[jboss-jira] [JBoss JIRA] (WFCORE-2923) Credential reference integration with client-certificate-store does not work
Martin Choma (JIRA)
issues at jboss.org
Mon Jun 5 16:37:00 EDT 2017
[ https://issues.jboss.org/browse/WFCORE-2923?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Choma updated WFCORE-2923:
---------------------------------
Description:
By WFCORE-2483 there were introduced attributes {{keystore-password-credential-reference}} and {{key-password-credential-reference}} in resource {{client-certificate-store}}, which is used when syslog server requires client authentication during TLS handshake.
However this integration does not work.
Looking into SyslogAuditLogHandler.java I am missing credential reference retrieving code {{CredentialReference.getCredentialSourceSupplier}}
{code:java|title=SyslogAuditLogHandler.java}
if (transport == Transport.TLS){
final SSLContext context = SSLContext.getInstance("TLS");
KeyManager[] keyManagers = null;
if (tlsClientCertStorePath != null){
final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
final FileInputStream in = new FileInputStream(pathManager.resolveRelativePathEntry(tlsClientCertStorePath, tlsClientCertStoreRelativeTo));
try {
final KeyStore ks = KeyStore.getInstance("JKS");
ks.load(in, tlsClientCertStorePassword.toCharArray());
kmf.init(ks, tlsClientCertStoreKeyPassword != null ? tlsClientCertStoreKeyPassword.toCharArray() : tlsClientCertStorePassword.toCharArray());
keyManagers = kmf.getKeyManagers();
} finally {
IoUtils.safeClose(in);
}
}
TrustManager[] trustManagers = null;
if (tlsTrustStorePath != null){
final TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
final FileInputStream in = new FileInputStream(pathManager.resolveRelativePathEntry(tlsTrustStorePath, tlsTrustStoreRelativeTo));
try {
final KeyStore ks = KeyStore.getInstance("JKS");
ks.load(in, tlsTrustStorePassword.toCharArray());
tmf.init(ks);
trustManagers = tmf.getTrustManagers();
} finally {
IoUtils.safeClose(in);
}
}
{code}
Tes (Ignored) https://github.com/wildfly/wildfly-core/pull/2513
was:
By WFCORE-2483 there were introduced attributes {{keystore-password-credential-reference}} and {{key-password-credential-reference}} in resource {{client-certificate-store}}, which is used when syslog server requires client authentication during TLS handshake.
However this integration does not work.
Looking into SyslogAuditLogHandler.java I am missing credential reference retrieving code {{CredentialReference.getCredentialSourceSupplier}}
{code:java|title=SyslogAuditLogHandler.java}
if (transport == Transport.TLS){
final SSLContext context = SSLContext.getInstance("TLS");
KeyManager[] keyManagers = null;
if (tlsClientCertStorePath != null){
final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
final FileInputStream in = new FileInputStream(pathManager.resolveRelativePathEntry(tlsClientCertStorePath, tlsClientCertStoreRelativeTo));
try {
final KeyStore ks = KeyStore.getInstance("JKS");
ks.load(in, tlsClientCertStorePassword.toCharArray());
kmf.init(ks, tlsClientCertStoreKeyPassword != null ? tlsClientCertStoreKeyPassword.toCharArray() : tlsClientCertStorePassword.toCharArray());
keyManagers = kmf.getKeyManagers();
} finally {
IoUtils.safeClose(in);
}
}
TrustManager[] trustManagers = null;
if (tlsTrustStorePath != null){
final TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
final FileInputStream in = new FileInputStream(pathManager.resolveRelativePathEntry(tlsTrustStorePath, tlsTrustStoreRelativeTo));
try {
final KeyStore ks = KeyStore.getInstance("JKS");
ks.load(in, tlsTrustStorePassword.toCharArray());
tmf.init(ks);
trustManagers = tmf.getTrustManagers();
} finally {
IoUtils.safeClose(in);
}
}
{code}
> Credential reference integration with client-certificate-store does not work
> ----------------------------------------------------------------------------
>
> Key: WFCORE-2923
> URL: https://issues.jboss.org/browse/WFCORE-2923
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Martin Choma
> Assignee: Darran Lofthouse
> Priority: Blocker
>
> By WFCORE-2483 there were introduced attributes {{keystore-password-credential-reference}} and {{key-password-credential-reference}} in resource {{client-certificate-store}}, which is used when syslog server requires client authentication during TLS handshake.
> However this integration does not work.
> Looking into SyslogAuditLogHandler.java I am missing credential reference retrieving code {{CredentialReference.getCredentialSourceSupplier}}
> {code:java|title=SyslogAuditLogHandler.java}
> if (transport == Transport.TLS){
> final SSLContext context = SSLContext.getInstance("TLS");
> KeyManager[] keyManagers = null;
> if (tlsClientCertStorePath != null){
> final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
> final FileInputStream in = new FileInputStream(pathManager.resolveRelativePathEntry(tlsClientCertStorePath, tlsClientCertStoreRelativeTo));
> try {
> final KeyStore ks = KeyStore.getInstance("JKS");
> ks.load(in, tlsClientCertStorePassword.toCharArray());
> kmf.init(ks, tlsClientCertStoreKeyPassword != null ? tlsClientCertStoreKeyPassword.toCharArray() : tlsClientCertStorePassword.toCharArray());
> keyManagers = kmf.getKeyManagers();
> } finally {
> IoUtils.safeClose(in);
> }
> }
> TrustManager[] trustManagers = null;
> if (tlsTrustStorePath != null){
> final TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
> final FileInputStream in = new FileInputStream(pathManager.resolveRelativePathEntry(tlsTrustStorePath, tlsTrustStoreRelativeTo));
> try {
> final KeyStore ks = KeyStore.getInstance("JKS");
> ks.load(in, tlsTrustStorePassword.toCharArray());
> tmf.init(ks);
> trustManagers = tmf.getTrustManagers();
> } finally {
> IoUtils.safeClose(in);
> }
> }
> {code}
> Tes (Ignored) https://github.com/wildfly/wildfly-core/pull/2513
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list