[jboss-jira] [JBoss JIRA] (WFCORE-2923) Credential reference integration with client-certificate-store does not work

Martin Choma (JIRA) issues at jboss.org
Mon Jun 5 16:33:01 EDT 2017 

Martin Choma created WFCORE-2923:
------------------------------------

             Summary: Credential reference integration with client-certificate-store does not work
                 Key: WFCORE-2923
                 URL: https://issues.jboss.org/browse/WFCORE-2923
             Project: WildFly Core
          Issue Type: Bug
          Components: Security
            Reporter: Martin Choma
            Assignee: Darran Lofthouse
            Priority: Blocker


By WFCORE-2483 there were introduced attributes {{keystore-password-credential-reference}} and {{key-password-credential-reference}} in resource {{client-certificate-store}}, which is used when syslog server requires client authentication during TLS handshake.

However this integration does not work.

Looking into SyslogAuditLogHandler.java I am missing credential reference retrieving code {{CredentialReference.getCredentialSourceSupplier}}
{code:java|title=SyslogAuditLogHandler.java}
if (transport == Transport.TLS){
                    final SSLContext context = SSLContext.getInstance("TLS");
                    KeyManager[] keyManagers = null;
                    if (tlsClientCertStorePath != null){
                        final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                        final FileInputStream in = new FileInputStream(pathManager.resolveRelativePathEntry(tlsClientCertStorePath, tlsClientCertStoreRelativeTo));
                        try {
                            final KeyStore ks = KeyStore.getInstance("JKS");
                            ks.load(in, tlsClientCertStorePassword.toCharArray());
                            kmf.init(ks, tlsClientCertStoreKeyPassword != null ? tlsClientCertStoreKeyPassword.toCharArray() : tlsClientCertStorePassword.toCharArray());
                            keyManagers = kmf.getKeyManagers();
                        } finally {
                            IoUtils.safeClose(in);
                        }
                    }
                    TrustManager[] trustManagers = null;
                    if (tlsTrustStorePath != null){
                        final TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                        final FileInputStream in = new FileInputStream(pathManager.resolveRelativePathEntry(tlsTrustStorePath, tlsTrustStoreRelativeTo));
                        try {
                            final KeyStore ks = KeyStore.getInstance("JKS");
                            ks.load(in, tlsTrustStorePassword.toCharArray());
                            tmf.init(ks);
                            trustManagers = tmf.getTrustManagers();
                        } finally {
                            IoUtils.safeClose(in);
                        }
                    }
{code}




--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list