Details
-
Bug
-
Resolution: Done
-
Major
-
None
-
None
Description
There is a RuntimeException when call a key-store=keys:revoke-certificate on a existing alias, but having failed to obtain certificate from CA
Steps to reproduce
/subsystem=elytron/key-store=keyst2:add(credential-reference={clear-text=senha},type=JKS,path=keyst2.jks)
/subsystem=elytron/certificate-authority-account=ca_letsenc2:add(alias=www.cnn.com,key-store=keyst2)
/subsystem=elytron/key-store=keyst2:obtain-certificate(alias=www.cnn.com,certificate-authority-account=ca_letsenc2,domain-names=["www.cnn.com"],agree-to-terms-of-service,algorithm=RSA)
/subsystem=elytron/key-store=keyst2:revoke-certificate(alias=www.cnn.com,certificate-authority-account=ca_letsenc2)
obtain-certificate results in an exception, then call revoke-certificate
/subsystem=elytron/key-store=keyst2:obtain-certificate(alias=www.cnn.com,certificate-authority-account=ca_letsenc2,domain-names=["www.cnn.com"],agree-to-terms-of-service,algorithm=RSA) { "outcome" => "failed", "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.RuntimeException: org.wildfly.security.x500.cert.acme.AcmeException: ELY10048: Challenge response failed validation by the ACME ser ver", "rolled-back" => true } [standalone@localhost:9990 /] /subsystem=elytron/key-store=keyst2:revoke-certificate(alias=www.cnn.com,certificate-authority-account=ca_letsenc2) { "outcome" => "failed", "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.RuntimeException: org.wildfly.security.x500.cert.acme.AcmeException: No such certificate", "rolled-back" => true }
I understand it make no sense to revoke a certificate that doesn't exist in CA provider, but it was more an accident to discover it as I was playing with the operations.
Probably a WARN message would be more appropriate than a RuntimeException.
