Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-2476

Credential store is not successfully created on the first call with create=true

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Major Major
    • None
    • None
    • Credential Store
    • None
    • Hide

      Follow the documentation to create FIPS enabed NSS DB. Then, when creating a credential store with PKCS11 with the following:

      /subsystem=elytron/credential-store=exampleCredentialStore:add(credential-reference={clear-text=pass123+},path=data.store,relative-to=jboss.server.data.dir,create=true,implementation-properties={"keyStoreType"=>"PKCS11","keyAlias"=>"exampleKey")

      it will result in the exception:

      "outcome" => "failed",
    "failure-description" => {"WFLYCTL0080: Failed services" => {"org.wildfly.se
curity.credential-store.exampleCredentialStore" => "WFLYELY00004: Unable to star
t the service.
    Caused by: org.wildfly.security.credential.store.CredentialStoreException: E
LY09514: Unable to initialize credential store
    Caused by: java.io.IOException: load failed
    Caused by: javax.security.auth.login.LoginException: no password provided, a
nd no callback handler available for retrieving password"}},
    "rolled-back" => true
}

      If you create the file with 

      touch /path/to/jboss.server.data.dir/data.store

      Then the command passes and after this point you can create new credential stores in any location without needing to use the touch command:

      /subsystem=elytron/credential-store=exampleCredentialStore:add(credential-reference={clear-text=pass123+},path=not.created.data.store.file,relative-to=jboss.server.data.dir,create=true,implementation-properties={"keyStoreType"=>"PKCS11","keyAlias"=>"exampleKey")

{"outcome" => "success"}
      Show
      Follow the documentation to create FIPS enabed NSS DB. Then, when creating a credential store with PKCS11 with the following: /subsystem=elytron/credential-store=exampleCredentialStore:add(credential-reference={clear-text=pass123+},path=data.store,relative-to=jboss.server.data.dir,create= true ,implementation-properties={ "keyStoreType" => "PKCS11" , "keyAlias" => "exampleKey" ) it will result in the exception: "outcome" => "failed" , "failure-description" => { "WFLYCTL0080: Failed services" => {"org.wildfly.se curity.credential-store.exampleCredentialStore " => " WFLYELY00004: Unable to star t the service. Caused by: org.wildfly.security.credential.store.CredentialStoreException: E LY09514: Unable to initialize credential store Caused by: java.io.IOException: load failed Caused by: javax.security.auth.login.LoginException: no password provided, a nd no callback handler available for retrieving password"}}, "rolled-back" => true } If you create the file with touch /path/to/jboss.server.data.dir/data.store Then the command passes and after this point you can create new credential stores in any location without needing to use the touch command: /subsystem=elytron/credential-store=exampleCredentialStore:add(credential-reference={clear-text=pass123+},path=not.created.data.store.file,relative-to=jboss.server.data.dir,create= true ,implementation-properties={ "keyStoreType" => "PKCS11" , "keyAlias" => "exampleKey" ) { "outcome" => "success" }

      Adding of credential stores does not work with `create=true` on the first try for PKCS11 in FIPS mode.

            Unassigned Unassigned
            dvilkola@redhat.com Diana Krepinska
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: