[jboss-jira] [JBoss JIRA] (ELY-786) KeyAlias can be overwritten by CredentialStore alias entry.

Wed Nov 23 09:15:00 EST 2016

Hynek Švábek created ELY-786:
--------------------------------

             Summary: KeyAlias can be overwritten by CredentialStore alias entry.
                 Key: ELY-786
                 URL: https://issues.jboss.org/browse/ELY-786
             Project: WildFly Elytron
          Issue Type: Bug
            Reporter: Hynek Švábek
            Assignee: Darran Lofthouse
            Priority: Critical

KeyAlias can be overwritten by CredentialStore alias entry.

{code}
/subsystem=elytron/credential-store=cskeyalias:add(uri="cr-store://test/cskeyalias.jceks?store.password=pass123;create.storage=true;key.alias=adminKeyAlias")
{code}

{code}
/subsystem=elytron/credential-store=credStore001/alias=adminKeyAlias:add(secret-value=Elytron)
{code}
Using of default key.alias parameter has same result

*Suggestion for solution*
Add check that aliasName isn't keyAlias.
https://github.com/wildfly-security/wildfly-elytron/blob/5f0ed115ea26524045dc8037aec075c6db605d03/src/main/java/org/wildfly/security/credential/store/impl/KeystorePasswordStore.java#L331

--
This message was sent by Atlassian JIRA
(v7.2.3#72005)