Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1394

ElytronClient - sslContext cannot use credential-store-reference clear-text password for key-store-ssl-certificate.

    XMLWordPrintable

Details

    • Hide
      • checkout wildfly-elytron
      • cd wildfly-elytron
      • update test [1] org.wildfly.security.auth.client.XmlConfigurationTest#testCredentialStoreIntegrationWithKeyStoreSSLConfiguration to use credential-store clear-text password. 
                                "<ssl-contexts>\n" +
                        "<ssl-context name=\"my-ssl\">\n" +
                            "<key-store-ssl-certificate key-store-name=\"ladybird\" alias=\"" + alias + "\">\n" +
            // "<credential-store-reference store=\"store1\" alias=\"ladybirdkey\"/>\n" +
            "<credential-store-reference clear-text=\"Elytron\"/>\n" +
                            "</key-store-ssl-certificate>\n" +
                        "</ssl-context>\n" +
      • mvn clean test -Dtest=XmlConfigurationTest#testCredentialStoreIntegrationWithKeyStoreSSLConfiguration 
            [ERROR] testCredentialStoreIntegrationWithKeyStoreSSLConfiguration(org.wildfly.security.auth.client.XmlConfigurationTest)  Time elapsed: 0.124 s  <<< ERROR!
    org.wildfly.client.config.ConfigXMLParseException: 
    ELY01135: Failed to load keystore data
            at authentication-client.xml:22:71
            at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$45(ElytronXmlParser.java:1427)
            at org.wildfly.security.auth.client.ElytronXmlParser$PrivateKeyKeyStoreEntryCredentialFactory.get(ElytronXmlParser.java:2561)
            at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseSslContextType$8(ElytronXmlParser.java:498)
            at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseSslContextRuleType$9(ElytronXmlParser.java:610)
            at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseRulesType$11(ElytronXmlParser.java:648)
            at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:347)
            at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:222)
            at org.wildfly.security.auth.client.XmlConfigurationTest.testConfiguration(XmlConfigurationTest.java:709)
            at org.wildfly.security.auth.client.XmlConfigurationTest.testCredentialStoreIntegrationWithKeyStoreSSLConfiguration(XmlConfigurationTest.java:691)
    Caused by: java.security.spec.InvalidKeySpecException
            at org.wildfly.security.password.impl.PasswordFactorySpiImpl.engineGetKeySpec(PasswordFactorySpiImpl.java:511)
            at org.wildfly.security.password.PasswordFactory.getKeySpec(PasswordFactory.java:163)
            at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$45(ElytronXmlParser.java:1394)
            ... 8 more
    
    [INFO] 
    [INFO] Results:
    [INFO] 
    [ERROR] Errors: 
    [ERROR]   XmlConfigurationTest.testCredentialStoreIntegrationWithKeyStoreSSLConfiguration:691->testConfiguration:709 » ConfigXMLParse

      [1] https://github.com/wildfly-security/wildfly-elytron/pull/1000/files#diff-3518e71d7566332bd55c8eef2833191aR679

      Show
      checkout wildfly-elytron cd wildfly-elytron update test [1] org.wildfly.security.auth.client.XmlConfigurationTest#testCredentialStoreIntegrationWithKeyStoreSSLConfiguration to use credential-store clear-text password. "<ssl-contexts>\n" + "<ssl-context name=\" my-ssl\ ">\n" + "<key-store-ssl-certificate key-store-name=\" ladybird\ " alias=\" " + alias + " \ ">\n" + // "<credential-store-reference store=\" store1\ " alias=\" ladybirdkey\ "/>\n" + "<credential-store-reference clear-text=\" Elytron\ "/>\n" + "</key-store-ssl-certificate>\n" + "</ssl-context>\n" + mvn clean test -Dtest=XmlConfigurationTest#testCredentialStoreIntegrationWithKeyStoreSSLConfiguration [ERROR] testCredentialStoreIntegrationWithKeyStoreSSLConfiguration(org.wildfly.security.auth.client.XmlConfigurationTest) Time elapsed: 0.124 s <<< ERROR! org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load keystore data at authentication-client.xml:22:71 at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$45(ElytronXmlParser.java:1427) at org.wildfly.security.auth.client.ElytronXmlParser$PrivateKeyKeyStoreEntryCredentialFactory.get(ElytronXmlParser.java:2561) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseSslContextType$8(ElytronXmlParser.java:498) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseSslContextRuleType$9(ElytronXmlParser.java:610) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseRulesType$11(ElytronXmlParser.java:648) at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:347) at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:222) at org.wildfly.security.auth.client.XmlConfigurationTest.testConfiguration(XmlConfigurationTest.java:709) at org.wildfly.security.auth.client.XmlConfigurationTest.testCredentialStoreIntegrationWithKeyStoreSSLConfiguration(XmlConfigurationTest.java:691) Caused by: java.security.spec.InvalidKeySpecException at org.wildfly.security.password.impl.PasswordFactorySpiImpl.engineGetKeySpec(PasswordFactorySpiImpl.java:511) at org.wildfly.security.password.PasswordFactory.getKeySpec(PasswordFactory.java:163) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$45(ElytronXmlParser.java:1394) ... 8 more [INFO] [INFO] Results: [INFO] [ERROR] Errors: [ERROR] XmlConfigurationTest.testCredentialStoreIntegrationWithKeyStoreSSLConfiguration:691->testConfiguration:709 » ConfigXMLParse [1] https://github.com/wildfly-security/wildfly-elytron/pull/1000/files#diff-3518e71d7566332bd55c8eef2833191aR679

    Description

      ElytronClient - sslContext cannot use credential-store-reference clear-text password for key-store-ssl-certificate.

      When you define clear-text password with "<key-store-clear-password password=\"Elytron\"/>\n"
      instead of credential-store clear-text password then everything works fine.

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-13438 ElytronClient - sslContext cannot use credential-store-reference clear-text password for key-store-ssl-certificate.

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              darran.lofthouse@redhat.com Darran Lofthouse
              hsvabek_jira Hynek Švábek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: