[jboss-jira] [JBoss JIRA] (ELY-1294) Wildfly Elytron Tool, Credential-store command, --salt option is validated only when --summary is used too.

Chao Wang (JIRA) issues at jboss.org
Wed May 23 02:52:00 EDT 2018 

     [ https://issues.jboss.org/browse/ELY-1294?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Chao Wang updated ELY-1294:
---------------------------
    Git Pull Request: https://github.com/wildfly-security/wildfly-elytron-tool/pull/90, https://github.com/wildfly-security/wildfly-elytron-tool/pull/99, https://github.com/wildfly-security/wildfly-elytron-tool/pull/148, https://github.com/wildfly-security/wildfly-elytron-tool/pull/149  (was: https://github.com/wildfly-security/wildfly-elytron-tool/pull/90, https://github.com/wildfly-security/wildfly-elytron-tool/pull/99)


> Wildfly Elytron Tool, Credential-store command, --salt option is validated only when --summary is used too.
> -----------------------------------------------------------------------------------------------------------
>
>                 Key: ELY-1294
>                 URL: https://issues.jboss.org/browse/ELY-1294
>             Project: WildFly Elytron
>          Issue Type: Bug
>          Components: Command-Line Tool, Credential Store
>            Reporter: Hynek Švábek
>            Assignee: Chao Wang
>
> Credential-store command \-\-salt option is validated only when is \-\-summary is used too.
> It is caused by generation MASKed password for summary output[1].
> It is at least strange and confusing to user: without \-\-summary is passed, with \-\-summary is failed (entry is stored in storage successfully).
> *How to reproduce*
> {code}
> [hsvabek at dhcp-10-40-5-17 bin]$ ./elytron-tool.sh credential-store   --add secret_alias --password pass123 --create -x secret_password -l store005.jceks -s 1234567890 -i 230 --summary  --debug
> Alias "secret_alias" has been successfully stored
> Exception encountered executing the command:
> java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long
>         at com.sun.crypto.provider.PBES1Core.init(PBES1Core.java:234)
>         at com.sun.crypto.provider.PBES1Core.init(PBES1Core.java:331)
>         at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineInit(PBEWithMD5AndDESCipher.java:228)
>         at javax.crypto.Cipher.implInit(Cipher.java:810)
>         at javax.crypto.Cipher.chooseProvider(Cipher.java:864)
>         at javax.crypto.Cipher.init(Cipher.java:1539)
>         at javax.crypto.Cipher.init(Cipher.java:1470)
>         at org.wildfly.security.util.PasswordBasedEncryptionUtil$Builder.createAndInitCipher(PasswordBasedEncryptionUtil.java:506)
>         at org.wildfly.security.util.PasswordBasedEncryptionUtil$Builder.build(PasswordBasedEncryptionUtil.java:589)
>         at org.wildfly.security.tool.MaskCommand.computeMasked(MaskCommand.java:117)
>         at org.wildfly.security.tool.CredentialStoreCommand.execute(CredentialStoreCommand.java:287)
>         at org.wildfly.security.tool.ElytronTool.main(ElytronTool.java:81)
> {code}
> [1] https://github.com/wildfly-security/wildfly-elytron-tool/blob/1.0.0.CR2/src/main/java/org/wildfly/security/tool/CredentialStoreCommand.java#L286



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list