diff --git a/tool/src/main/java/org/wildfly/security/tool/Command.java b/tool/src/main/java/org/wildfly/security/tool/Command.java
index 0659183dcd6..0bcc04e110b 100644
--- a/tool/src/main/java/org/wildfly/security/tool/Command.java
+++ b/tool/src/main/java/org/wildfly/security/tool/Command.java
@@ -44,10 +44,10 @@
import javax.crypto.SecretKey;
-import org.wildfly.security.credential.Credential;
import org.wildfly.security.credential.SecretKeyCredential;
import org.wildfly.security.credential.store.CredentialStore;
import org.wildfly.security.credential.store.CredentialStoreException;
+import org.wildfly.security.credential.store.UnsupportedCredentialTypeException;
import org.wildfly.security.credential.store.impl.PropertiesCredentialStore;
import org.wildfly.security.encryption.SecretKeyUtil;
import org.wildfly.security.password.WildFlyElytronPasswordProvider;
@@ -204,7 +204,7 @@ public void printDuplicatesWarning(CommandLine cmdLine) {
*
* List allowedDuplicates = new ArrayList()
* {{ add(PASSWORD_CREDENTIAL_VALUE_PARAM);
- * }};
+ * }};
*
*/
public void printDuplicatesWarning(CommandLine cmdLine, List duplicatesAllowed) {
@@ -324,7 +324,7 @@ protected Supplier getProvidersSupplier(final String providersList)
* @throws Exception when an existing credential store does not contain the secret key
*/
SecretKey getSecretKey(Boolean createCredentialStore, String credentialStoreLocation, String alias, Boolean populate,
- String inputRealmLocation) throws Exception {
+ int descriptorBlockCount) throws Exception {
CredentialStore credentialStore;
String csType = PropertiesCredentialStore.NAME;
try {
@@ -337,29 +337,42 @@ SecretKey getSecretKey(Boolean createCredentialStore, String credentialStoreLoca
implProps.put("create", String.valueOf(createCredentialStore));
implProps.put("location", credentialStoreLocation);
implProps.put("modifiable", Boolean.TRUE.toString());
- credentialStore.initialize(implProps);
+
try {
- credentialStore.retrieve(alias, SecretKeyCredential.class).getSecretKey();
+ credentialStore.initialize(implProps);
+ } catch (CredentialStoreException e) {
+ warningHandler(ElytronToolMessages.msg.skippingDescriptorBlockCredentialStoreNotLoaded(descriptorBlockCount));
+ }
+
+ SecretKeyCredential secretKeyCredential;
+ try {
+ secretKeyCredential = credentialStore.retrieve(alias, SecretKeyCredential.class);
+ } catch (UnsupportedCredentialTypeException e) {
+ warningHandler(ElytronToolMessages.msg.skippingDescriptorBlockSecretKeyUnsupported(credentialStoreLocation, descriptorBlockCount));
+ return null;
+ }
+
+ // Acquire SecretKey, and populate credential store if set
+ SecretKey key;
+ if (secretKeyCredential != null) {
System.out.println(ElytronToolMessages.msg.existingCredentialStore());
- } catch (Exception e) {
- if (!createCredentialStore) {
- warningHandler(ElytronToolMessages.msg.skippingBlockMissingCredentialStore());
- return null;
- }
- if (populate) {
- SecretKey key = SecretKeyUtil.generateSecretKey(256);
- Credential keyCredential = new SecretKeyCredential(key);
- credentialStore.store(alias, keyCredential);
+ key = secretKeyCredential.getSecretKey();
+ } else if (populate) {
+ try {
+ SecretKey newKey = SecretKeyUtil.generateSecretKey(256);
+ SecretKeyCredential newKeyCredential = new SecretKeyCredential(newKey);
+ credentialStore.store(alias, newKeyCredential);
credentialStore.flush();
- } else {
- errorHandler(ElytronToolMessages.msg.cmdFileSystemPopulateUnspecified());
+
+ key = newKey;
+ } catch (GeneralSecurityException e) {
+ warningHandler(ElytronToolMessages.msg.skippingDescriptorBlockUnableToPopulateCredentialStore(
+ credentialStoreLocation, descriptorBlockCount));
+ return null;
}
- }
- SecretKey key;
- try {
- key = credentialStore.retrieve(alias, SecretKeyCredential.class).getSecretKey();
- } catch (NullPointerException e) {
- System.out.println(ElytronToolMessages.msg.cmdFileSystemEncryptionNoSecretKey(credentialStoreLocation, inputRealmLocation));
+
+ } else {
+ warningHandler(ElytronToolMessages.msg.cmdFileSystemEncryptionNoSecretKey(credentialStoreLocation, descriptorBlockCount));
return null;
}
diff --git a/tool/src/main/java/org/wildfly/security/tool/ElytronToolMessages.java b/tool/src/main/java/org/wildfly/security/tool/ElytronToolMessages.java
index cc3d1531150..d47bf892e30 100644
--- a/tool/src/main/java/org/wildfly/security/tool/ElytronToolMessages.java
+++ b/tool/src/main/java/org/wildfly/security/tool/ElytronToolMessages.java
@@ -485,11 +485,8 @@ public interface ElytronToolMessages extends BasicLogger {
@Message(id = NONE, value = "'FileSystemRealmEncrypt' command is used to convert un-encrypted FileSystemSecurityRealm(s) to encrypted FileSystemSecurityRealm(s) with a SecretKey.")
