wildfly-security · dmlloyd · May 11, 2017 · May 8, 2017
diff --git a/src/main/java/org/wildfly/security/_private/ElytronMessages.java b/src/main/java/org/wildfly/security/_private/ElytronMessages.java
@@ -740,6 +740,9 @@ public interface ElytronMessages extends BasicLogger {
     @Message(id = 2033, value = "key must implement SecretKeySpec and keySpec must be SecretKeySpec, given key, keySpec: [%s]")
     InvalidKeySpecException keyMustImplementSecretKeySpecAndKeySpecMustBeSecretKeySpec(String keyAndKeySpec);
 
+    @Message(id = 2034, value = "Alias must be specified if more than one entry exist in keystore")
+    ConfigXMLParseException missingAlias(@Param Location location);
+
     /* util package */
 
     @Message(id = 3001, value = "Unexpected padding")

diff --git a/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java b/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java
@@ -1300,9 +1300,6 @@ static ExceptionSupplier<KeyStore.Entry, ConfigXMLParseException> parseKeyStoreR
         if (keyStoreName == null) {
             throw missingAttribute(reader, "key-store-name");
         }
-        if (alias == null) {
-            throw missingAttribute(reader, "alias");
-        }
         ExceptionSupplier<KeyStore.Entry, ConfigXMLParseException> keyStoreCredential = null;
         while (reader.hasNext()) {
             final int tag = reader.nextTag();
@@ -1348,7 +1345,18 @@ static ExceptionSupplier<KeyStore.Entry, ConfigXMLParseException> parseKeyStoreR
                         } else {
                             protectionParameter = null;
                         }
-                        return keyStoreSupplier.get().getEntry(finalAlias, protectionParameter == null ? null : protectionParameter);
+                        if (finalAlias != null) {
+                            return keyStoreSupplier.get().getEntry(finalAlias, protectionParameter == null ? null : protectionParameter);
+                        } else {
+                            //  allow to retrieve entry without providing alias only if keystore includes one and only entry.
+                            if (keyStoreSupplier.get().size() > 1) {
+                                throw xmlLog.missingAlias(location);
+                            } else if (keyStoreSupplier.get().aliases().hasMoreElements()) {
+                                return keyStoreSupplier.get().getEntry(keyStoreSupplier.get().aliases().nextElement(), protectionParameter == null ? null : protectionParameter);
+                            } else {
+                                return null;
+                            }
+                        }
                     } catch (GeneralSecurityException e) {
                         throw xmlLog.xmlFailedToLoadKeyStoreData(location, e);
                     }

diff --git a/src/main/resources/schema/elytron-1_0.xsd b/src/main/resources/schema/elytron-1_0.xsd
@@ -316,7 +316,7 @@
             <xsd:element name="credential-store" type="credential-store-reference-type" minOccurs="1" maxOccurs="1"/>
         </xsd:choice>
         <xsd:attribute name="key-store-name" type="xsd:string" use="required"/>
-        <xsd:attribute name="alias" type="xsd:string" use="required"/>
+        <xsd:attribute name="alias" type="xsd:string" use="optional"/>
     </xsd:complexType>
 
     <xsd:complexType name="credential-store-reference-type">