lowercase.*
> {code}
> /subsystem=elytron/credential-store=csfile001/alias=csFF:add(secret-value=Elytron)
> {code}
> {code}
> /subsystem=elytron/credential-store=csfile001/alias=csff:add(secret-value=ElytronWrong)
> {code}
> And now you can use both (csFF and csff) as CredStoreRef alias
> e.g.
> {code}
> /subsystem=elytron/key-store=fireflyKS001:add(path=firefly.keystore,relative-to=jboss.server.data.dir,type=JKS,credential-reference= {store=csfile001,alias=csFF})
> {code}
> Another big problem for me is that you have a lot of CS Alias RESOURCES which reference to ONE entry and update value in CS.
> *NOTE*
> https://docs.oracle.com/javase/8/docs/api/java/security/KeyStore.html
> {code}
> Whether aliases are case sensitive is implementation dependent. In order to avoid problems, it is recommended not to use aliases in a KeyStore that only differ in case.
> {code}
> *Suggestions for solution*
> * We must unite case (in)sensitive between CS keystore file and CS in memory
> * implement case sensitive (Our implementation looks ok, IMO there is another problem with it...)
> * something else
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list