[jboss-jira] [JBoss JIRA] (WFCORE-944) truststore path is ignored if provider is not JKS

Ricardo Martin Camarero (Jira) issues at jboss.org
Fri Jun 19 10:40:02 EDT 2020 

    [ https://issues.redhat.com/browse/WFCORE-944?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14167218#comment-14167218 ] 

Ricardo Martin Camarero edited comment on WFCORE-944 at 6/19/20 10:39 AM:
--------------------------------------------------------------------------

I stumbled on this a few days ago working on another JIRA. I implemented not long ago a PKCS12 test [HTTPSManagementInterfacePKCS12TestCase.java|https://github.com/wildfly/wildfly-core/blob/master/testsuite/manualmode/src/test/java/org/wildfly/core/test/standalone/mgmt/HTTPSManagementInterfacePKCS12TestCase.java] and I think it's easy to complete that test to also set the keystore-provider to all the keystores and test Darran's fix. I'll provide a new PR the next week.


was (Author: rhn-support-rmartinc):
I stumbled into this a few days ago working on another JIRA. I implemented not long ago a PKCS12 test [HTTPSManagementInterfacePKCS12TestCase.java|https://github.com/wildfly/wildfly-core/blob/master/testsuite/manualmode/src/test/java/org/wildfly/core/test/standalone/mgmt/HTTPSManagementInterfacePKCS12TestCase.java] and I think it's easy to complete that test to also set the keystore-provider to all the keystores and test Darran's fix. I'll provide a new PR the next week.

> truststore path is ignored if provider is not JKS
> -------------------------------------------------
>
>                 Key: WFCORE-944
>                 URL: https://issues.redhat.com/browse/WFCORE-944
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Security
>            Reporter: Arto Huusko
>            Assignee: Ricardo Martin Camarero
>            Priority: Major
>
> truststore configuration ignores the path and relative-to parameters if the truststore provider is anything else than JKS.
> This works as documented, but it is not correct. There can be and are truststore implementations that need to load parameters or whatever data from a file, and the current implementation prevents these truststore providers from working.
> We have a custom truststore that is loaded from database, and database access parameters are read from a properties file. When trying to use this with Wildfly 9, the keystore engineLoad parameter is passed in as null, even though path and relative-to are configured.
> Even standard java supports PKCS12 truststores, where the same problem would occur.
> So I would suggest that
>  - if provider is JKS, path is mandatory
>  - if provider is not JKS, but path is specified, it is passed to the provider



--
This message was sent by Atlassian Jira
(v7.13.8#713008)

More information about the jboss-jira mailing list