[NXP-19528] Password used to generate certificate is not encrypted when stored in directory - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 5.4
Fix Version/s: 6.0-HF31, 7.10-HF10, 8.3
Component/s: Digital Signature

Tags:
- SupCom
- nxfitcurrent
Backlog priority:
1,000
Sprint:
nxfit 8.3.3
Story Points:
3

Description

How to reproduce:

install addon nuxeo-signature
log in, navigate to HOME > Certificate
Enter password and generate certificate

Password is stored in directory certificate without encryption (see column keypassword):

Backport in 6.0?

The following "override" contribution encrypts the password when stored in the directory:

<?xml version="1.0"?>
<component name="digital.signature.directory.override">
	<require>digital.signature.directory</require>
  <extension target="org.nuxeo.ecm.directory.sql.SQLDirectoryFactory"
    point="directories">

    <directory name="certificate">
      <schema>cert</schema>
      <dataSource>java:/nxsqldirectory</dataSource>
      <cacheTimeout>3600</cacheTimeout>
      <cacheMaxSize>1000</cacheMaxSize>
      <table>certificate</table>
      <idField>userid</idField>
      <passwordField>keypassword</passwordField>
      <passwordHashAlgorithm>SSHA</passwordHashAlgorithm>
      <autoincrementIdField>false</autoincrementIdField>
      <createTablePolicy>on_missing_columns</createTablePolicy>
    </directory>
  </extension>
</component>

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

screenshot-1.png
31 kB
2016-04-20 00:11

Activity

People

Assignee:

Antoine Taillefer

Reporter:

Vincent Dutat

Participants:

Antoine Taillefer, Jenkins, Vincent Dutat

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

2016-04-20 00:11

Updated:

2016-05-03 07:24

Resolved:

2016-05-02 10:13

Time Tracking

Estimated:

Not Specified

Remaining:

Logged: