[JBoss JIRA] (JGRP-2282) Frequent "received message without encrypt header from Y; dropping it" with both ASYM_ENCRYPT and SYM_ENCRYPT
by Bela Ban (JIRA)
[ https://issues.jboss.org/browse/JGRP-2282?page=com.atlassian.jira.plugin.... ]
Bela Ban updated JGRP-2282:
---------------------------
Priority: Minor (was: Critical)
> Frequent "received message without encrypt header from Y; dropping it" with both ASYM_ENCRYPT and SYM_ENCRYPT
> --------------------------------------------------------------------------------------------------------------
>
> Key: JGRP-2282
> URL: https://issues.jboss.org/browse/JGRP-2282
> Project: JGroups
> Issue Type: Bug
> Affects Versions: 4.0.13
> Reporter: Radoslav Husar
> Assignee: Radoslav Husar
> Priority: Minor
> Fix For: 4.0.15
>
>
> There seems to be a regression (in 4.0?) in SYM_ENCRYPT and ASYM_ENCRYPT dropping messages around topology changes (and possibly bypassing retransmission?). QE tests using these protocols observe a lot of the following:
> {code}
> [JBossINF] [0m[31m04:45:10,048 ERROR [org.jgroups.protocols.ASYM_ENCRYPT] (thread-9,ejb,perf18) perf18: received message without encrypt header from perf21; dropping it
> {code}
> which is followed by numerous infinispan exceptions/timeouts, see WFLY-10464.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
7 years, 9 months
[JBoss JIRA] (JGRP-2296) DNS_PING is dropping port values with SRV based service discovery
by Bela Ban (JIRA)
[ https://issues.jboss.org/browse/JGRP-2296?page=com.atlassian.jira.plugin.... ]
Bela Ban commented on JGRP-2296:
--------------------------------
[~ethompson] can you do a quick git pull and see if JGRP-2292/JGRP-2295 fixed your issue, too?
> DNS_PING is dropping port values with SRV based service discovery
> -----------------------------------------------------------------
>
> Key: JGRP-2296
> URL: https://issues.jboss.org/browse/JGRP-2296
> Project: JGroups
> Issue Type: Bug
> Affects Versions: 4.0.11
> Environment: JGroups version 4.0.11.Final
> Used in Keycloak 4.4.0
> Deployed as Jboss based Docker container from jboss/keycloak into AWS ECS
> Reporter: Eric Thompson
> Assignee: Bela Ban
> Priority: Blocker
> Fix For: 4.0.15
>
>
> Using DNS_PING in Jgroups 4.0.11 and SRV records the port from the SRV record is being dropped (set to zero) and the default is used instead (7600).
> I am using this Jgroups config:
> {code}
> <subsystem xmlns="urn:jboss:domain:jgroups:6.0">
> <channels default="ee">
> <channel name="ee" stack="tcp" cluster="ejb"/>
> </channels>
> <stacks>
> <stack name="tcp">
> <transport type="TCP" socket-binding="jgroups-tcp">
> <property name="external_addr">${env.EXTERNAL_ADDR}</property>
> </transport>
> <protocol type="dns.DNS_PING">
> <property name="dns_query">
> jgroups.${env.DNS_NAME}.svc.cluster.local
> </property>
> <property name="dns_record_type">
> SRV
> </property>
> </protocol>
> <protocol type="MERGE3"/>
> <protocol type="FD_SOCK"/>
> <protocol type="FD_ALL"/>
> <protocol type="VERIFY_SUSPECT"/>
> <protocol type="pbcast.NAKACK2"/>
> <protocol type="UNICAST3"/>
> <protocol type="pbcast.STABLE"/>
> <protocol type="pbcast.GMS"/>
> <protocol type="MFC"/>
> <protocol type="FRAG3"/>
> </stack>
> </stacks>
> </subsystem>
> {code}
> I have these service discovery DNS entries
> {code}
> $ dig jgroups.dev.auth.example.com.svc.cluster.local SRV
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.58.amzn1 <<>> jgroups.dev.auth.example.com.svc.cluster.local SRV
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16690
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
> ;; QUESTION SECTION:
> ;jgroups.dev.auth.example.com.svc.cluster.local. IN SRV
> ;; ANSWER SECTION:
> jgroups.dev.auth.example.com.svc.cluster.local. 10 IN SRV 1 1 32921 9ec82e3f-3a0e-4e30-b785-17879c63cd7d.jgroups.dev.auth.example.com.svc.cluster.local.
> jgroups.dev.auth.example.com.svc.cluster.local. 10 IN SRV 1 1 32923 60b5a820-9678-4bd2-84c6-00061a52bde0.jgroups.dev.auth.example.com.svc.cluster.local.
> jgroups.dev.auth.example.com.svc.cluster.local. 10 IN SRV 1 1 32915 9d9d78d0-8919-4b91-9df8-2e4e65afedae.jgroups.dev.auth.example.com.svc.cluster.local.
> jgroups.dev.auth.example.com.svc.cluster.local. 10 IN SRV 1 1 32917 161f3d66-f1e3-46f4-a44f-ebda925a25c6.jgroups.dev.auth.example.com.svc.cluster.local.
> ;; Query time: 2 msec
> ;; SERVER: 10.42.3.2#53(10.42.3.2)
> ;; WHEN: Fri Sep 21 01:45:44 2018
> ;; MSG SIZE rcvd: 481
> {code}
> But I get this in the logs when running Keycloak in standalone cluster:
> {code}
> 17:45:10,121 DEBUG [org.jgroups.protocols.dns.DNS_PING] (thread-3,null,null) Performing initial discovery
> 17:45:10,154 DEBUG [org.jgroups.protocols.dns.DNS_PING] (thread-3,null,null) Entries collected from DNS: [10.42.3.56:0, 10.42.3.56:0, 10.42.3.44:0, 10.42.3.44:0]
> 17:45:10,155 DEBUG [org.jgroups.protocols.dns.DNS_PING] (thread-3,null,null) Discovered IP Address with port 0 (10.42.3.56:0). Replacing with default Transport port: 7600
> 17:45:10,159 DEBUG [org.jgroups.protocols.dns.DNS_PING] (thread-3,null,null) Discovered IP Address with port 0 (10.42.3.56:0). Replacing with default Transport port: 7600
> 17:45:10,159 DEBUG [org.jgroups.protocols.dns.DNS_PING] (thread-3,null,null) Discovered IP Address with port 0 (10.42.3.44:0). Replacing with default Transport port: 7600
> 17:45:10,159 DEBUG [org.jgroups.protocols.dns.DNS_PING] (thread-3,null,null) Discovered IP Address with port 0 (10.42.3.44:0). Replacing with default Transport port: 7600
> 17:45:10,159 DEBUG [org.jgroups.protocols.dns.DNS_PING] (thread-3,null,null) Performing discovery of the following hosts [10.42.3.56:7600, 10.42.3.44:7600, e200a617bf7a]
> 17:45:10,159 DEBUG [org.jgroups.protocols.dns.DNS_PING] (thread-3,null,null) e200a617bf7a: sending discovery request to 10.42.3.56:7600
> 17:45:10,160 DEBUG [org.jgroups.protocols.dns.DNS_PING] (thread-3,null,null) e200a617bf7a: sending discovery request to 10.42.3.44:7600
> 17:45:10,160 DEBUG [org.jgroups.protocols.dns.DNS_PING] (thread-10,ejb,e200a617bf7a) Received discovery from: e200a617bf7a, IP: 10.42.3.44:7600
> 17:45:10,161 DEBUG [org.jgroups.protocols.dns.DNS_PING] (thread-3,null,null) e200a617bf7a: sending discovery request to e200a617bf7a
> 17:45:10,162 DEBUG [org.jgroups.protocols.dns.DNS_PING] (thread-11,ejb,e200a617bf7a) Received discovery from: e200a617bf7a, IP: 10.42.3.44:7600
> {code}
> As you can see it is resolving the DNS addresses, but discarding the ports.
> To be clear, in this example 32923 ids the port (eg:
> 1 1 32923 60b5a820-9678-4bd2-84c6-00061a52bde0.jgroups.dev.auth.example.com.svc.cluster.local).
> These are dynamic ports mapped to port 7600 in order to put more Keycloak containers on each instance.
> {code}
> $ docker ps
> CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
> f67e39f8f403 datadog/agent:latest-jmx "/init" 8 hours ago Up 8 hours (healthy) 8125/udp, 8126/tcp ecs-auth-service-dev-26-datadog-agent-a2b7f783ddd0ba9cf601
> bbb12f0c43a5 233747045000.dkr.ecr.us-east-2.amazonaws.com/ops/keycloak:latest "/opt/jboss/tools/do…" 8 hours ago Up 8 hours 0.0.0.0:32923->7600/tcp, 0.0.0.0:32922->8080/tcp ecs-auth-service-dev-26-keycloak-f4bd8f8dca9fd4cd4f00
> 932cad7c4fb9 datadog/agent:latest-jmx "/init" 8 hours ago Up 8 hours (healthy) 8125/udp, 8126/tcp ecs-auth-service-dev-26-datadog-agent-baa38a98ccaddea6f501
> e200a617bf7a 233747045000.dkr.ecr.us-east-2.amazonaws.com/ops/keycloak:latest "/opt/jboss/tools/do…" 8 hours ago Up 8 hours 0.0.0.0:32921->7600/tcp, 0.0.0.0:32920->8080/tcp ecs-auth-service-dev-26-keycloak-e6f398e6cc8db5b5f101
> 73bc0b863c73 amazon/amazon-ecs-agent:latest "/agent" 2 days ago Up 2 days ecs-agent
> {code}
> This seems like it might be where ports are getting lost:
> https://github.com/belaban/JGroups/blob/07060c3ba6e52ad4aad3ac799c2bc95ff...
> I don't see the port number being extracted from the SRV entry and appended to the IP returned from resolveAEntries.
> Let me know if I am missing any details. This is a major blocker for development.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
7 years, 9 months
[JBoss JIRA] (JGRP-2298) InputStream is processed after the different version error
by Bela Ban (JIRA)
[ https://issues.jboss.org/browse/JGRP-2298?page=com.atlassian.jira.plugin.... ]
Bela Ban updated JGRP-2298:
---------------------------
Fix Version/s: 4.0.15
> InputStream is processed after the different version error
> ----------------------------------------------------------
>
> Key: JGRP-2298
> URL: https://issues.jboss.org/browse/JGRP-2298
> Project: JGroups
> Issue Type: Bug
> Affects Versions: 4.0.11, 4.0.13
> Environment: OS: Debian 8
> Reporter: Boris Kantor
> Assignee: Bela Ban
> Fix For: 4.0.15
>
>
> Occasionally JGroups shows up a warning when receiving a message with a different JGroups version:
> {{JGRP000010: packet from 10.10.10.130:7800 has different version (0.0.0) than ours (4.0.11); packet is discarded | (Log4J2LogImpl.java:91)}}
> Although the message is then discarded, the socket connection will be kept open. The input stream still contains data that will be processed and falsly interpreted as the next message.
> If you have bad luck, the next bytes will match the correct version number. This leads then to following errors:
> {code:java}
> 2018-07-17 10:15:34.052 [Connect | ] WARN TCP - JGRP000010: packet from 10.10.10.130:7800 has different version (0.0.0) than ours (4.0.11); packet is discarded | (Log4J2LogImpl.java:91)
> 2018-07-17 10:15:34.059 [Connect | ] ERROR TCP - JGRP000030: jgm113: failed handling incoming message | (Log4J2LogImpl.java:116)
> java.lang.ClassNotFoundException: Class for magic number 8237 cannot be found
> at org.jgroups.conf.ClassConfigurator.create(ClassConfigurator.java:118)
> at org.jgroups.Message.readHeader(Message.java:869)
> at org.jgroups.Message.readFrom(Message.java:742)
> at org.jgroups.protocols.TP.handleSingleMessage(TP.java:1346)
> at org.jgroups.protocols.TP.receive(TP.java:1323)
> at org.jgroups.blocks.cs.BaseServer.receive(BaseServer.java:171)
> at org.jgroups.blocks.cs.TcpConnection$Receiver.run(TcpConnection.java:290)
> at eu.application.nac.cluster.jgroups.JGroupsTask.execute(JGroupsTask.java:41)
> at eu.application.nac.engine.scheduling.Task.run(Task.java:339)
> at java.lang.Thread.run(Thread.java:745)
> 2018-07-17 10:15:34.065 [Connect | ] ERROR TCP - JGRP000030: jgm113: failed handling incoming message | (Log4J2LogImpl.java:116)
> java.lang.ClassNotFoundException: Class for magic number 8237 cannot be found
> at org.jgroups.conf.ClassConfigurator.create(ClassConfigurator.java:118)
> at org.jgroups.Message.readHeader(Message.java:869)
> at org.jgroups.Message.readFrom(Message.java:742)
> at org.jgroups.protocols.TP.handleSingleMessage(TP.java:1346)
> at org.jgroups.protocols.TP.receive(TP.java:1323)
> at org.jgroups.blocks.cs.BaseServer.receive(BaseServer.java:171)
> at org.jgroups.blocks.cs.TcpConnection$Receiver.run(TcpConnection.java:290)
> at eu.application.nac.cluster.jgroups.JGroupsTask.execute(JGroupsTask.java:41)
> at eu.application.nac.engine.scheduling.Task.run(Task.java:339)
> at java.lang.Thread.run(Thread.java:745)
> 2018-07-17 10:15:34.072 [Connect | ] ERROR TCP - JGRP000030: jgm113: failed handling incoming message | (Log4J2LogImpl.java:116)
> java.io.IOException: length has to be 4 or 16 bytes (was 47 bytes)
> at org.jgroups.stack.IpAddress.readFrom(IpAddress.java:171)
> at org.jgroups.util.Util.readAddress(Util.java:1379)
> at org.jgroups.Message.readFrom(Message.java:731)
> at org.jgroups.protocols.TP.handleSingleMessage(TP.java:1346)
> at org.jgroups.protocols.TP.receive(TP.java:1323)
> at org.jgroups.blocks.cs.BaseServer.receive(BaseServer.java:171)
> at org.jgroups.blocks.cs.TcpConnection$Receiver.run(TcpConnection.java:290)
> at eu.application.nac.cluster.jgroups.JGroupsTask.execute(JGroupsTask.java:41)
> at eu.application.nac.engine.scheduling.Task.run(Task.java:339)
> at java.lang.Thread.run(Thread.java:745)
> 2018-07-17 10:15:34.076 [Connect | ] ERROR TCP - JGRP000030: jgm113: failed handling incoming message | (Log4J2LogImpl.java:116)
> java.lang.ClassNotFoundException: Class for magic number 28789 cannot be found
> at org.jgroups.conf.ClassConfigurator.create(ClassConfigurator.java:118)
> at org.jgroups.Message.readHeader(Message.java:869)
> at org.jgroups.Message.readFrom(Message.java:742)
> at org.jgroups.protocols.TP.handleSingleMessage(TP.java:1346)
> at org.jgroups.protocols.TP.receive(TP.java:1323)
> at org.jgroups.blocks.cs.BaseServer.receive(BaseServer.java:171)
> at org.jgroups.blocks.cs.TcpConnection$Receiver.run(TcpConnection.java:290)
> at eu.application.nac.cluster.jgroups.JGroupsTask.execute(JGroupsTask.java:41)
> at eu.application.nac.engine.scheduling.Task.run(Task.java:339)
> at java.lang.Thread.run(Thread.java:745)
> 2018-07-17 10:15:34.077 [Connect | ] ERROR TCP - JGRP000030: jgm113: failed handling incoming message | (Log4J2LogImpl.java:116)
> java.lang.ClassNotFoundException: Class for magic number 8237 cannot be found
> at org.jgroups.conf.ClassConfigurator.create(ClassConfigurator.java:118)
> at org.jgroups.Message.readHeader(Message.java:869)
> at org.jgroups.Message.readFrom(Message.java:742)
> at org.jgroups.protocols.TP.handleSingleMessage(TP.java:1346)
> at org.jgroups.protocols.TP.receive(TP.java:1323)
> at org.jgroups.blocks.cs.BaseServer.receive(BaseServer.java:171)
> at org.jgroups.blocks.cs.TcpConnection$Receiver.run(TcpConnection.java:290)
> at eu.application.nac.cluster.jgroups.JGroupsTask.execute(JGroupsTask.java:41)
> at eu.application.nac.engine.scheduling.Task.run(Task.java:339)
> at java.lang.Thread.run(Thread.java:745)
> 2018-07-17 10:15:34.078 [Connect | ] ERROR TCP - JGRP000030: jgm113: failed handling incoming message | (Log4J2LogImpl.java:116)
> java.io.IOException: length has to be 4 or 16 bytes (was 47 bytes)
> at org.jgroups.stack.IpAddress.readFrom(IpAddress.java:171)
> at org.jgroups.util.Util.readAddress(Util.java:1379)
> at org.jgroups.Message.readFrom(Message.java:731)
> at org.jgroups.protocols.TP.handleSingleMessage(TP.java:1346)
> at org.jgroups.protocols.TP.receive(TP.java:1323)
> at org.jgroups.blocks.cs.BaseServer.receive(BaseServer.java:171)
> at org.jgroups.blocks.cs.TcpConnection$Receiver.run(TcpConnection.java:290)
> at eu.application.nac.cluster.jgroups.JGroupsTask.execute(JGroupsTask.java:41)
> at eu.application.nac.engine.scheduling.Task.run(Task.java:339)
> at java.lang.Thread.run(Thread.java:745)
> 2018-07-17 10:15:34.078 [Connect | ] ERROR TCP - JGRP000030: jgm113: failed handling incoming message | (Log4J2LogImpl.java:116)
> java.lang.ClassNotFoundException: Class for magic number 8237 cannot be found
> at org.jgroups.conf.ClassConfigurator.create(ClassConfigurator.java:118)
> at org.jgroups.Message.readHeader(Message.java:869)
> at org.jgroups.Message.readFrom(Message.java:742)
> at org.jgroups.protocols.TP.handleSingleMessage(TP.java:1346)
> at org.jgroups.protocols.TP.receive(TP.java:1323)
> at org.jgroups.blocks.cs.BaseServer.receive(BaseServer.java:171)
> at org.jgroups.blocks.cs.TcpConnection$Receiver.run(TcpConnection.java:290)
> at eu.application.nac.cluster.jgroups.JGroupsTask.execute(JGroupsTask.java:41)
> at eu.application.nac.engine.scheduling.Task.run(Task.java:339)
> at java.lang.Thread.run(Thread.java:745)
> 2018-07-17 10:15:34.079 [Connect | ] ERROR TCP - JGRP000030: jgm113: failed handling incoming message | (Log4J2LogImpl.java:116)
> java.io.IOException: length has to be 4 or 16 bytes (was 47 bytes)
> at org.jgroups.stack.IpAddress.readFrom(IpAddress.java:171)
> at org.jgroups.util.Util.readAddress(Util.java:1379)
> at org.jgroups.Message.readFrom(Message.java:731)
> at org.jgroups.protocols.TP.handleSingleMessage(TP.java:1346)
> at org.jgroups.protocols.TP.receive(TP.java:1323)
> at org.jgroups.blocks.cs.BaseServer.receive(BaseServer.java:171)
> at org.jgroups.blocks.cs.TcpConnection$Receiver.run(TcpConnection.java:290)
> at eu.application.nac.cluster.jgroups.JGroupsTask.execute(JGroupsTask.java:41)
> at eu.application.nac.engine.scheduling.Task.run(Task.java:339)
> at java.lang.Thread.run(Thread.java:745)
> 2018-07-17 10:15:34.080 [Connect | ] ERROR TCP - JGRP000030: jgm113: failed handling incoming message | (Log4J2LogImpl.java:116)
> java.lang.ClassNotFoundException: Class for magic number 12320 cannot be found
> at org.jgroups.conf.ClassConfigurator.create(ClassConfigurator.java:118)
> at org.jgroups.Message.readHeader(Message.java:869)
> at org.jgroups.Message.readFrom(Message.java:742)
> at org.jgroups.protocols.TP.handleSingleMessage(TP.java:1346)
> at org.jgroups.protocols.TP.receive(TP.java:1323)
> at org.jgroups.blocks.cs.BaseServer.receive(BaseServer.java:171)
> at org.jgroups.blocks.cs.TcpConnection$Receiver.run(TcpConnection.java:290)
> at eu.application.nac.cluster.jgroups.JGroupsTask.execute(JGroupsTask.java:41)
> at eu.application.nac.engine.scheduling.Task.run(Task.java:339)
> at java.lang.Thread.run(Thread.java:745)
> 2018-07-17 10:15:34.089 [Connect | ] ERROR TCP - JGRP000030: jgm113: failed handling incoming message | (Log4J2LogImpl.java:116)
> java.lang.ClassNotFoundException: Class for magic number 25193 cannot be found
> at org.jgroups.conf.ClassConfigurator.create(ClassConfigurator.java:118)
> at org.jgroups.Message.readHeader(Message.java:869)
> at org.jgroups.Message.readFrom(Message.java:742)
> at org.jgroups.protocols.TP.handleSingleMessage(TP.java:1346)
> at org.jgroups.protocols.TP.receive(TP.java:1323)
> at org.jgroups.blocks.cs.BaseServer.receive(BaseServer.java:171)
> at org.jgroups.blocks.cs.TcpConnection$Receiver.run(TcpConnection.java:290)
> at eu.application.nac.cluster.jgroups.JGroupsTask.execute(JGroupsTask.java:41)
> at eu.application.nac.engine.scheduling.Task.run(Task.java:339)
> at java.lang.Thread.run(Thread.java:745)
> 2018-07-17 10:15:34.107 [Connect | ] ERROR TCP - JGRP000030: jgm113: failed handling incoming message | (Log4J2LogImpl.java:116)
> java.lang.ClassNotFoundException: Class for magic number 25970 cannot be found
> at org.jgroups.conf.ClassConfigurator.create(ClassConfigurator.java:118)
> at org.jgroups.Message.readHeader(Message.java:869)
> at org.jgroups.Message.readFrom(Message.java:742)
> at org.jgroups.util.Util.readMessageBatch(Util.java:1193)
> at org.jgroups.protocols.TP.handleMessageBatch(TP.java:1329)
> at org.jgroups.protocols.TP.receive(TP.java:1321)
> at org.jgroups.blocks.cs.BaseServer.receive(BaseServer.java:171)
> at org.jgroups.blocks.cs.TcpConnection$Receiver.run(TcpConnection.java:290)
> at eu.application.nac.cluster.jgroups.JGroupsTask.execute(JGroupsTask.java:41)
> at eu.application.nac.engine.scheduling.Task.run(Task.java:339)
> at java.lang.Thread.run(Thread.java:745)
> {code}
> When it comes to the payload of the message the size of the payload can be as big as 2GB ({{len=in.readInt();}}). On small machines this will lead to an OutOfMemoryError.
> There is a need for some handling of such misinterpreted messages. Like closing and reopening a socket connection or completely ignoring the following bytes until a new message begins or an other algorithm that would prevent the processing of the remaining bytes.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
7 years, 9 months
[JBoss JIRA] (WFCORE-4129) WFLYSRV0266: Server home is set to... info msg in domain for RPM installation
by Lin Gao (JIRA)
[ https://issues.jboss.org/browse/WFCORE-4129?page=com.atlassian.jira.plugi... ]
Lin Gao moved JBEAP-15522 to WFCORE-4129:
-----------------------------------------
Project: WildFly Core (was: JBoss Enterprise Application Platform)
Key: WFCORE-4129 (was: JBEAP-15522)
Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1)
Component/s: Server
(was: RPM)
(was: Server)
Affects Version/s: (was: 7.1.0.GA)
(was: 7.2.0.Beta)
(was: 7.1.4.GA)
> WFLYSRV0266: Server home is set to... info msg in domain for RPM installation
> -----------------------------------------------------------------------------
>
> Key: WFCORE-4129
> URL: https://issues.jboss.org/browse/WFCORE-4129
> Project: WildFly Core
> Issue Type: Bug
> Components: Server
> Reporter: Lin Gao
> Assignee: Lin Gao
>
> When EAP is installed via RPM packages and started in domain mode, there are following info messages visible in the {{server.log}}:
> {code}
> [INFO] [line 163] 2018-08-31 11:22:18,251 WARN [org.jboss.as.server] (main) WFLYSRV0266: Server home is set to '/opt/rh/eap7/root/usr/share/wildfly/domain/servers/server-one', but server real home is '/var/opt/rh/eap7/lib/wildfly/domain/servers/server-one' - unpredictable results may occur.
> [INFO] [line 4] 2018-08-31 10:25:47,525 WARN [org.jboss.as.server] (main) WFLYSRV0266: Server home is set to '/opt/rh/eap7/root/usr/share/wildfly/domain/servers/server-two', but server real home is '/var/opt/rh/eap7/lib/wildfly/domain/servers/server-two' - unpredictable results may occur.
> {code}
> Based on the [comment in issue JBEAP-10261|https://issues.jboss.org/browse/JBEAP-10261?focusedCommentId=...], it looks like a side effect of that. So main problem is probably in the startup scripts and not in RPM themselves.
> Even though, those messages are just INFO level, still - I believe that as this is a default RPM installation no such disturbing message takes place in the log. We should either be sure that this kind of installation makes no trouble or we should adjust the installation way itself so such info message does not have to be printed.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
7 years, 9 months
[JBoss JIRA] (JGRP-2295) Add local Operation System DNS resolver implementation
by Bela Ban (JIRA)
[ https://issues.jboss.org/browse/JGRP-2295?page=com.atlassian.jira.plugin.... ]
Bela Ban updated JGRP-2295:
---------------------------
Fix Version/s: 4.0.15
> Add local Operation System DNS resolver implementation
> ------------------------------------------------------
>
> Key: JGRP-2295
> URL: https://issues.jboss.org/browse/JGRP-2295
> Project: JGroups
> Issue Type: Feature Request
> Reporter: Sebastian Łaskawiec
> Assignee: Sebastian Łaskawiec
> Fix For: 4.0.15
>
>
> The {{DefaultDNSResolver}} queries the DNS server and extracts values it returned. There's however another approach - query the local OS DNS resolver. This approach has some advantages because it takes both {{/etc/hosts}} as well as {{/etc/resolv.conf}} files under consideration. We should provide an {{OSDNSResolver}} implementation that would do it.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
7 years, 9 months
[JBoss JIRA] (JGRP-2298) InputStream is processed after the different version error
by Boris Kantor (JIRA)
Boris Kantor created JGRP-2298:
----------------------------------
Summary: InputStream is processed after the different version error
Key: JGRP-2298
URL: https://issues.jboss.org/browse/JGRP-2298
Project: JGroups
Issue Type: Bug
Affects Versions: 4.0.13, 4.0.11
Environment: OS: Debian 8
Reporter: Boris Kantor
Assignee: Bela Ban
Occasionally JGroups shows up a warning when receiving a message with a different JGroups version:
{{JGRP000010: packet from 10.10.10.130:7800 has different version (0.0.0) than ours (4.0.11); packet is discarded | (Log4J2LogImpl.java:91)}}
Although the message is then discarded, the socket connection will be kept open. The input stream still contains data that will be processed and falsly interpreted as the next message.
If you have bad luck, the next bytes will match the correct version number. This leads then to following errors:
{code:java}
2018-07-17 10:15:34.052 [Connect | ] WARN TCP - JGRP000010: packet from 10.10.10.130:7800 has different version (0.0.0) than ours (4.0.11); packet is discarded | (Log4J2LogImpl.java:91)
2018-07-17 10:15:34.059 [Connect | ] ERROR TCP - JGRP000030: jgm113: failed handling incoming message | (Log4J2LogImpl.java:116)
java.lang.ClassNotFoundException: Class for magic number 8237 cannot be found
at org.jgroups.conf.ClassConfigurator.create(ClassConfigurator.java:118)
at org.jgroups.Message.readHeader(Message.java:869)
at org.jgroups.Message.readFrom(Message.java:742)
at org.jgroups.protocols.TP.handleSingleMessage(TP.java:1346)
at org.jgroups.protocols.TP.receive(TP.java:1323)
at org.jgroups.blocks.cs.BaseServer.receive(BaseServer.java:171)
at org.jgroups.blocks.cs.TcpConnection$Receiver.run(TcpConnection.java:290)
at eu.application.nac.cluster.jgroups.JGroupsTask.execute(JGroupsTask.java:41)
at eu.application.nac.engine.scheduling.Task.run(Task.java:339)
at java.lang.Thread.run(Thread.java:745)
2018-07-17 10:15:34.065 [Connect | ] ERROR TCP - JGRP000030: jgm113: failed handling incoming message | (Log4J2LogImpl.java:116)
java.lang.ClassNotFoundException: Class for magic number 8237 cannot be found
at org.jgroups.conf.ClassConfigurator.create(ClassConfigurator.java:118)
at org.jgroups.Message.readHeader(Message.java:869)
at org.jgroups.Message.readFrom(Message.java:742)
at org.jgroups.protocols.TP.handleSingleMessage(TP.java:1346)
at org.jgroups.protocols.TP.receive(TP.java:1323)
at org.jgroups.blocks.cs.BaseServer.receive(BaseServer.java:171)
at org.jgroups.blocks.cs.TcpConnection$Receiver.run(TcpConnection.java:290)
at eu.application.nac.cluster.jgroups.JGroupsTask.execute(JGroupsTask.java:41)
at eu.application.nac.engine.scheduling.Task.run(Task.java:339)
at java.lang.Thread.run(Thread.java:745)
2018-07-17 10:15:34.072 [Connect | ] ERROR TCP - JGRP000030: jgm113: failed handling incoming message | (Log4J2LogImpl.java:116)
java.io.IOException: length has to be 4 or 16 bytes (was 47 bytes)
at org.jgroups.stack.IpAddress.readFrom(IpAddress.java:171)
at org.jgroups.util.Util.readAddress(Util.java:1379)
at org.jgroups.Message.readFrom(Message.java:731)
at org.jgroups.protocols.TP.handleSingleMessage(TP.java:1346)
at org.jgroups.protocols.TP.receive(TP.java:1323)
at org.jgroups.blocks.cs.BaseServer.receive(BaseServer.java:171)
at org.jgroups.blocks.cs.TcpConnection$Receiver.run(TcpConnection.java:290)
at eu.application.nac.cluster.jgroups.JGroupsTask.execute(JGroupsTask.java:41)
at eu.application.nac.engine.scheduling.Task.run(Task.java:339)
at java.lang.Thread.run(Thread.java:745)
2018-07-17 10:15:34.076 [Connect | ] ERROR TCP - JGRP000030: jgm113: failed handling incoming message | (Log4J2LogImpl.java:116)
java.lang.ClassNotFoundException: Class for magic number 28789 cannot be found
at org.jgroups.conf.ClassConfigurator.create(ClassConfigurator.java:118)
at org.jgroups.Message.readHeader(Message.java:869)
at org.jgroups.Message.readFrom(Message.java:742)
at org.jgroups.protocols.TP.handleSingleMessage(TP.java:1346)
at org.jgroups.protocols.TP.receive(TP.java:1323)
at org.jgroups.blocks.cs.BaseServer.receive(BaseServer.java:171)
at org.jgroups.blocks.cs.TcpConnection$Receiver.run(TcpConnection.java:290)
at eu.application.nac.cluster.jgroups.JGroupsTask.execute(JGroupsTask.java:41)
at eu.application.nac.engine.scheduling.Task.run(Task.java:339)
at java.lang.Thread.run(Thread.java:745)
2018-07-17 10:15:34.077 [Connect | ] ERROR TCP - JGRP000030: jgm113: failed handling incoming message | (Log4J2LogImpl.java:116)
java.lang.ClassNotFoundException: Class for magic number 8237 cannot be found
at org.jgroups.conf.ClassConfigurator.create(ClassConfigurator.java:118)
at org.jgroups.Message.readHeader(Message.java:869)
at org.jgroups.Message.readFrom(Message.java:742)
at org.jgroups.protocols.TP.handleSingleMessage(TP.java:1346)
at org.jgroups.protocols.TP.receive(TP.java:1323)
at org.jgroups.blocks.cs.BaseServer.receive(BaseServer.java:171)
at org.jgroups.blocks.cs.TcpConnection$Receiver.run(TcpConnection.java:290)
at eu.application.nac.cluster.jgroups.JGroupsTask.execute(JGroupsTask.java:41)
at eu.application.nac.engine.scheduling.Task.run(Task.java:339)
at java.lang.Thread.run(Thread.java:745)
2018-07-17 10:15:34.078 [Connect | ] ERROR TCP - JGRP000030: jgm113: failed handling incoming message | (Log4J2LogImpl.java:116)
java.io.IOException: length has to be 4 or 16 bytes (was 47 bytes)
at org.jgroups.stack.IpAddress.readFrom(IpAddress.java:171)
at org.jgroups.util.Util.readAddress(Util.java:1379)
at org.jgroups.Message.readFrom(Message.java:731)
at org.jgroups.protocols.TP.handleSingleMessage(TP.java:1346)
at org.jgroups.protocols.TP.receive(TP.java:1323)
at org.jgroups.blocks.cs.BaseServer.receive(BaseServer.java:171)
at org.jgroups.blocks.cs.TcpConnection$Receiver.run(TcpConnection.java:290)
at eu.application.nac.cluster.jgroups.JGroupsTask.execute(JGroupsTask.java:41)
at eu.application.nac.engine.scheduling.Task.run(Task.java:339)
at java.lang.Thread.run(Thread.java:745)
2018-07-17 10:15:34.078 [Connect | ] ERROR TCP - JGRP000030: jgm113: failed handling incoming message | (Log4J2LogImpl.java:116)
java.lang.ClassNotFoundException: Class for magic number 8237 cannot be found
at org.jgroups.conf.ClassConfigurator.create(ClassConfigurator.java:118)
at org.jgroups.Message.readHeader(Message.java:869)
at org.jgroups.Message.readFrom(Message.java:742)
at org.jgroups.protocols.TP.handleSingleMessage(TP.java:1346)
at org.jgroups.protocols.TP.receive(TP.java:1323)
at org.jgroups.blocks.cs.BaseServer.receive(BaseServer.java:171)
at org.jgroups.blocks.cs.TcpConnection$Receiver.run(TcpConnection.java:290)
at eu.application.nac.cluster.jgroups.JGroupsTask.execute(JGroupsTask.java:41)
at eu.application.nac.engine.scheduling.Task.run(Task.java:339)
at java.lang.Thread.run(Thread.java:745)
2018-07-17 10:15:34.079 [Connect | ] ERROR TCP - JGRP000030: jgm113: failed handling incoming message | (Log4J2LogImpl.java:116)
java.io.IOException: length has to be 4 or 16 bytes (was 47 bytes)
at org.jgroups.stack.IpAddress.readFrom(IpAddress.java:171)
at org.jgroups.util.Util.readAddress(Util.java:1379)
at org.jgroups.Message.readFrom(Message.java:731)
at org.jgroups.protocols.TP.handleSingleMessage(TP.java:1346)
at org.jgroups.protocols.TP.receive(TP.java:1323)
at org.jgroups.blocks.cs.BaseServer.receive(BaseServer.java:171)
at org.jgroups.blocks.cs.TcpConnection$Receiver.run(TcpConnection.java:290)
at eu.application.nac.cluster.jgroups.JGroupsTask.execute(JGroupsTask.java:41)
at eu.application.nac.engine.scheduling.Task.run(Task.java:339)
at java.lang.Thread.run(Thread.java:745)
2018-07-17 10:15:34.080 [Connect | ] ERROR TCP - JGRP000030: jgm113: failed handling incoming message | (Log4J2LogImpl.java:116)
java.lang.ClassNotFoundException: Class for magic number 12320 cannot be found
at org.jgroups.conf.ClassConfigurator.create(ClassConfigurator.java:118)
at org.jgroups.Message.readHeader(Message.java:869)
at org.jgroups.Message.readFrom(Message.java:742)
at org.jgroups.protocols.TP.handleSingleMessage(TP.java:1346)
at org.jgroups.protocols.TP.receive(TP.java:1323)
at org.jgroups.blocks.cs.BaseServer.receive(BaseServer.java:171)
at org.jgroups.blocks.cs.TcpConnection$Receiver.run(TcpConnection.java:290)
at eu.application.nac.cluster.jgroups.JGroupsTask.execute(JGroupsTask.java:41)
at eu.application.nac.engine.scheduling.Task.run(Task.java:339)
at java.lang.Thread.run(Thread.java:745)
2018-07-17 10:15:34.089 [Connect | ] ERROR TCP - JGRP000030: jgm113: failed handling incoming message | (Log4J2LogImpl.java:116)
java.lang.ClassNotFoundException: Class for magic number 25193 cannot be found
at org.jgroups.conf.ClassConfigurator.create(ClassConfigurator.java:118)
at org.jgroups.Message.readHeader(Message.java:869)
at org.jgroups.Message.readFrom(Message.java:742)
at org.jgroups.protocols.TP.handleSingleMessage(TP.java:1346)
at org.jgroups.protocols.TP.receive(TP.java:1323)
at org.jgroups.blocks.cs.BaseServer.receive(BaseServer.java:171)
at org.jgroups.blocks.cs.TcpConnection$Receiver.run(TcpConnection.java:290)
