[jboss-jira] [JBoss JIRA] (ELY-786) KeyAlias can be overwritten by CredentialStore alias entry.
Darran Lofthouse (JIRA)
issues at jboss.org
Sun Aug 20 06:39:18 EDT 2017
[ https://issues.jboss.org/browse/ELY-786?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse reassigned ELY-786:
------------------------------------
Assignee: (was: Darran Lofthouse)
> KeyAlias can be overwritten by CredentialStore alias entry.
> -----------------------------------------------------------
>
> Key: ELY-786
> URL: https://issues.jboss.org/browse/ELY-786
> Project: WildFly Elytron
> Issue Type: Bug
> Reporter: Hynek Švábek
> Priority: Critical
>
> KeyAlias can be overwritten by CredentialStore alias entry.
> {code}
> /subsystem=elytron/credential-store=cskeyalias:add(uri="cr-store://test/cskeyalias.jceks?store.password=pass123;create.storage=true;key.alias=adminKeyAlias")
> {code}
> {code}
> /subsystem=elytron/credential-store=credStore001/alias=adminKeyAlias:add(secret-value=Elytron)
> {code}
> Using of default key.alias parameter has same result
> *Suggestion for solution*
> Add check that aliasName isn't keyAlias.
> https://github.com/wildfly-security/wildfly-elytron/blob/5f0ed115ea26524045dc8037aec075c6db605d03/src/main/java/org/wildfly/security/credential/store/impl/KeystorePasswordStore.java#L331
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list