[JBoss JIRA] (WFLY-10014) Unable to configure comma delimited enabled-protocols in remote-connector
by Miroslav Novak (JIRA)
[ https://issues.jboss.org/browse/WFLY-10014?page=com.atlassian.jira.plugin... ]
Miroslav Novak updated WFLY-10014:
----------------------------------
Forum Reference: https://developer.jboss.org/message/981108
> Unable to configure comma delimited enabled-protocols in remote-connector
> -------------------------------------------------------------------------
>
> Key: WFLY-10014
> URL: https://issues.jboss.org/browse/WFLY-10014
> Project: WildFly
> Issue Type: Bug
> Components: JMS
> Affects Versions: 12.0.0.Final
> Reporter: Nagaraju Chitimilla
> Assignee: Jeff Mesnil
> Priority: Critical
>
> When I want to configure enabled SSL protocols, Netty requires to use comma delimited list to be passed into enabled-protocols param in remote-connector
> {noformat}
> <param name="enabled-protocols" value="TLSv1.1,TLSv1.2"/>
> {noformat}
> But when comma is used in value in configuration string passed into ActiveMQRaUtils.parseConfig, parsing fails:
> {code:java}
> Caused by: java.lang.IllegalArgumentException: Invalid expression TLSv1.2 at enabledProtocols=TLSv1.1,TLSv1.2;trustStorePassword=N0tall0wed;keyStorePassword=N0tall0wed;port=61616;localAddress=0.0.0.0;sslEnabled=true;host=localhost;trustStorePath=C:/ActiveMQ/conf/keystore.p12;keyStorePath=C:/ActiveMQ/conf/keystore.p12
> at org.apache.activemq.artemis.ra.ActiveMQRaUtils.parseConfig(ActiveMQRaUtils.java:205)
> at org.apache.activemq.artemis.ra.ActiveMQResourceAdapter.setConnectionParameters(ActiveMQResourceAdapter.java:342)
> ... 18 more
> {code}
> I set this as critical as it prevent setting more then one allowed SSLContext protocol.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 4 months
[JBoss JIRA] (ELY-1528) Unable to create SSL connection if expired certificate chain used
by Martin Choma (JIRA)
[ https://issues.jboss.org/browse/ELY-1528?page=com.atlassian.jira.plugin.s... ]
Martin Choma commented on ELY-1528:
-----------------------------------
Just note to topic - on IBM java seems also trust anchor is validated, because I get
{{javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: Certificate expired}}
> Unable to create SSL connection if expired certificate chain used
> -----------------------------------------------------------------
>
> Key: ELY-1528
> URL: https://issues.jboss.org/browse/ELY-1528
> Project: WildFly Elytron
> Issue Type: Bug
> Components: SSL
> Affects Versions: 1.2.1.Final
> Reporter: Martin Choma
> Assignee: Jan Kalina
>
> Reproducer:
> * Server secured by certificate chain, it means Certificate is signed with Intermediate CA which is signed by root CA.
> * Server certificate is expired
> * Client has Intermediate CA in Elytron truststore
> * SSL handshake fails using Elytron client ssl context:
> {code}
> 18:27:54,540 INFO [stdout] (default task-1) default task-1, SEND TLSv1 ALERT: fatal, description = certificate_unknown
> 18:27:54,540 INFO [stdout] (default task-1) default task-1, WRITE: TLSv1 Alert, length = 2
> 18:27:54,540 INFO [stdout] (default task-1) [Raw write]: length = 7
> 18:27:54,540 INFO [stdout] (default task-1) 0000: 15 03 01 00 02 02 2E .......
> 18:27:54,541 INFO [stdout] (default task-1) default task-1, called closeSocket()
> 18:27:54,541 INFO [stdout] (default task-1) default task-1, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExpiredException: NotAfter: Sat Dec 16 10:49:56 CET 2017
> {code}
> Full SSL handshake log is in attached ssl_handshake_CA.log
> * If I put expired certificate itself into truststore SSL handshake pass, although warning is logged.
> {code}
> 18:35:28,648 WARN [org.wildfly.extension.elytron] (MSC service thread 1-8) WFLYELY00024: Certificate [cn=rhds05.mw.lab.eng.bos.redhat.com, ou=engineering operations, o="red hat, inc.", st=north carolina, c=us] in KeyStore is not valid: java.security.cert.CertificateExpiredException: NotAfter: Sat Dec 16 12:39:06 CET 2017
> at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:274)
> at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:629)
> at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:602)
> at org.wildfly.extension.elytron.KeyStoreService.checkCertificatesValidity(KeyStoreService.java:177)
> at org.wildfly.extension.elytron.KeyStoreService.start(KeyStoreService.java:140)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1701)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1680)
> at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1527)
> at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1979)
> at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1481)
> at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1374)
> at java.lang.Thread.run(Thread.java:748)
> {code}
> Full SSL handshake log is in attached ssl_handshake_certificate.log
> So behaviour in these 2 cases is inconsistent. I think we have agreed before we let pass SSL handshake with expired certificate but warn about it in log [1].
