Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-4412

jboss-cli.bat: Setting keystore-path in a new security-realm interprets \ (backslash) in Windows paths

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Do
    • Major
    • None
    • 7.0.0.CR2, 7.1.0.DR4
    • CLI
    • None
    • Release Notes
    • Known issue
    • Not Yet Documented

    Description

      [standalone@localhost:9990 /] /core-service=management/security-realm=JBossTestClient/authentication=truststore:add(keystore-path="C:\qa\hudson_workspace\noe-tests\resources\ssl\proper\ca-cert.jks", keystore-password="tomcat")
{
    "outcome" => "success",
    "response-headers" => {
        "operation-requires-reload" => true,
        "process-state" => "reload-required"
    }
}

      results in erroneous:

      <security-realm name="JBossTestClient">
    <server-identities>
        <ssl protocol="TLSv1">
            <engine enabled-cipher-suites="TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"/>
            <keystore provider="JKS" path="C:qahudson_workspace&#xa;oe-tests&#xd;esourcessslproperclient-cert-key.jks" keystore-password="tomcat" alias="javaclient"/>
        </ssl>
    </server-identities>
    <authentication>
        <truststore path="C:qahudson_workspace&#xa;oe-tests&#xd;esourcessslproperca-cert.jks" keystore-password="tomcat"/>
    </authentication>
</security-realm>

      whereas:

      [standalone@localhost:9990 /] /core-service=management/security-realm=JBossTestClient/authentication=truststore:add(keystore-path="C:/qa/hudson_workspace/noe-tests/resources/ssl/proper/ca-cert.jks", keystore-password="tomcat")
{
    "outcome" => "success",
    "response-headers" => {
        "operation-requires-reload" => true,
        "process-state" => "reload-required"
    }
}

      is processed correctly:

                  <security-realm name="JBossTestClient">
                <authentication>
                    <truststore path="C:/qa/hudson_workspace/noe-tests/resources/ssl/proper/ca-cert.jks" keystore-password="tomcat"/>
                </authentication>
            </security-realm>

      For a reference, mod_cluster subsystem processes the backslashes from CLI without a hiccup:

      <subsystem xmlns="urn:jboss:domain:modcluster:2.0">
<mod-cluster-config advertise-socket="modcluster" connector="https">
<dynamic-load-provider>
<load-metric type="cpu"/>
</dynamic-load-provider>
<ssl key-alias="javaclient" password="tomcat" certificate-key-file="C:\qa\hudson_workspace\noe-tests\resources\ssl\proper\client-cert-key.jks" cipher-suite="TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV" protocol="TLSv1" ca-certificate-file="C:\qa\hudson_workspace\noe-tests\resources\ssl\proper\ca-cert.jks"/>
</mod-cluster-config>
</subsystem>

      Attachments

        Issue Links

          is blocked by

          Enhancement - An enhancement to or refactoring of existing functionality that is not configurable by an end user (typically a change made by an internal team that affects users) WFCORE-1519 Operation parameters described with filesystem-path should not require escaping the separator

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Open
          is duplicated by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-15924 Failed to marshal configuration on windows CLI storing absolute paths

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          relates to

          Enhancement - An enhancement to or refactoring of existing functionality that is not configurable by an end user (typically a change made by an internal team that affects users) JBEAP-9440 Documentation: path attributes in CLI on Windows

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • New

          Activity

            People

              jdenise@redhat.com Jean Francois Denise
              mbabacek1@redhat.com Michal Karm
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: