[jboss-jira] [JBoss JIRA] (SECURITY-966) Key manager exported from legacy JSSE security domain does not work Elytron server-ssl-context
Stefan Guilhen (JIRA)
issues at jboss.org
Wed Mar 29 14:23:00 EDT 2017
[ https://issues.jboss.org/browse/SECURITY-966?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stefan Guilhen updated SECURITY-966:
------------------------------------
Description:
It is not possible to use a key manager exported from legacy security domain (i.e. elytron-key-manager) in Elytron server-ssl-context. It results in:
{noformat}
{
"outcome" => "failed",
"failure-description" => {
"WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.ssc" => "org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.ssc: WFLYELY00019: No 'X509ExtendedKeyManager' found in injected value."},
"WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.ssl-context.ssc"]
},
"rolled-back" => true
}
{noformat}
The exported KeyManager doesn't extend the X509ExtendedKeyManager class. A simple change to SecurityKeyManager should make it compatible with the Elytron ssl contexts.
was:
It is not possible to use a key manager exported from legacy security domain (i.e. elytron-key-manager) in Elytron server-ssl-context. It results in:
{noformat}
{
"outcome" => "failed",
"failure-description" => {
"WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.ssc" => "org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.ssc: WFLYELY00019: No 'X509ExtendedKeyManager' found in injected value."},
"WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.ssl-context.ssc"]
},
"rolled-back" => true
}
{noformat}
The exported key manager is announced as org.wildfly.security.key-managers capability. Hence it is expected to work wherever the capability is requested.
> Key manager exported from legacy JSSE security domain does not work Elytron server-ssl-context
> ----------------------------------------------------------------------------------------------
>
> Key: SECURITY-966
> URL: https://issues.jboss.org/browse/SECURITY-966
> Project: PicketBox
> Issue Type: Bug
> Components: JBossSX, Security-SPI
> Affects Versions: PicketBox_5_0_0.Beta1
> Reporter: Stefan Guilhen
> Assignee: Stefan Guilhen
>
> It is not possible to use a key manager exported from legacy security domain (i.e. elytron-key-manager) in Elytron server-ssl-context. It results in:
> {noformat}
> {
> "outcome" => "failed",
> "failure-description" => {
> "WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.ssc" => "org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.ssc: WFLYELY00019: No 'X509ExtendedKeyManager' found in injected value."},
> "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.ssl-context.ssc"]
> },
> "rolled-back" => true
> }
> {noformat}
> The exported KeyManager doesn't extend the X509ExtendedKeyManager class. A simple change to SecurityKeyManager should make it compatible with the Elytron ssl contexts.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list