> [1] https://issues.jboss.org/browse/JBEAP-6157
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 4 months
[JBoss JIRA] (WFCORE-3682) read-resource operation has no failure-description when fails to get a metric attribute value
by Lin Gao (JIRA)
[ https://issues.jboss.org/browse/WFCORE-3682?page=com.atlassian.jira.plugi... ]
Lin Gao updated WFCORE-3682:
----------------------------
Description:
{panel:title=PLEASE NOTE}
This issue is found when verifying the feature: WFLY-5603, which is not merged yet.
I think the issue belongs to WFCORE, because it should be a general issue although I cannot find other similar cases yet.
{panel}
----
When trying to run *:read-resource(include-runtime=true)* command on some managed model resources, and some runtime attributes like metrics are failed to get the value, the *failure-description* is missing from the CLI result.
----
The initial analysis is related with the *rollback-on-runtime-failure* in *operation-headers*.
ReadResourceAssemblyHandler [is added into the VERIFY stage for runtime query|https://github.com/wildfly/wildfly-core/blob/4.0.0.Final/controller...] to assemble each attribute result. But if one runtime attribute of a model resource fails to get the value, the OperationContext [won't continue|https://github.com/wildfly/wildfly-core/blob/4.0.0.Final/control...] because the [current implementation|https://github.com/wildfly/wildfly-core/blob/4.0.0.Final/c...] is checking whether the *ContextFlag.ROLLBACK_ON_FAIL* exists in operation headers.
But trying to put such operation header into the operation headers may lead to the whole CLI succeeds even there are failures for the runtime attributes.
was:
{panel:title=PLEASE NOTE}
This issue is found when verifying the feature: WFLY-5603, which is not merged yet.
I think the issue belongs to WFCORE, because it should be a general issue although I cannot find other similar cases yet.
{panel}
----
When trying to run *:read-resource(include-runtime=true)* command on some managed model resources, and some runtime attributes like metrics are failed to get the value, the *failure-description* is missing from the CLI result.
----
The initial analysis is related with the *rollback-on-runtime-failure* in *operation-headers*,
> read-resource operation has no failure-description when fails to get a metric attribute value
> ---------------------------------------------------------------------------------------------
>
> Key: WFCORE-3682
> URL: https://issues.jboss.org/browse/WFCORE-3682
> Project: WildFly Core
> Issue Type: Bug
> Components: Domain Management
> Environment: WildFly 12 with WFLY-5603 merged.
> Reporter: Lin Gao
> Assignee: Brian Stansberry
>
> {panel:title=PLEASE NOTE}
> This issue is found when verifying the feature: WFLY-5603, which is not merged yet.
> I think the issue belongs to WFCORE, because it should be a general issue although I cannot find other similar cases yet.
> {panel}
> ----
> When trying to run *:read-resource(include-runtime=true)* command on some managed model resources, and some runtime attributes like metrics are failed to get the value, the *failure-description* is missing from the CLI result.
> ----
> The initial analysis is related with the *rollback-on-runtime-failure* in *operation-headers*.
> ReadResourceAssemblyHandler [is added into the VERIFY stage for runtime query|https://github.com/wildfly/wildfly-core/blob/4.0.0.Final/controller...] to assemble each attribute result. But if one runtime attribute of a model resource fails to get the value, the OperationContext [won't continue|https://github.com/wildfly/wildfly-core/blob/4.0.0.Final/control...] because the [current implementation|https://github.com/wildfly/wildfly-core/blob/4.0.0.Final/c...] is checking whether the *ContextFlag.ROLLBACK_ON_FAIL* exists in operation headers.
> But trying to put such operation header into the operation headers may lead to the whole CLI succeeds even there are failures for the runtime attributes.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 4 months
[JBoss JIRA] (WFCORE-3682) read-resource operation has no failure-description when fails to get a metric attribute value
by Lin Gao (JIRA)
[ https://issues.jboss.org/browse/WFCORE-3682?page=com.atlassian.jira.plugi... ]
Lin Gao updated WFCORE-3682:
----------------------------
Description:
{panel:title=PLEASE NOTE}
This issue is found when verifying the feature: WFLY-5603, which is not merged yet.
I think the issue belongs to WFCORE, because it should be a general issue although I cannot find other similar cases yet.
{panel}
----
When trying to run *:read-resource(include-runtime=true)* command on some managed model resources, and some runtime attributes like metrics are failed to get the value, the *failure-description* is missing from the CLI result.
----
The initial analysis is related with the *rollback-on-runtime-failure* in *operation-headers*,
was:
{panel:title=PLEASE NOTE}
This issue is found when verifying the feature: WFLY-5603, which is not merged yet.
I think the issue belongs to WFCORE, because it should be a general issue although I cannot find other similar cases yet.
{panel}
----
When trying to run *:read-resource(include-runtime=true)* command on some managed model resources, and some runtime attributes like metrics are failed to get the value, the *failure-description* is missing from the CLI result.
> read-resource operation has no failure-description when fails to get a metric attribute value
> ---------------------------------------------------------------------------------------------
>
> Key: WFCORE-3682
> URL: https://issues.jboss.org/browse/WFCORE-3682
> Project: WildFly Core
> Issue Type: Bug
> Components: Domain Management
> Environment: WildFly 12 with WFLY-5603 merged.
> Reporter: Lin Gao
> Assignee: Brian Stansberry
>
> {panel:title=PLEASE NOTE}
> This issue is found when verifying the feature: WFLY-5603, which is not merged yet.
> I think the issue belongs to WFCORE, because it should be a general issue although I cannot find other similar cases yet.
> {panel}
> ----
> When trying to run *:read-resource(include-runtime=true)* command on some managed model resources, and some runtime attributes like metrics are failed to get the value, the *failure-description* is missing from the CLI result.
> ----
> The initial analysis is related with the *rollback-on-runtime-failure* in *operation-headers*,
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 4 months
[JBoss JIRA] (WFCORE-3682) read-resource operation has no failure-description when fails to get a metric attribute value
by Lin Gao (JIRA)
Lin Gao created WFCORE-3682:
-------------------------------
Summary: read-resource operation has no failure-description when fails to get a metric attribute value
Key: WFCORE-3682
URL: https://issues.jboss.org/browse/WFCORE-3682
Project: WildFly Core
Issue Type: Bug
Components: Domain Management
Environment: WildFly 12 with WFLY-5603 merged.
Reporter: Lin Gao
Assignee: Brian Stansberry
{panel:title=PLEASE NOTE}
This issue is found when verifying the feature: WFLY-5603, which is not merged yet.
I think the issue belongs to WFCORE, because it should be a general issue although I cannot find other similar cases yet.
{panel}
----
When trying to run *:read-resource(include-runtime=true)* command on some managed model resources, and some runtime attributes like metrics are failed to get the value, the *failure-description* is missing from the CLI result.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 4 months
[JBoss JIRA] (WFLY-10014) Unable to configure comma delimited enabled-protocols in remote-connector
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFLY-10014?page=com.atlassian.jira.plugin... ]
Brian Stansberry reassigned WFLY-10014:
---------------------------------------
Component/s: JMS
Assignee: Jeff Mesnil (was: Jason Greene)
> Unable to configure comma delimited enabled-protocols in remote-connector
> -------------------------------------------------------------------------
>
> Key: WFLY-10014
> URL: https://issues.jboss.org/browse/WFLY-10014
> Project: WildFly
> Issue Type: Bug
> Components: JMS
> Affects Versions: 12.0.0.Final
> Reporter: Nagaraju Chitimilla
> Assignee: Jeff Mesnil
> Priority: Critical
>
> When I want to configure enabled SSL protocols, Netty requires to use comma delimited list to be passed into enabled-protocols param in remote-connector
> {noformat}
> <param name="enabled-protocols" value="TLSv1.1,TLSv1.2"/>
> {noformat}
> But when comma is used in value in configuration string passed into ActiveMQRaUtils.parseConfig, parsing fails:
> {code:java}
> Caused by: java.lang.IllegalArgumentException: Invalid expression TLSv1.2 at enabledProtocols=TLSv1.1,TLSv1.2;trustStorePassword=N0tall0wed;keyStorePassword=N0tall0wed;port=61616;localAddress=0.0.0.0;sslEnabled=true;host=localhost;trustStorePath=C:/ActiveMQ/conf/keystore.p12;keyStorePath=C:/ActiveMQ/conf/keystore.p12
> at org.apache.activemq.artemis.ra.ActiveMQRaUtils.parseConfig(ActiveMQRaUtils.java:205)
> at org.apache.activemq.artemis.ra.ActiveMQResourceAdapter.setConnectionParameters(ActiveMQResourceAdapter.java:342)
> ... 18 more
> {code}
> I set this as critical as it prevent setting more then one allowed SSLContext protocol.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 4 months
[JBoss JIRA] (DROOLS-2382) [DMN Designer] [Chrome specific] Explorer is empty
by Roger Martínez (JIRA)
[ https://issues.jboss.org/browse/DROOLS-2382?page=com.atlassian.jira.plugi... ]
Roger Martínez commented on DROOLS-2382:
----------------------------------------
Hey [~jomarko] [~manstis]
Only happens in DMN!? :O No idea right now about the root cause... :(
Anyway not sure if you're going to change this component or not, by looking at your comments... so please let me know if we should work on this issue or it can be closed
Thanks!