String cmdFileSystemEncryptHelpHeader();
- @Message(id = NONE, value = "The populate parameter was set to false and the Secret Key did not exist in the Credential Store.")
- MissingOptionException cmdFileSystemPopulateUnspecified();
-
- @Message(id = NONE, value = "Unable to locate Secret Key with Credential Store located at %s. Skipping realm located at %s.")
- String cmdFileSystemEncryptionNoSecretKey(String credentialStore, String realmLocation);
+ @Message(id = NONE, value = "Secret Key was not found in the Credential Store at %s, and populate option was not set. Skipping descriptor file block number %d.")
+ String cmdFileSystemEncryptionNoSecretKey(String credentialStorePath, Integer blockNumber);
@Message(id = NONE, value = "The character set used to convert the password string to a byte array. Defaults to UTF-8.")
String cmdFileSystemRealmIntegrityHashCharsetDesc();
@@ -600,8 +597,14 @@ public interface ElytronToolMessages extends BasicLogger {
@Message(id = NONE, value = "Found credential store and alias, using pre-existing key")
String existingCredentialStore();
- @Message(id = NONE, value = "Could not find credential store and secret key alias, skipping block")
- String skippingBlockMissingCredentialStore();
+ @Message(id = NONE, value = "Skipping descriptor file block number %d due to failure to load Credential Store.")
+ String skippingDescriptorBlockCredentialStoreNotLoaded(Integer blockNumber);
+
+ @Message(id = NONE, value = "Credential Store at %s does not support SecretKey. Skipping descriptor file block number %d.")
+ String skippingDescriptorBlockSecretKeyUnsupported(String credentialStorePath, Integer blockNumber);
+
+ @Message(id = NONE, value = "Exception was thrown while populating Credential Store at %s. Skipping descriptor file block number %d.")
+ String skippingDescriptorBlockUnableToPopulateCredentialStore(String credentialStorePath, Integer blockNumber);
@Message(id = NONE, value = "No Credential Store location or Secret Key Alias specified.")
MissingOptionException missingCredentialStoreSecretKey();
diff --git a/tool/src/main/java/org/wildfly/security/tool/FileSystemEncryptRealmCommand.java b/tool/src/main/java/org/wildfly/security/tool/FileSystemEncryptRealmCommand.java
index 34f4d090dd8..4b0796c6189 100644
--- a/tool/src/main/java/org/wildfly/security/tool/FileSystemEncryptRealmCommand.java
+++ b/tool/src/main/java/org/wildfly/security/tool/FileSystemEncryptRealmCommand.java
@@ -689,14 +689,16 @@ private void findMissingRequiredValuesAndSetValues(int count, Descriptor descrip
*/
private void createFileSystemRealm() throws Exception {
+ int blockCount = 0;
for (Descriptor descriptor : descriptors) {
+ blockCount++;
System.out.println(ElytronToolMessages.msg.fileSystemRealmEncryptCreatingRealm(descriptor.getInputRealmLocation()));
if (checkDescriptorFields(descriptor)) continue;
// Load secret key
SecretKey key = getSecretKey(descriptor.getCreateCredentialStore(), descriptor.getCredentialStore(),
- descriptor.getSecretKeyAlias(), descriptor.getPopulate(), descriptor.getInputRealmLocation());
+ descriptor.getSecretKeyAlias(), descriptor.getPopulate(), blockCount);
if (key == null) continue;
FileSystemSecurityRealm oldFileSystemRealm = FileSystemSecurityRealm.builder()