Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-11786

Wildfly Elytron Tool, credential-store command + --summary option doesn't show MASKed password when we set --salt and --iteration options too.

    XMLWordPrintable

Details

    Description

      credential-store command with --summary option doesn't show MASKed password when we set --salt and --iteration options too.
      When we want --add alias to created credential store and set --password="MASK-9zknmrNsQqf;12345678;34" then we get error.

      There is expected masked password in summary but you get clear text password:

      [hsvabek@dhcp-10-40-4-111 bin]$ ./elytron-tool.sh credential-store --create --location test005.jceks --password pass123 --salt 12345678 --iteration 34 --summary
Credential Store has been successfully created
Credential store command summary:
--------------------------------------
/subsystem=elytron/credential-store=cs:add(relative-to=jboss.server.data.dir,create=true,modifiable=true,location="test005.jceks",implementation-properties={"keyStoreType"=>"JCEKS"},credential-reference={clear-text="pass123"})

      Masked password for "pass123", iteration 34 and salt 12345678 is MASK-9zknmrNsQqf;12345678;34
      We set masked password for adding alias to credential store and expect success but get error about password.

      [hsvabek@dhcp-10-40-4-111 bin]$ ./elytron-tool.sh credential-store --add 001 -x secretsecret --location test005.jceks --password="MASK-9zknmrNsQqf;12345678;34" --summary --debug
Exception encountered executing the command:
org.wildfly.security.credential.store.CredentialStoreException: ELY09514: Unable to initialize credential store
        at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.load(KeyStoreCredentialStore.java:859)
        at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.initialize(KeyStoreCredentialStore.java:213)
        at org.wildfly.security.credential.store.CredentialStore.initialize(CredentialStore.java:159)
        at org.wildfly.security.tool.CredentialStoreCommand.execute(CredentialStoreCommand.java:208)
        at org.wildfly.security.tool.ElytronTool.main(ElytronTool.java:75)
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
        at com.sun.crypto.provider.JceKeyStore.engineLoad(JceKeyStore.java:865)
        at java.security.KeyStore.load(KeyStore.java:1445)
        at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.load(KeyStoreCredentialStore.java:847)
        ... 4 more

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. ELY-1264 Wildfly Elytron Tool, credential-store command + --summary option doesn't show MASKed password when we set --salt and --iteration options too.

          • Critical - To be worked on immediately following BLOCKER issues.
          • Resolved
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-11783 Upgrade to Elytron tool 1.0.0.CR1

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              thofman Tomas Hofman
              hsvabek_jira Hynek Švábek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: