[jboss-jira] [JBoss JIRA] (WFCORE-4034) RuntimeException when call key-store=ks:revoke-certificate

Farah Juma (JIRA) issues at jboss.org
Tue Aug 14 14:50:00 EDT 2018 

     [ https://issues.jboss.org/browse/WFCORE-4034?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Farah Juma reassigned WFCORE-4034:
----------------------------------

    Assignee: Farah Juma  (was: Darran Lofthouse)


> RuntimeException when call key-store=ks:revoke-certificate
> ----------------------------------------------------------
>
>                 Key: WFCORE-4034
>                 URL: https://issues.jboss.org/browse/WFCORE-4034
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Security
>            Reporter: Claudio Miranda
>            Assignee: Farah Juma
>
> There is a RuntimeException when call a key-store=keys:revoke-certificate on a existing alias, but having failed to obtain certificate from CA
> Steps to reproduce
> {code}
> /subsystem=elytron/key-store=keyst2:add(credential-reference={clear-text=senha},type=JKS,path=keyst2.jks)
> /subsystem=elytron/certificate-authority-account=ca_letsenc2:add(alias=www.cnn.com,key-store=keyst2)
> /subsystem=elytron/key-store=keyst2:obtain-certificate(alias=www.cnn.com,certificate-authority-account=ca_letsenc2,domain-names=["www.cnn.com"],agree-to-terms-of-service,algorithm=RSA)
> /subsystem=elytron/key-store=keyst2:revoke-certificate(alias=www.cnn.com,certificate-authority-account=ca_letsenc2)
> {code}
> obtain-certificate results in an exception, then call revoke-certificate
> {code}
> /subsystem=elytron/key-store=keyst2:obtain-certificate(alias=www.cnn.com,certificate-authority-account=ca_letsenc2,domain-names=["www.cnn.com"],agree-to-terms-of-service,algorithm=RSA)
> {
>     "outcome" => "failed",                                                                                                                                                                                                                   
>     "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.RuntimeException: org.wildfly.security.x500.cert.acme.AcmeException: ELY10048: Challenge response failed validation by the ACME ser                           
> ver",                                                                                                                                                                                                                                        
>     "rolled-back" => true                                                                                                                                                                                                                    
> }
> [standalone at localhost:9990 /] /subsystem=elytron/key-store=keyst2:revoke-certificate(alias=www.cnn.com,certificate-authority-account=ca_letsenc2)
> {
>     "outcome" => "failed",
>     "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.RuntimeException: org.wildfly.security.x500.cert.acme.AcmeException: No such certificate",
>     "rolled-back" => true
> }
> {code}
> I understand it make no sense to revoke a certificate that doesn't exist in CA provider, but it was more an accident to discover it as I was playing with the operations. 
> Probably a WARN message would be more appropriate than a RuntimeException.



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list