[jboss-jira] [JBoss JIRA] (ELY-1264) Wildfly Elytron Tool, credential-store command + --summary option doesn't show MASKed password when we set --salt and --iteration options too.
Hynek Švábek (JIRA)
issues at jboss.org
Mon Jun 26 08:27:01 EDT 2017
[ https://issues.jboss.org/browse/ELY-1264?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Hynek Švábek updated ELY-1264:
------------------------------
Description:
credential-store command with \-\-summary option doesn't show MASKed password when we set \-\-salt and \-\-iteration options too.
When we want \-\-add alias to created credential store and set \-\-password="MASK-9zknmrNsQqf;12345678;34" then we get error.
There is expected masked password in summary but you get clear text password:
{code}
[hsvabek at dhcp-10-40-4-111 bin]$ ./elytron-tool.sh credential-store --create --location test005.jceks --password pass123 --salt 12345678 --iteration 34 --summary
Credential Store has been successfully created
Credential store command summary:
--------------------------------------
/subsystem=elytron/credential-store=cs:add(relative-to=jboss.server.data.dir,create=true,modifiable=true,location="test005.jceks",implementation-properties={"keyStoreType"=>"JCEKS"},credential-reference={clear-text="pass123"})
{code}
Masked password for "pass123", iteration 34 and salt 12345678 is MASK-9zknmrNsQqf;12345678;34
We set masked password for adding alias to credential store and expect success but get error about password.
{code}
[hsvabek at dhcp-10-40-4-111 bin]$ ./elytron-tool.sh credential-store --add 001 -x secretsecret --location test005.jceks --password="MASK-9zknmrNsQqf;12345678;34" --summary --debug
Exception encountered executing the command:
org.wildfly.security.credential.store.CredentialStoreException: ELY09514: Unable to initialize credential store
at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.load(KeyStoreCredentialStore.java:859)
at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.initialize(KeyStoreCredentialStore.java:213)
at org.wildfly.security.credential.store.CredentialStore.initialize(CredentialStore.java:159)
at org.wildfly.security.tool.CredentialStoreCommand.execute(CredentialStoreCommand.java:208)
at org.wildfly.security.tool.ElytronTool.main(ElytronTool.java:75)
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
at com.sun.crypto.provider.JceKeyStore.engineLoad(JceKeyStore.java:865)
at java.security.KeyStore.load(KeyStore.java:1445)
at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.load(KeyStoreCredentialStore.java:847)
... 4 more
{code}
was:
credential-store command with \-\-summary option doesn't show MASKed password when we set \-\-salt and \-\-iteration options too.
There is expected masked password in summary but you get clear text password:
{code}
[hsvabek at dhcp-10-40-4-111 bin]$ ./elytron-tool.sh credential-store --create --location test005.jceks --password pass123 --salt 12345678 --iteration 34 --summary
Credential Store has been successfully created
Credential store command summary:
--------------------------------------
/subsystem=elytron/credential-store=cs:add(relative-to=jboss.server.data.dir,create=true,modifiable=true,location="test005.jceks",implementation-properties={"keyStoreType"=>"JCEKS"},credential-reference={clear-text="pass123"})
{code}
> Wildfly Elytron Tool, credential-store command + --summary option doesn't show MASKed password when we set --salt and --iteration options too.
> ----------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: ELY-1264
> URL: https://issues.jboss.org/browse/ELY-1264
> Project: WildFly Elytron
> Issue Type: Bug
> Reporter: Hynek Švábek
> Assignee: Darran Lofthouse
> Priority: Critical
>
> credential-store command with \-\-summary option doesn't show MASKed password when we set \-\-salt and \-\-iteration options too.
> When we want \-\-add alias to created credential store and set \-\-password="MASK-9zknmrNsQqf;12345678;34" then we get error.
> There is expected masked password in summary but you get clear text password:
> {code}
> [hsvabek at dhcp-10-40-4-111 bin]$ ./elytron-tool.sh credential-store --create --location test005.jceks --password pass123 --salt 12345678 --iteration 34 --summary
> Credential Store has been successfully created
> Credential store command summary:
> --------------------------------------
> /subsystem=elytron/credential-store=cs:add(relative-to=jboss.server.data.dir,create=true,modifiable=true,location="test005.jceks",implementation-properties={"keyStoreType"=>"JCEKS"},credential-reference={clear-text="pass123"})
> {code}
> Masked password for "pass123", iteration 34 and salt 12345678 is MASK-9zknmrNsQqf;12345678;34
> We set masked password for adding alias to credential store and expect success but get error about password.
> {code}
> [hsvabek at dhcp-10-40-4-111 bin]$ ./elytron-tool.sh credential-store --add 001 -x secretsecret --location test005.jceks --password="MASK-9zknmrNsQqf;12345678;34" --summary --debug
> Exception encountered executing the command:
> org.wildfly.security.credential.store.CredentialStoreException: ELY09514: Unable to initialize credential store
> at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.load(KeyStoreCredentialStore.java:859)
> at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.initialize(KeyStoreCredentialStore.java:213)
> at org.wildfly.security.credential.store.CredentialStore.initialize(CredentialStore.java:159)
> at org.wildfly.security.tool.CredentialStoreCommand.execute(CredentialStoreCommand.java:208)
> at org.wildfly.security.tool.ElytronTool.main(ElytronTool.java:75)
> Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
> at com.sun.crypto.provider.JceKeyStore.engineLoad(JceKeyStore.java:865)
> at java.security.KeyStore.load(KeyStore.java:1445)
> at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.load(KeyStoreCredentialStore.java:847)
> ... 4 more
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list