March 2018 - jboss-jira - Jboss List Archives

[JBoss JIRA] (SWSQE-75) Automation[Java] - add support for ServiceDetail page

by Jeeva Kandasamy (JIRA)

[ https://issues.jboss.org/browse/SWSQE-75?page=com.atlassian.jira.plugin.s... ] Jeeva Kandasamy updated SWSQE-75: --------------------------------- Sprint: SWS QE Sprint 2, Kiali QE Sprint 3 (was: SWS QE Sprint 2) > Automation[Java] - add support for ServiceDetail page > ----------------------------------------------------- > > Key: SWSQE-75 > URL: https://issues.jboss.org/browse/SWSQE-75 > Project: Swift Sunshine QE > … [View More]

7 years

1
0
0 / 0

[JBoss JIRA] (SWSQE-77) Automation[Java] - "Istio Mixer Detail" Page

by Jeeva Kandasamy (JIRA)

[ https://issues.jboss.org/browse/SWSQE-77?page=com.atlassian.jira.plugin.s... ] Jeeva Kandasamy updated SWSQE-77: --------------------------------- Sprint: SWS QE Sprint 2, Kiali QE Sprint 3 (was: SWS QE Sprint 2) > Automation[Java] - "Istio Mixer Detail" Page > -------------------------------------------- > > Key: SWSQE-77 > URL: https://issues.jboss.org/browse/SWSQE-77 > Project: Swift Sunshine QE > Issue Type:… [View More]

7 years

1
0
0 / 0

[JBoss JIRA] (SWSQE-78) Automation[Java] - Customize HTML result report

by Jeeva Kandasamy (JIRA)

[ https://issues.jboss.org/browse/SWSQE-78?page=com.atlassian.jira.plugin.s... ] Jeeva Kandasamy updated SWSQE-78: --------------------------------- Sprint: SWS QE Sprint 2, Kiali QE Sprint 3 (was: SWS QE Sprint 2) > Automation[Java] - Customize HTML result report > ------------------------------------------------ > > Key: SWSQE-78 > URL: https://issues.jboss.org/browse/SWSQE-78 > Project: Swift Sunshine QE > … [View More]

7 years

1
0
0 / 0

[JBoss JIRA] (SWSQE-89) Jenkins job for Traffic generation

by Guilherme Baufaker Rêgo (JIRA)

[ https://issues.jboss.org/browse/SWSQE-89?page=com.atlassian.jira.plugin.s... ] Guilherme Baufaker Rêgo reassigned SWSQE-89: -------------------------------------------- Assignee: Guilherme Baufaker Rêgo (was: Matt Mahoney) > Jenkins job for Traffic generation > ---------------------------------- > > Key: SWSQE-89 > URL: https://issues.jboss.org/browse/SWSQE-89 > Project: Swift Sunshine QE > Issue Type: Task &… [View More]

7 years

1
0
0 / 0

[JBoss JIRA] (SWSQE-100) Install Kiali as Addon on Istio Ansible Pipeline

by Guilherme Baufaker Rêgo (JIRA)

[ https://issues.jboss.org/browse/SWSQE-100?page=com.atlassian.jira.plugin.... ] Guilherme Baufaker Rêgo updated SWSQE-100: ------------------------------------------ Team: Saturn (was: Saturn) Sprint: Kiali QE Sprint 3 > Install Kiali as Addon on Istio Ansible Pipeline > ------------------------------------------------ > > Key: SWSQE-100 > URL: https://issues.jboss.org/browse/SWSQE-100 > Project: Swift Sunshine QE … [View More]

7 years

1
0
0 / 0

[JBoss JIRA] (WFLY-10140) Not able to upgrade to TLS 1.2 from 1.1

by David Lloyd (JIRA)

[ https://issues.jboss.org/browse/WFLY-10140?page=com.atlassian.jira.plugin... ] David Lloyd closed WFLY-10140. ------------------------------ Assignee: (was: Jason Greene) Resolution: Rejected The place to ask for help is the user forums, not the bug tracker. Thanks! > Not able to upgrade to TLS 1.2 from 1.1 > --------------------------------------- > > Key: WFLY-10140 > URL: https://issues.jboss.org/browse/WFLY-10140 > … [View More]

7 years

1
0
0 / 0

[JBoss JIRA] (WFCORE-3717) Upgrade Xnio from 3.6.2.Final to 3.6.3.Final

by Panagiotis Sotiropoulos (JIRA)

Panagiotis Sotiropoulos created WFCORE-3717: ----------------------------------------------- Summary: Upgrade Xnio from 3.6.2.Final to 3.6.3.Final Key: WFCORE-3717 URL: https://issues.jboss.org/browse/WFCORE-3717 Project: WildFly Core Issue Type: Component Upgrade Affects Versions: 5.0.0.Alpha1 Reporter: Panagiotis Sotiropoulos An upgrade of Xnio is needed in order XNIO-320 to be included. -- This … [View More]

7 years

1
0
0 / 0

[JBoss JIRA] (WFLY-10138) TLS using PKCS11 and JDK9+ does not work by default

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/WFLY-10138?page=com.atlassian.jira.plugin... ] Martin Choma commented on WFLY-10138: ------------------------------------- Interesting. I see the issue also on jdk8, but just on solaris sparc. Rhel and windows are OK {code} ERROR [org.xnio.listener] (XNIO-1 I/O-1) XNIO001007: A channel event listener threw an exception: java.lang.RuntimeException: java.security.InvalidAlgorithmParameterException: Key format must be RAW at sun.security.ssl.Handshaker.… [View More]checkThrown(Handshaker.java:1527) at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535) at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1214) at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1186) at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469) at org.wildfly.security.ssl.AbstractDelegatingSSLEngine.wrap(AbstractDelegatingSSLEngine.java:48) at org.xnio.ssl.JsseSslConduitEngine.engineWrap(JsseSslConduitEngine.java:353) at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:310) at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:204) at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:98) at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:72) at org.xnio.conduits.ConduitStreamSinkChannel.write(ConduitStreamSinkChannel.java:150) at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:385) at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:372) at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) at org.xnio.conduits.WriteReadyHandler$ChannelListenerHandler.writeReady(WriteReadyHandler.java:65) at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:94) at org.xnio.nio.WorkerThread.run(WorkerThread.java:591) Caused by: java.security.ProviderException: java.security.InvalidAlgorithmParameterException: Key format must be RAW at sun.security.ssl.Handshaker.calculateMasterSecret(Handshaker.java:1273) at sun.security.ssl.Handshaker.calculateKeys(Handshaker.java:1183) at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1122) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:348) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) at sun.security.ssl.Handshaker$1.run(Handshaker.java:992) at sun.security.ssl.Handshaker$1.run(Handshaker.java:989) at java.security.AccessController.doPrivileged(Native Method) at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1467) at org.xnio.ssl.JsseSslConduitEngine.handleHandshake(JsseSslConduitEngine.java:543) at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:314) ... 10 more Caused by: java.security.InvalidAlgorithmParameterException: Key format must be RAW at com.sun.crypto.provider.TlsMasterSecretGenerator.engineInit(TlsMasterSecretGenerator.java:67) at javax.crypto.KeyGenerator.init(KeyGenerator.java:454) at javax.crypto.KeyGenerator.init(KeyGenerator.java:430) at sun.security.ssl.Handshaker.calculateMasterSecret(Handshaker.java:1261) ... 20 more {code} > TLS using PKCS11 and JDK9+ does not work by default > --------------------------------------------------- > > Key: WFLY-10138 > URL: https://issues.jboss.org/browse/WFLY-10138 > Project: WildFly > Issue Type: Bug > Components: Documentation, Security > Affects Versions: 12.0.0.Final > Environment: java version "9.0.4" > Java(TM) SE Runtime Environment (build 9.0.4+11) > Java HotSpot(TM) 64-Bit Server VM (build 9.0.4+11, mixed mode) > Reporter: Martin Choma > Priority: Critical > Attachments: TLS_with_ExtendedMasterSecret, TLS_wo_ExtendedMAsterSecret > > > Since JDK 9.0.4 default behaviour changed and extended master secret extension is turned on by default [1]. > This fails on java using sun.security.pkcs11.SunPKCS11 provider. (FIPS compliant java) > {code} > 17:32:48,377 INFO [stdout] (default task-1) SESSION KEYGEN: > 17:32:48,378 INFO [stdout] (default task-1) PreMaster Secret: > 17:32:48,378 INFO [stdout] (default task-1) (key bytes not available) > 17:32:48,378 INFO [stdout] (default task-1) RSA master secret generation error: > 17:32:48,378 INFO [stdout] (default task-1) java.security.InvalidAlgorithmParameterException: Key format must be RAW > 17:32:48,378 INFO [stdout] (default task-1) at java.base/com.sun.crypto.provider.TlsMasterSecretGenerator.engineInit(TlsMasterSecretGenerator.java:69) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/javax.crypto.KeyGenerator.init(KeyGenerator.java:477) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/javax.crypto.KeyGenerator.init(KeyGenerator.java:453) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker.calculateMasterSecret(Handshaker.java:1334) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker.calculateKeys(Handshaker.java:1235) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:318) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker.processLoop(Handshaker.java:1092) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker$1.run(Handshaker.java:1031) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker$1.run(Handshaker.java:1028) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/java.security.AccessController.doPrivileged(Native Method) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1534) > 17:32:48,379 INFO [stdout] (default task-1) at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1047) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/java.lang.Thread.run(Thread.java:844) > 17:32:48,379 INFO [stdout] (default I/O-7) default I/O-7, fatal error: 80: problem unwrapping net record > 17:32:48,379 INFO [stdout] (default I/O-7) java.lang.RuntimeException: java.security.InvalidAlgorithmParameterException: Key format must be RAW > {code} > This default extension behaviour can be switched off by system property {{-Djdk.tls.useExtendedMasterSecret=false}} on client or on server side. > [1] https://bugs.java.com/view_bug.do?bug_id=JDK-8148421 -- This message was sent by Atlassian JIRA (v7.5.0#75005) [View Less]

7 years

1
0
0 / 0

[JBoss JIRA] (WFLY-10142) Some Naming tests fail with security manager with JDK 9

by Ondrej Lukas (JIRA)

Ondrej Lukas created WFLY-10142: ----------------------------------- Summary: Some Naming tests fail with security manager with JDK 9 Key: WFLY-10142 URL: https://issues.jboss.org/browse/WFLY-10142 Project: WildFly Issue Type: Bug Components: Test Suite Affects Versions: 12.0.0.Final Reporter: Ondrej Lukas Tests * {{LdapUrlInSearchBaseTestCase}} * {{ExternalContextBindingTestCase}} fail with … [View More]security manager because of missing permission {{"java.lang.RuntimePermission" "accessClassInPackage.com.sun.jndi.ldap"}}, with exception like: {code} ERROR [io.undertow.request] (default task-2) UT005023: Exception handling request to /ldap-test/: javax.servlet.ServletException: javax.naming.NamingException: WFLYNAM0027: Failed instantiate InitialContextFactory com.sun.jndi.ldap.LdapCtxFactory from classloader ModuleClassLoader for Module "deployment.ldap-test.war" from Service Module Loader [Root exception is java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "accessClassInPackage.com.sun.jndi.ldap")" in code source "(vfs:/W:/workspace/eap-7x-as-testsuite-test-integ-windows-secman/be5b5ebd/testsuite/integration/basic/content/ldap-test.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.ldap-test.war" from Service Module Loader")] at deployment.ldap-test.war//org.jboss.as.test.integration.naming.ldap.LdapUrlTestServlet.doGet(LdapUrlTestServlet.java:75) at javax.servlet.api//javax.servlet.http.HttpServlet.service(HttpServlet.java:687) at javax.servlet.api//javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at io.undertow.servlet//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74) at io.undertow.servlet//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) at io.undertow.servlet//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:67) at io.undertow.servlet//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) at org.wildfly.extension.undertow//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) at io.undertow.servlet//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) at io.undertow.servlet//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) at io.undertow.servlet//io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at org.wildfly.extension.undertow//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at org.wildfly.extension.undertow//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68) at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) at io.undertow.servlet//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) at io.undertow.servlet//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) at io.undertow.servlet//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) at io.undertow.servlet//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) at io.undertow.servlet//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) at org.wildfly.extension.undertow//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105) at org.wildfly.extension.undertow//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1526) at org.wildfly.extension.undertow//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1526) at org.wildfly.extension.undertow//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1526) at org.wildfly.extension.undertow//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1526) at io.undertow.servlet//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) at io.undertow.servlet//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) at io.undertow.servlet//io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:110) at java.base/java.security.AccessController.doPrivileged(Native Method) at io.undertow.servlet//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:107) at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.server.Connectors.executeRootHandler(Connectors.java:360) at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) at java.base/java.lang.Thread.run(Thread.java:844) Caused by: javax.naming.NamingException: WFLYNAM0027: Failed instantiate InitialContextFactory com.sun.jndi.ldap.LdapCtxFactory from classloader ModuleClassLoader for Module "deployment.ldap-test.war" from Service Module Loader [Root exception is java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "accessClassInPackage.com.sun.jndi.ldap")" in code source "(vfs:/W:/workspace/eap-7x-as-testsuite-test-integ-windows-secman/be5b5ebd/testsuite/integration/basic/content/ldap-test.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.ldap-test.war" from Service Module Loader")] at org.jboss.as.naming//org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:120) at org.jboss.as.naming//org.jboss.as.naming.InitialContext.init(InitialContext.java:101) at java.naming/javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) at org.jboss.as.naming//org.jboss.as.naming.InitialContext.<init>(InitialContext.java:91) at org.jboss.as.naming//org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43) at java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:730) at java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305) at java.naming/javax.naming.InitialContext.init(InitialContext.java:236) at java.naming/javax.naming.InitialContext.<init>(InitialContext.java:208) at java.naming/javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101) at deployment.ldap-test.war//org.jboss.as.test.integration.naming.ldap.LdapUrlTestServlet.runSearch(LdapUrlTestServlet.java:109) at deployment.ldap-test.war//org.jboss.as.test.integration.naming.ldap.LdapUrlTestServlet.doGet(LdapUrlTestServlet.java:73) ... 45 more Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "accessClassInPackage.com.sun.jndi.ldap")" in code source "(vfs:/W:/workspace/eap-7x-as-testsuite-test-integ-windows-secman/be5b5ebd/testsuite/integration/basic/content/ldap-test.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.ldap-test.war" from Service Module Loader") at org.wildfly.security.elytron-private@1.2.4.Final-redhat-1//org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:295) at org.wildfly.security.elytron-private@1.2.4.Final-redhat-1//org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:192) at java.base/java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1534) at org.wildfly.security.elytron-private@1.2.4.Final-redhat-1//org.wildfly.security.manager.WildFlySecurityManager.checkPackageAccess(WildFlySecurityManager.java:491) at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:181) at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:496) at java.base/java.lang.Class.forName0(Native Method) at java.base/java.lang.Class.forName(Class.java:375) at org.jboss.modules.JDKSpecific$1.loadClassLocal(JDKSpecific.java:115) at org.jboss.modules.Module.loadModuleClass(Module.java:717) at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:191) at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:412) at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:400) at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116) at java.base/java.lang.Class.forName0(Native Method) at java.base/java.lang.Class.forName(Class.java:375) at org.jboss.as.naming//org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:115) ... 56 more {code} -- This message was sent by Atlassian JIRA (v7.5.0#75005) [View Less]

