[jboss-jira] [JBoss JIRA] (WFCORE-4034) RuntimeException when call key-store=ks:revoke-certificate

Claudio Miranda (JIRA) issues at jboss.org
Tue Aug 14 14:49:00 EDT 2018 

Claudio Miranda created WFCORE-4034:
---------------------------------------

             Summary: RuntimeException when call key-store=ks:revoke-certificate
                 Key: WFCORE-4034
                 URL: https://issues.jboss.org/browse/WFCORE-4034
             Project: WildFly Core
          Issue Type: Bug
          Components: Security
            Reporter: Claudio Miranda
            Assignee: Darran Lofthouse


There is a RuntimeException when call a key-store=keys:revoke-certificate on a existing alias, but having failed to obtain certificate from CA

Steps to reproduce
{code}
/subsystem=elytron/key-store=keyst2:add(credential-reference={clear-text=senha},type=JKS,path=keyst2.jks)
/subsystem=elytron/certificate-authority-account=ca_letsenc2:add(alias=www.cnn.com,key-store=keyst2)
/subsystem=elytron/key-store=keyst2:obtain-certificate(alias=www.cnn.com,certificate-authority-account=ca_letsenc2,domain-names=["www.cnn.com"],agree-to-terms-of-service,algorithm=RSA)
/subsystem=elytron/key-store=keyst2:revoke-certificate(alias=www.cnn.com,certificate-authority-account=ca_letsenc2)
{code}

obtain-certificate results in an exception, then call revoke-certificate
{code}
/subsystem=elytron/key-store=keyst2:obtain-certificate(alias=www.cnn.com,certificate-authority-account=ca_letsenc2,domain-names=["www.cnn.com"],agree-to-terms-of-service,algorithm=RSA)
{
    "outcome" => "failed",                                                                                                                                                                                                                   
    "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.RuntimeException: org.wildfly.security.x500.cert.acme.AcmeException: ELY10048: Challenge response failed validation by the ACME ser                           
ver",                                                                                                                                                                                                                                        
    "rolled-back" => true                                                                                                                                                                                                                    
}

[standalone at localhost:9990 /] /subsystem=elytron/key-store=keyst2:revoke-certificate(alias=www.cnn.com,certificate-authority-account=ca_letsenc2)
{
    "outcome" => "failed",
    "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.RuntimeException: org.wildfly.security.x500.cert.acme.AcmeException: No such certificate",
    "rolled-back" => true
}
{code}

I understand it make no sense to revoke a certificate that doesn't exist in CA provider, but it was more an accident to discover it as I was playing with the operations. 

Probably a WARN message would be more appropriate than a RuntimeException.



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list