> [DMN Designer] [Chrome specific] Explorer is empty
> --------------------------------------------------
>
> Key: DROOLS-2382
> URL: https://issues.jboss.org/browse/DROOLS-2382
> Project: Drools
> Issue Type: Bug
> Components: Stunner
> Affects Versions: 7.7.0.Final
> Environment: chrome
> Reporter: Jozef Marko
> Assignee: Roger Martínez
> Attachments: DROOLS-2382.png
>
>
> If user creates DRD diagram in chrome, the diagram explorer is empty. When the same diagram is opened in firefox, the explorer correctly loads elements.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 4 months
[JBoss JIRA] (WFCORE-3677) get-provider-points return /profile addresses for host level resources
by Claudio Miranda (JIRA)
[ https://issues.jboss.org/browse/WFCORE-3677?page=com.atlassian.jira.plugi... ]
Claudio Miranda commented on WFCORE-3677:
-----------------------------------------
I want to use the alternative "get-provider-points" operation to use the returned addresses to lookup the resources names, as in suggest-capabilities operation. But as Brian noted, it doesn't filter the host itself. I can filter out the invalid addresses, in this case the /profile=*. I will modify this issue type to Enhancement, as it is not a bug. Thanks for the clarification.
> get-provider-points return /profile addresses for host level resources
> ----------------------------------------------------------------------
>
> Key: WFCORE-3677
> URL: https://issues.jboss.org/browse/WFCORE-3677
> Project: WildFly Core
> Issue Type: Enhancement
> Components: Domain Management
> Reporter: Claudio Miranda
> Assignee: Darran Lofthouse
> Priority: Minor
>
> key-manager resource at /host=master/subsystem=elytron/key-manager=*
> contains the "key-store" attribute, which has a "capability-reference" => "org.wildfly.security.key-store"
> get-provider-points returns /profile addresses that should not be a valid reference for a host level resource
> {code}
> /host=master/core-service=capability-registry:get-provider-points(name="org.wildfly.security.key-store")
> {
> "outcome" => "success",
> "result" => [
> "/host=master/subsystem=elytron/key-store=*",
> "/host=master/subsystem=elytron/ldap-key-store=*",
> "/host=master/subsystem=elytron/filtering-key-store=*",
> "/profile=*/subsystem=elytron/key-store=*",
> "/profile=*/subsystem=elytron/ldap-key-store=*",
> "/profile=*/subsystem=elytron/filtering-key-store=*",
> "/profile=*/subsystem=security/elytron-key-store=*",
> "/profile=*/subsystem=security/elytron-trust-store=*"
> ]
> }
> {code}
> A test case
> {code}
> /profile=full/subsystem=elytron/key-store=ks_full:add(credential-reference={clear-text=senha},type=JKS)
> /host=master/subsystem=elytron/key-manager=my_km:add(key-store=ks_full,credential-reference={clear-text=senha})
> {
> "outcome" => "failed",
> "result" => {},
> "failure-description" => {"host-failure-descriptions" => {"master" => "WFLYCTL0369: Required capabilities are not available:
> org.wildfly.security.key-store.ks_full in context 'host'; Possible registration points for this capability:
> /host=master/subsystem=elytron/key-store=*
> /host=master/subsystem=elytron/ldap-key-store=*
> /host=master/subsystem=elytron/filtering-key-store=*
> /profile=*/subsystem=elytron/key-store=*
> /profile=*/subsystem=elytron/ldap-key-store=*
> /profile=*/subsystem=elytron/filtering-key-store=*
> /profile=*/subsystem=security/elytron-key-store=*
> /profile=*/subsystem=security/elytron-trust-store=*"}},
> "rolled-back" => true
> }
> {code}
> The returned addresses in the error message should contains only valid addresses.
> side note: CLI code completion works correctly in not showing resources from /profile addresses.
> /host=master/subsystem=elytron/key-manager=my_km:add(key-store=<tab>
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 4 months