7 years

1
0
0 / 0

[JBoss JIRA] (WFLY-10141) TLS using PKCS11 and JDK9+ does not work by default

by Martin Choma (JIRA)

Martin Choma created WFLY-10141: ----------------------------------- Summary: TLS using PKCS11 and JDK9+ does not work by default Key: WFLY-10141 URL: https://issues.jboss.org/browse/WFLY-10141 Project: WildFly Issue Type: Bug Components: Documentation, Security Affects Versions: 12.0.0.Final Environment: java version "9.0.4" Java(TM) SE Runtime Environment (build 9.0.4+11) Java HotSpot(TM) 64-Bit … [View More]Server VM (build 9.0.4+11, mixed mode) Reporter: Martin Choma Priority: Critical Since JDK 9.0.4 default behaviour changed and extended master secret extension is turned on by default [1]. This fails on java using sun.security.pkcs11.SunPKCS11 provider. (FIPS compliant java) {code} 17:32:48,377 INFO [stdout] (default task-1) SESSION KEYGEN: 17:32:48,378 INFO [stdout] (default task-1) PreMaster Secret: 17:32:48,378 INFO [stdout] (default task-1) (key bytes not available) 17:32:48,378 INFO [stdout] (default task-1) RSA master secret generation error: 17:32:48,378 INFO [stdout] (default task-1) java.security.InvalidAlgorithmParameterException: Key format must be RAW 17:32:48,378 INFO [stdout] (default task-1) at java.base/com.sun.crypto.provider.TlsMasterSecretGenerator.engineInit(TlsMasterSecretGenerator.java:69) 17:32:48,378 INFO [stdout] (default task-1) at java.base/javax.crypto.KeyGenerator.init(KeyGenerator.java:477) 17:32:48,378 INFO [stdout] (default task-1) at java.base/javax.crypto.KeyGenerator.init(KeyGenerator.java:453) 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker.calculateMasterSecret(Handshaker.java:1334) 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker.calculateKeys(Handshaker.java:1235) 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:318) 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker.processLoop(Handshaker.java:1092) 17:32:48,379 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker$1.run(Handshaker.java:1031) 17:32:48,379 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker$1.run(Handshaker.java:1028) 17:32:48,379 INFO [stdout] (default task-1) at java.base/java.security.AccessController.doPrivileged(Native Method) 17:32:48,379 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1534) 17:32:48,379 INFO [stdout] (default task-1) at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1047) 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) 17:32:48,379 INFO [stdout] (default task-1) at java.base/java.lang.Thread.run(Thread.java:844) 17:32:48,379 INFO [stdout] (default I/O-7) default I/O-7, fatal error: 80: problem unwrapping net record 17:32:48,379 INFO [stdout] (default I/O-7) java.lang.RuntimeException: java.security.InvalidAlgorithmParameterException: Key format must be RAW {code} This default extension behaviour can be switched off by system property {{-Djdk.tls.useExtendedMasterSecret=false}} on client or on server side. [1] https://bugs.java.com/view_bug.do?bug_id=JDK-8148421 -- This message was sent by Atlassian JIRA (v7.5.0#75005) [View Less]

7 years

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira March 2018