[jboss-jira] [JBoss JIRA] (ELY-783) alias-filter from Elytron key-store does not work for non-lower-case alias with JKS

Yeray Borges (JIRA) issues at jboss.org
Mon May 15 10:48:00 EDT 2017 

    [ https://issues.jboss.org/browse/ELY-783?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13406423#comment-13406423 ] 

Yeray Borges commented on ELY-783:
----------------------------------

[~dlofthouse] KeyStore java doc states the following regarding aliases in a key store:
"Whether aliases are case sensitive is implementation dependent. In order to avoid problems, it is recommended not to use aliases in a KeyStore that only differ in case."
At the current moment writing this, Elytron subsystem doesn't allow alias creation using CLI, so, What's the plan here? is Elytron going to allow aliases creation as case sensitive?, if yes, maybe we shouldn't do anything here apart from the documentation.

I don't know exactly what was the intention using alias-filter, should we avoid case sensitive in alias filter or shouldn't?

> alias-filter from Elytron key-store does not work for non-lower-case alias with JKS
> -----------------------------------------------------------------------------------
>
>                 Key: ELY-783
>                 URL: https://issues.jboss.org/browse/ELY-783
>             Project: WildFly Elytron
>          Issue Type: Bug
>    Affects Versions: 1.1.0.Beta13
>            Reporter: Ondrej Lukas
>            Assignee: Yeray Borges
>
> In case when {{alias-filter}} attribute from Elytron {{key-store}} references non-lower-case alias (e.g. elytronAppServer) then SSL is not working. In case when this alias is set to lower-case in alias-filter (e.g. elytronappserver), then SSL works correctly.
> It seems JKS always transforms aliases to lower-case (even if they are created with some upper-case characters). However legacy security solution was able to use alias filter with non-lower-case characters to assign key from JKS keystore (probably through some internal {{.toLowerCase()}}).
> In case it is intended to do not use alias-filter with some upper-case for JKS then this issue can be changed to documentation issue. This is different behavior than was provided by legacy solution.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list