at eu.application.nac.cluster.jgroups.JGroupsTask.execute(JGroupsTask.java:41)
at eu.application.nac.engine.scheduling.Task.run(Task.java:339)
at java.lang.Thread.run(Thread.java:745)
2018-07-17 10:15:34.107 [Connect | ] ERROR TCP - JGRP000030: jgm113: failed handling incoming message | (Log4J2LogImpl.java:116)
java.lang.ClassNotFoundException: Class for magic number 25970 cannot be found
at org.jgroups.conf.ClassConfigurator.create(ClassConfigurator.java:118)
at org.jgroups.Message.readHeader(Message.java:869)
at org.jgroups.Message.readFrom(Message.java:742)
at org.jgroups.util.Util.readMessageBatch(Util.java:1193)
at org.jgroups.protocols.TP.handleMessageBatch(TP.java:1329)
at org.jgroups.protocols.TP.receive(TP.java:1321)
at org.jgroups.blocks.cs.BaseServer.receive(BaseServer.java:171)
at org.jgroups.blocks.cs.TcpConnection$Receiver.run(TcpConnection.java:290)
at eu.application.nac.cluster.jgroups.JGroupsTask.execute(JGroupsTask.java:41)
at eu.application.nac.engine.scheduling.Task.run(Task.java:339)
at java.lang.Thread.run(Thread.java:745)
{code}
When it comes to the payload of the message the size of the payload can be as big as 2GB ({{len=in.readInt();}}). On small machines this will lead to an OutOfMemoryError.
There is a need for some handling of such misinterpreted messages. Like closing and reopening a socket connection or completely ignoring the following bytes until a new message begins or an other algorithm that would prevent the processing of the remaining bytes.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
7 years, 9 months
[JBoss JIRA] (ELY-1648) FIPS NoSuchAlgorithmException: JKS KeyStore not available when trustmanager SunX509
by Martin Choma (JIRA)
[ https://issues.jboss.org/browse/ELY-1648?page=com.atlassian.jira.plugin.s... ]
Martin Choma updated ELY-1648:
------------------------------
Description:
With SunX509 truststore algorithm I can succesfully connect with CLI.
{code}
<configuration>
<authentication-client xmlns="urn:elytron:client:1.1">
<key-stores>
<key-store name="truststore" type="PKCS11">
<key-store-clear-password password="${password}" />
</key-store>
</key-stores>
<ssl-contexts>
<ssl-context name="client-cli-context">
<trust-manager algorithm="SunX509" />
<trust-store key-store-name="truststore" />
<cipher-suite selector="${cipher.suite.filter}" />
<protocol names="${protocol}" />
</ssl-context>
</ssl-contexts>
<ssl-context-rules>
<rule use-ssl-context="client-cli-context" />
</ssl-context-rules>
</authentication-client>
</configuration>
{code}
But there is a exception in log
{code}
13:58:27,652 INFO [com.redhat.eap.qe.cli.CustomCLIExecutor] (main) java.security.KeyStoreException: JKS not found
at java.security.KeyStore.getInstance(KeyStore.java:851)
at sun.security.util.AnchorCertificates$1.run(AnchorCertificates.java:59)
at sun.security.util.AnchorCertificates$1.run(AnchorCertificates.java:52)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.util.AnchorCertificates.<clinit>(AnchorCertificates.java:52)
at sun.security.provider.certpath.AlgorithmChecker.checkFingerprint(AlgorithmChecker.java:214)
at sun.security.provider.certpath.AlgorithmChecker.<init>(AlgorithmChecker.java:164)
at sun.security.provider.certpath.AlgorithmChecker.<init>(AlgorithmChecker.java:118)
at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:157)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1601)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:992)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:989)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1467)
at org.xnio.ssl.JsseSslConduitEngine.handleHandshake(JsseSslConduitEngine.java:543)
at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:314)
at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:204)
at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:98)
at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:72)
at org.xnio.conduits.ConduitStreamSinkChannel.write(ConduitStreamSinkChannel.java:150)
at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:385)
at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:372)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at org.xnio.conduits.WriteReadyHandler$ChannelListenerHandler.writeReady(WriteReadyHandler.java:65)
at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:94)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:591)
Caused by: java.security.NoSuchAlgorithmException: JKS KeyStore not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
at java.security.Security.getImpl(Security.java:695)
at java.security.KeyStore.getInstance(KeyStore.java:848)
... 31 more
{code}
When I change SunX509 to PKIX exception does not occure anymore.
Seems exception is thrown by code https://github.com/JetBrains/jdk8u_jdk/blob/master/src/share/classes/sun/...
AnchorCertificates hardcodes JKS keystore creation. Apparently using PKIX it is avoided.
was:
With SunX509 truststore algorithm I can succesfully connect with CLI.
{code}
<configuration>
<authentication-client xmlns="urn:elytron:client:1.1">
<key-stores>
<key-store name="truststore" type="PKCS11">
<key-store-clear-password password="${password}" />
</key-store>
</key-stores>
<ssl-contexts>
<ssl-context name="client-cli-context">
<trust-manager algorithm="SunX509" />
<trust-store key-store-name="truststore" />
<cipher-suite selector="${cipher.suite.filter}" />
<protocol names="${protocol}" />
</ssl-context>
</ssl-contexts>
<ssl-context-rules>
<rule use-ssl-context="client-cli-context" />
</ssl-context-rules>
</authentication-client>
</configuration>
{code}
But there is a exception in log
{code}
13:58:27,652 INFO [com.redhat.eap.qe.cli.CustomCLIExecutor] (main) java.security.KeyStoreException: JKS not found
at java.security.KeyStore.getInstance(KeyStore.java:851)
at sun.security.util.AnchorCertificates$1.run(AnchorCertificates.java:59)
at sun.security.util.AnchorCertificates$1.run(AnchorCertificates.java:52)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.util.AnchorCertificates.<clinit>(AnchorCertificates.java:52)
at sun.security.provider.certpath.AlgorithmChecker.checkFingerprint(AlgorithmChecker.java:214)
at sun.security.provider.certpath.AlgorithmChecker.<init>(AlgorithmChecker.java:164)
at sun.security.provider.certpath.AlgorithmChecker.<init>(AlgorithmChecker.java:118)
at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:157)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1601)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:992)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:989)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1467)
at org.xnio.ssl.JsseSslConduitEngine.handleHandshake(JsseSslConduitEngine.java:543)
at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:314)
at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:204)
at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:98)
at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:72)
at org.xnio.conduits.ConduitStreamSinkChannel.write(ConduitStreamSinkChannel.java:150)
at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:385)
at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:372)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at org.xnio.conduits.WriteReadyHandler$ChannelListenerHandler.writeReady(WriteReadyHandler.java:65)
at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:94)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:591)
Caused by: java.security.NoSuchAlgorithmException: JKS KeyStore not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
at java.security.Security.getImpl(Security.java:695)
at java.security.KeyStore.getInstance(KeyStore.java:848)
... 31 more
{code}
When I change SunX509 to PKIX exception does not occure anymore.
Seems exception is thrown by code https://github.com/JetBrains/jdk8u_jdk/blob/master/src/share/classes/sun/...
> FIPS NoSuchAlgorithmException: JKS KeyStore not available when trustmanager SunX509
> -----------------------------------------------------------------------------------
>
> Key: ELY-1648
> URL: https://issues.jboss.org/browse/ELY-1648
> Project: WildFly Elytron
> Issue Type: Bug
> Components: SSL
> Affects Versions: 1.5.5.Final
> Reporter: Martin Choma
> Assignee: Justin Cook
> Attachments: java.security
>
>
> With SunX509 truststore algorithm I can succesfully connect with CLI.
> {code}
> <configuration>
> <authentication-client xmlns="urn:elytron:client:1.1">
> <key-stores>
> <key-store name="truststore" type="PKCS11">
> <key-store-clear-password password="${password}" />
> </key-store>
> </key-stores>
> <ssl-contexts>
> <ssl-context name="client-cli-context">
> <trust-manager algorithm="SunX509" />
> <trust-store key-store-name="truststore" />
> <cipher-suite selector="${cipher.suite.filter}" />
> <protocol names="${protocol}" />
> </ssl-context>
> </ssl-contexts>
> <ssl-context-rules>
> <rule use-ssl-context="client-cli-context" />
> </ssl-context-rules>
> </authentication-client>
> </configuration>
> {code}
> But there is a exception in log
> {code}
> 13:58:27,652 INFO [com.redhat.eap.qe.cli.CustomCLIExecutor] (main) java.security.KeyStoreException: JKS not found
> at java.security.KeyStore.getInstance(KeyStore.java:851)
> at sun.security.util.AnchorCertificates$1.run(AnchorCertificates.java:59)
> at sun.security.util.AnchorCertificates$1.run(AnchorCertificates.java:52)
> at java.security.AccessController.doPrivileged(Native Method)
> at sun.security.util.AnchorCertificates.<clinit>(AnchorCertificates.java:52)
> at sun.security.provider.certpath.AlgorithmChecker.checkFingerprint(AlgorithmChecker.java:214)
> at sun.security.provider.certpath.AlgorithmChecker.<init>(AlgorithmChecker.java:164)
> at sun.security.provider.certpath.AlgorithmChecker.<init>(AlgorithmChecker.java:118)
> at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:157)
> at sun.security.validator.Validator.validate(Validator.java:260)
> at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
> at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281)
> at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
> at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1601)
> at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
> at sun.security.ssl.Handshaker$1.run(Handshaker.java:992)
> at sun.security.ssl.Handshaker$1.run(Handshaker.java:989)
> at java.security.AccessController.doPrivileged(Native Method)
> at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1467)
> at org.xnio.ssl.JsseSslConduitEngine.handleHandshake(JsseSslConduitEngine.java:543)
> at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:314)
> at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:204)
> at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:98)
> at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:72)
> at org.xnio.conduits.ConduitStreamSinkChannel.write(ConduitStreamSinkChannel.java:150)
> at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:385)
> at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:372)
> at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
> at org.xnio.conduits.WriteReadyHandler$ChannelListenerHandler.writeReady(WriteReadyHandler.java:65)
> at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:94)
> at org.xnio.nio.WorkerThread.run(WorkerThread.java:591)
> Caused by: java.security.NoSuchAlgorithmException: JKS KeyStore not available
> at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
> at java.security.Security.getImpl(Security.java:695)
> at java.security.KeyStore.getInstance(KeyStore.java:848)
> ... 31 more
> {code}
> When I change SunX509 to PKIX exception does not occure anymore.
> Seems exception is thrown by code https://github.com/JetBrains/jdk8u_jdk/blob/master/src/share/classes/sun/...
> AnchorCertificates hardcodes JKS keystore creation. Apparently using PKIX it is avoided.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
7 years, 9 months
[JBoss JIRA] (ELY-1648) FIPS NoSuchAlgorithmException: JKS KeyStore not available when trustmanager SunX509
by Martin Choma (JIRA)
[ https://issues.jboss.org/browse/ELY-1648?page=com.atlassian.jira.plugin.s... ]
Martin Choma commented on ELY-1648:
-----------------------------------
Adding log with jboss-cli.sh -Djavax.net.debug=all
It shows and align with stacktrace error is thrown on client side during processing server certificate.
{code}
[standalone@localhost:9990 /] reload
Using SSLEngineImpl.
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1521170940 bytes = { 91, 161, 212, 139, 54, 91, 159, 74, 137, 194, 1, 152, 46, 109, 66, 145, 103, 199, 38, 54, 112, 199, 44, 71, 133, 111, 124, 193 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension renegotiation_info, renegotiated_connection: <empty>
***
[write] MD5 and SHA1 hashes: len = 196
0000: 01 00 00 C0 03 03 5B AB 3A FC 5B A1 D4 8B 36 5B ......[.:.[...6[
0010: 9F 4A 89 C2 01 98 2E 6D 42 91 67 C7 26 36 70 C7 .J.....mB.g.&6p.
0020: 2C 47 85 6F 7C C1 00 00 54 C0 24 C0 28 00 3D C0 ,G.o....T.$.(.=.
0030: 26 C0 2A 00 6B 00 6A C0 0A C0 14 00 35 C0 05 C0 &.*.k.j.....5...
0040: 0F 00 39 00 38 C0 23 C0 27 00 3C C0 25 C0 29 00 ..9.8.#.'.<.%.).
0050: 67 00 40 C0 09 C0 13 00 2F C0 04 C0 0E 00 33 00 g.@...../.....3.
0060: 32 C0 2C C0 2B C0 30 00 9D C0 2E C0 32 00 9F 00 2.,.+.0.....2...
0070: A3 C0 2F 00 9C C0 2D C0 31 00 9E 00 A2 01 00 00 ../...-.1.......
0080: 43 00 0A 00 14 00 12 00 17 00 18 00 19 00 09 00 C...............
0090: 0A 00 0B 00 0C 00 0D 00 0E 00 0B 00 02 01 00 00 ................
00A0: 0D 00 1C 00 1A 06 03 06 01 05 03 05 01 04 03 04 ................
00B0: 01 04 02 03 03 03 01 03 02 02 03 02 01 02 02 FF ................
00C0: 01 00 01 00 ....
Remoting "cli-client" I/O-1, WRITE: TLSv1.2 Handshake, length = 196
[Raw write]: length = 201
0000: 16 03 03 00 C4 01 00 00 C0 03 03 5B AB 3A FC 5B ...........[.:.[
0010: A1 D4 8B 36 5B 9F 4A 89 C2 01 98 2E 6D 42 91 67 ...6[.J.....mB.g
0020: C7 26 36 70 C7 2C 47 85 6F 7C C1 00 00 54 C0 24 .&6p.,G.o....T.$
0030: C0 28 00 3D C0 26 C0 2A 00 6B 00 6A C0 0A C0 14 .(.=.&.*.k.j....
0040: 00 35 C0 05 C0 0F 00 39 00 38 C0 23 C0 27 00 3C .5.....9.8.#.'.<
0050: C0 25 C0 29 00 67 00 40 C0 09 C0 13 00 2F C0 04 .%.).g.@...../..
0060: C0 0E 00 33 00 32 C0 2C C0 2B C0 30 00 9D C0 2E ...3.2.,.+.0....
0070: C0 32 00 9F 00 A3 C0 2F 00 9C C0 2D C0 31 00 9E .2...../...-.1..
0080: 00 A2 01 00 00 43 00 0A 00 14 00 12 00 17 00 18 .....C..........
0090: 00 19 00 09 00 0A 00 0B 00 0C 00 0D 00 0E 00 0B ................
00A0: 00 02 01 00 00 0D 00 1C 00 1A 06 03 06 01 05 03 ................
00B0: 05 01 04 03 04 01 04 02 03 03 03 01 03 02 02 03 ................
00C0: 02 01 02 02 FF 01 00 01 00 .........
[Raw read]: length = 5
0000: 16 03 02 05 37 ....7
[Raw read]: length = 1335
0000: 02 00 00 4D 03 02 5B AB 3A FC F2 E6 88 D2 D5 AC ...M..[.:.......
0010: 4E 94 9A 6C 88 06 71 E9 C7 64 AF 73 9B 93 01 3D N..l..q..d.s...=
0020: 4B 7E 70 09 83 9B 20 5B AB 3A FC 8D 7F C3 69 C6 K.p... [.:....i.
0030: 06 70 79 A3 D0 1C F7 18 C7 01 C6 FB 26 2A 35 90 .py.........&*5.
0040: A5 D5 82 07 F9 2E CF 00 33 00 00 05 FF 01 00 01 ........3.......
0050: 00 0B 00 02 AF 00 02 AC 00 02 A9 30 82 02 A5 30 ...........0...0
0060: 82 01 8D A0 03 02 01 02 02 05 00 A6 9A 90 A2 30 ...............0
0070: 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 30 14 ...*.H........0.
0080: 31 12 30 10 06 03 55 04 03 13 09 6C 6F 63 61 6C 1.0...U....local
0090: 68 6F 73 74 30 1E 17 0D 31 36 30 36 30 39 30 38 host0...16060908
00A0: 35 30 35 33 5A 17 0D 33 36 30 36 30 39 30 38 35 5053Z..360609085
00B0: 30 35 33 5A 30 14 31 12 30 10 06 03 55 04 03 13 053Z0.1.0...U...
00C0: 09 6C 6F 63 61 6C 68 6F 73 74 30 82 01 22 30 0D .localhost0.."0.
00D0: 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 ..*.H...........
00E0: 0F 00 30 82 01 0A 02 82 01 01 00 E6 33 55 5C D1 ..0.........3U\.
00F0: 43 74 86 82 35 F9 0D CD 11 24 F3 14 90 10 32 EA Ct..5....$....2.
0100: 17 1D CF B3 B1 46 AE DF 61 5F B5 7C 30 78 0C 98 .....F..a_..0x..
0110: 51 33 37 D7 23 A3 AC A9 29 37 27 BA EE 42 A4 C2 Q37.#...)7'..B..
0120: F8 E6 0C EE 13 24 83 C4 28 F0 EB 7F BE A7 F7 1C .....$..(.......
0130: 1D F0 80 12 52 8A BB F9 FC 58 11 8D A2 35 74 7A ....R....X...5tz
0140: CB EF D5 24 2D 6D AF C2 F3 8D F7 E6 6D FE B3 7F ...$-m......m...
0150: 3A 30 48 C4 4B AC 35 A5 4A EB 74 E2 7C 34 0D 8E :0H.K.5.J.t..4..
0160: 0F 86 EF 69 F9 FB 10 96 93 BD FE C9 42 02 FC 3F ...i........B..?
0170: FA AD DF 70 67 7B 81 88 A3 FE FB E3 30 DE 1E 98 ...pg.......0...
0180: 40 70 EE 66 89 25 56 D2 89 01 20 AD 8F 78 E3 F3 @p.f.%V... ..x..
0190: A5 30 CD 37 52 CF C5 16 CF E0 AB A1 C5 8F 60 C5 .0.7R.........`.
01A0: 46 77 03 8C 83 7E 59 EB 7E 35 A2 7F 34 A9 5D 0D Fw....Y..5..4.].
01B0: 75 77 2F C2 77 92 96 71 D1 E3 63 2F 3C D0 3F F0 uw/.w..q..c/<.?.
01C0: 35 8E 09 61 EA 51 83 00 FC E9 DB 61 E2 84 01 02 5..a.Q.....a....
01D0: 9E 50 55 AA 30 C2 BF B1 1E 9D 7D C5 2A 21 71 0E .PU.0.......*!q.
01E0: 46 C7 7C 67 3B 52 E4 AD EB E7 E7 02 03 01 00 01 F..g;R..........
01F0: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 03 0...*.H.........
0200: 82 01 01 00 39 D3 A0 BE DD 4D 83 CD BA 59 04 A0 ....9....M...Y..
0210: F0 D9 EE E4 66 3B B8 0B 99 19 0F 2E 2E 79 B4 A5 ....f;.......y..
0220: 71 BD 5A 2B E8 F4 A3 04 42 7E 20 54 90 4F 5E A8 q.Z+....B. T.O^.
0230: DC 8B A1 46 BE 10 FC 45 7C 6D 01 CF D0 A0 4B E5 ...F...E.m....K.
0240: 6F BF 35 3B FB 11 F1 4D 16 B1 E0 4B 19 2A A8 D8 o.5;...M...K.*..
0250: 2D C7 0B 43 3C 55 F3 3E 8C 05 43 14 F0 A1 DE E4 -..C<U.>..C.....
0260: 67 9E 36 D9 35 2E 47 1E D0 78 39 39 81 C6 4C EE g.6.5.G..x99..L.
0270: E7 76 D4 22 50 D0 1A AE CA 98 A2 62 8A 7B A4 F6 .v."P......b....
0280: 3A 1E 87 CD 96 95 61 09 24 35 7A 80 68 42 68 66 :.....a.$5z.hBhf
0290: 73 DC CF 1F 0A DE 1E 6F 90 B0 C8 77 87 E4 B3 E0 s......o...w....
02A0: F7 A6 5F 11 9D 3B 67 F4 31 32 13 26 EA FE 5A 48 .._..;g.12.&..ZH
02B0: C5 8E 6C 28 52 25 59 DB DB 49 40 F6 1F 03 09 AC ..l(R%Y..I@.....
02C0: 28 9C 16 4A 8D 92 DE 53 19 D1 85 12 AA 5C 1A AB (..J...S.....\..
02D0: 1F 5C 32 DB F8 43 92 56 86 A8 7D 2B 9B DD D2 9B .\2..C.V...+....
02E0: 27 F7 5E A4 47 F9 C6 7B D8 71 80 94 16 F5 8E F5 '.^.G....q......
02F0: 4A 45 7A 97 2F C2 62 9D B9 41 54 26 ED C9 DD DF JEz./.b..AT&....
0300: C5 1C F8 B8 0C 00 02 09 00 80 FF FF FF FF FF FF ................
0310: FF FF C9 0F DA A2 21 68 C2 34 C4 C6 62 8B 80 DC ......!h.4..b...
0320: 1C D1 29 02 4E 08 8A 67 CC 74 02 0B BE A6 3B 13 ..).N..g.t....;.
0330: 9B 22 51 4A 08 79 8E 34 04 DD EF 95 19 B3 CD 3A ."QJ.y.4.......:
0340: 43 1B 30 2B 0A 6D F2 5F 14 37 4F E1 35 6D 6D 51 C.0+.m._.7O.5mmQ
0350: C2 45 E4 85 B5 76 62 5E 7E C6 F4 4C 42 E9 A6 37 .E...vb^...LB..7
0360: ED 6B 0B FF 5C B6 F4 06 B7 ED EE 38 6B FB 5A 89 .k..\......8k.Z.
0370: 9F A5 AE 9F 24 11 7C 4B 1F E6 49 28 66 51 EC E6 ....$..K..I(fQ..
0380: 53 81 FF FF FF FF FF FF FF FF 00 01 02 00 80 94 S...............
0390: 35 1B 36 50 05 0F EA CF 92 FD F0 77 AA C0 63 96 5.6P.......w..c.
03A0: EC 2C B1 5B 44 93 C1 18 94 19 A9 A2 CB CB 10 DA .,.[D...........
03B0: 54 B4 F3 99 9E CC 15 4D 73 A2 A8 47 DD 96 4D AF T......Ms..G..M.
03C0: 21 30 1B 94 13 43 D7 F2 AD 2D B4 9D 85 71 AA 15 !0...C...-...q..
03D0: 8D 91 B5 2E AC 6A ED E9 99 50 05 91 53 FF 35 E0 .....j...P..S.5.
03E0: 77 7D 77 BC D7 E3 83 7D 9C 44 75 90 64 EC 3D 86 w.w......Du.d.=.
03F0: A5 CC E0 72 91 1F 40 FE 77 48 58 BA 12 2B 86 0B ...r..@.wHX..+..
0400: 89 04 A4 0E E4 35 C7 24 4C 5E 3F EB D4 9E 97 01 .....5.$L^?.....
0410: 00 24 A1 C4 3F C1 B3 82 AC 2C 6F 78 D3 A7 C4 DC .$..?....,ox....
0420: 8D 80 C0 13 5A A1 3B 1C CA 81 1F 53 6C 47 5C AA ....Z.;....SlG\.
0430: 7A 8A 0C 34 F6 AC 53 4F A3 7F 96 DF 73 C5 80 1A z..4..SO....s...
0440: A0 BA 6B 50 EB 62 7B E9 16 FE 2A 09 B6 D4 07 B0 ..kP.b....*.....
0450: E9 7B 9D E0 70 05 C1 1D 6E 32 F2 F1 FB 02 88 B9 ....p...n2......
0460: 59 44 A8 8A 67 5A E2 36 B4 3E 55 96 DD D2 C6 47 YD..gZ.6.>U....G
0470: 0B B2 A3 24 97 9A 9D EB 88 E3 D3 6F 0D 57 8D DE ...$.......o.W..
0480: 79 95 B8 45 12 44 2D C8 59 0E 82 5E 0E 1C D1 12 y..E.D-.Y..^....
0490: 8C D9 D5 DE F4 61 3D D8 B1 90 C6 C5 33 E0 DB F1 .....a=.....3...
04A0: 40 D2 CE A5 B8 01 2B 7D 89 12 6A 9E 1F 3A 6D 43 @.....+...j..:mC
04B0: 83 61 F5 05 59 90 9A 38 FD 60 70 CB 13 B1 4D 6B .a..Y..8.`p...Mk
04C0: 3B 5C 44 43 83 81 6D 65 5E 3C 57 80 59 FD 8A 76 ;\DC..me^<W.Y..v
04D0: C8 54 60 9A DC AE 04 04 3E 06 91 E3 18 36 FC 28 .T`.....>....6.(
04E0: 3A 76 D7 B1 23 15 DF A9 47 4B A0 F3 2B A0 8F C5 :v..#...GK..+...
04F0: DB 7C 3C 22 4A E6 27 F1 98 9D 55 FF 6A 76 0F CE ..<"J.'...U.jv..
0500: 46 76 E1 05 6F 44 9B B5 47 F0 C2 1D ED 98 6C 8F Fv..oD..G.....l.
0510: FA 0D 00 00 1E 03 01 02 40 00 18 00 16 30 14 31 ........@....0.1
0520: 12 30 10 06 03 55 04 03 13 09 6C 6F 63 61 6C 68 .0...U....localh
0530: 6F 73 74 0E 00 00 00 ost....
Remoting "cli-client" I/O-1, READ: TLSv1.1 Handshake, length = 1335
*** ServerHello, TLSv1.1
RandomCookie: GMT: 1521170940 bytes = { 242, 230, 136, 210, 213, 172, 78, 148, 154, 108, 136, 6, 113, 233, 199, 100, 175, 115, 155, 147, 1, 61, 75, 126, 112, 9, 131, 155 }
Session ID: {91, 171, 58, 252, 141, 127, 195, 105, 198, 6, 112, 121, 163, 208, 28, 247, 24, 199, 1, 198, 251, 38, 42, 53, 144, 165, 213, 130, 7, 249, 46, 207}
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized: [Session-1, TLS_DHE_RSA_WITH_AES_128_CBC_SHA]
** TLS_DHE_RSA_WITH_AES_128_CBC_SHA
[read] MD5 and SHA1 hashes: len = 81
0000: 02 00 00 4D 03 02 5B AB 3A FC F2 E6 88 D2 D5 AC ...M..[.:.......
0010: 4E 94 9A 6C 88 06 71 E9 C7 64 AF 73 9B 93 01 3D N..l..q..d.s...=
0020: 4B 7E 70 09 83 9B 20 5B AB 3A FC 8D 7F C3 69 C6 K.p... [.:....i.
0030: 06 70 79 A3 D0 1C F7 18 C7 01 C6 FB 26 2A 35 90 .py.........&*5.
0040: A5 D5 82 07 F9 2E CF 00 33 00 00 05 FF 01 00 01 ........3.......
0050: 00 .
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=localhost
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: SunPKCS11-testPkcs RSA public key, 2048 bits (id 1, session object)
modulus: 29060123608617163373357149186256302256690451367273583694712552941294495945669213396459502551108916094627533354975746646666668842224005427071342014703724867595834265833597653226684476041132529577057616340675158367673515462715606125948342173240068681053092167230285139913636897825272175166487919177666175429335290108106586350573299399694766185621699238640195733014718643273239932334848508667464273536478425494610303007038278319092995432198293501253513948283570354423460202091267051802117639318389505305071743195030308445185313940330772467812384031836756010630541070712480212261340080742910315102003347114016899339118567
public exponent: 65537
Validity: [From: Thu Jun 09 10:50:53 CEST 2016,
To: Mon Jun 09 10:50:53 CEST 2036]
Issuer: CN=localhost
SerialNumber: [ a69a90a2]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 39 D3 A0 BE DD 4D 83 CD BA 59 04 A0 F0 D9 EE E4 9....M...Y......
0010: 66 3B B8 0B 99 19 0F 2E 2E 79 B4 A5 71 BD 5A 2B f;.......y..q.Z+
0020: E8 F4 A3 04 42 7E 20 54 90 4F 5E A8 DC 8B A1 46 ....B. T.O^....F
0030: BE 10 FC 45 7C 6D 01 CF D0 A0 4B E5 6F BF 35 3B ...E.m....K.o.5;
0040: FB 11 F1 4D 16 B1 E0 4B 19 2A A8 D8 2D C7 0B 43 ...M...K.*..-..C
0050: 3C 55 F3 3E 8C 05 43 14 F0 A1 DE E4 67 9E 36 D9 <U.>..C.....g.6.
0060: 35 2E 47 1E D0 78 39 39 81 C6 4C EE E7 76 D4 22 5.G..x99..L..v."
0070: 50 D0 1A AE CA 98 A2 62 8A 7B A4 F6 3A 1E 87 CD P......b....:...
0080: 96 95 61 09 24 35 7A 80 68 42 68 66 73 DC CF 1F ..a.$5z.hBhfs...
0090: 0A DE 1E 6F 90 B0 C8 77 87 E4 B3 E0 F7 A6 5F 11 ...o...w......_.
00A0: 9D 3B 67 F4 31 32 13 26 EA FE 5A 48 C5 8E 6C 28 .;g.12.&..ZH..l(
00B0: 52 25 59 DB DB 49 40 F6 1F 03 09 AC 28 9C 16 4A R%Y..I@.....(..J
00C0: 8D 92 DE 53 19 D1 85 12 AA 5C 1A AB 1F 5C 32 DB ...S.....\...\2.
00D0: F8 43 92 56 86 A8 7D 2B 9B DD D2 9B 27 F7 5E A4 .C.V...+....'.^.
00E0: 47 F9 C6 7B D8 71 80 94 16 F5 8E F5 4A 45 7A 97 G....q......JEz.
00F0: 2F C2 62 9D B9 41 54 26 ED C9 DD DF C5 1C F8 B8 /.b..AT&........
]
***
java.security.KeyStoreException: JKS not found
at java.security.KeyStore.getInstance(KeyStore.java:851)
at sun.security.util.AnchorCertificates$1.run(AnchorCertificates.java:59)
at sun.security.util.AnchorCertificates$1.run(AnchorCertificates.java:52)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.util.AnchorCertificates.<clinit>(AnchorCertificates.java:52)
at sun.security.provider.certpath.AlgorithmChecker.checkFingerprint(AlgorithmChecker.java:214)
at sun.security.provider.certpath.AlgorithmChecker.<init>(AlgorithmChecker.java:164)
at sun.security.provider.certpath.AlgorithmChecker.<init>(AlgorithmChecker.java:118)
at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:157)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1601)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:992)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:989)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1467)
at org.xnio.ssl.JsseSslConduitEngine.handleHandshake(JsseSslConduitEngine.java:543)
at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:314)
at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:204)
at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:98)
at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:72)
at org.xnio.conduits.ConduitStreamSinkChannel.write(ConduitStreamSinkChannel.java:150)
at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:385)
at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:372)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at org.xnio.conduits.WriteReadyHandler$ChannelListenerHandler.writeReady(WriteReadyHandler.java:65)
at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:94)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:591)
Caused by: java.security.NoSuchAlgorithmException: JKS KeyStore not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
at java.security.Security.getImpl(Security.java:695)
at java.security.KeyStore.getInstance(KeyStore.java:848)
... 31 more
Found trusted certificate:
[
[
Version: V3
Subject: CN=localhost
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: SunPKCS11-testPkcs RSA public key, 2048 bits (id 1, session object)
modulus: 29060123608617163373357149186256302256690451367273583694712552941294495945669213396459502551108916094627533354975746646666668842224005427071342014703724867595834265833597653226684476041132529577057616340675158367673515462715606125948342173240068681053092167230285139913636897825272175166487919177666175429335290108106586350573299399694766185621699238640195733014718643273239932334848508667464273536478425494610303007038278319092995432198293501253513948283570354423460202091267051802117639318389505305071743195030308445185313940330772467812384031836756010630541070712480212261340080742910315102003347114016899339118567
public exponent: 65537
Validity: [From: Thu Jun 09 10:50:53 CEST 2016,
To: Mon Jun 09 10:50:53 CEST 2036]
Issuer: CN=localhost
SerialNumber: [ a69a90a2]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 39 D3 A0 BE DD 4D 83 CD BA 59 04 A0 F0 D9 EE E4 9....M...Y......
0010: 66 3B B8 0B 99 19 0F 2E 2E 79 B4 A5 71 BD 5A 2B f;.......y..q.Z+
0020: E8 F4 A3 04 42 7E 20 54 90 4F 5E A8 DC 8B A1 46 ....B. T.O^....F
0030: BE 10 FC 45 7C 6D 01 CF D0 A0 4B E5 6F BF 35 3B ...E.m....K.o.5;
0040: FB 11 F1 4D 16 B1 E0 4B 19 2A A8 D8 2D C7 0B 43 ...M...K.*..-..C
0050: 3C 55 F3 3E 8C 05 43 14 F0 A1 DE E4 67 9E 36 D9 <U.>..C.....g.6.
0060: 35 2E 47 1E D0 78 39 39 81 C6 4C EE E7 76 D4 22 5.G..x99..L..v."
0070: 50 D0 1A AE CA 98 A2 62 8A 7B A4 F6 3A 1E 87 CD P......b....:...
0080: 96 95 61 09 24 35 7A 80 68 42 68 66 73 DC CF 1F ..a.$5z.hBhfs...
0090: 0A DE 1E 6F 90 B0 C8 77 87 E4 B3 E0 F7 A6 5F 11 ...o...w......_.
00A0: 9D 3B 67 F4 31 32 13 26 EA FE 5A 48 C5 8E 6C 28 .;g.12.&..ZH..l(
00B0: 52 25 59 DB DB 49 40 F6 1F 03 09 AC 28 9C 16 4A R%Y..I@.....(..J
00C0: 8D 92 DE 53 19 D1 85 12 AA 5C 1A AB 1F 5C 32 DB ...S.....\...\2.
00D0: F8 43 92 56 86 A8 7D 2B 9B DD D2 9B 27 F7 5E A4 .C.V...+....'.^.
00E0: 47 F9 C6 7B D8 71 80 94 16 F5 8E F5 4A 45 7A 97 G....q......JEz.
00F0: 2F C2 62 9D B9 41 54 26 ED C9 DD DF C5 1C F8 B8 /.b..AT&........
]
[read] MD5 and SHA1 hashes: len = 691
0000: 0B 00 02 AF 00 02 AC 00 02 A9 30 82 02 A5 30 82 ..........0...0.
0010: 01 8D A0 03 02 01 02 02 05 00 A6 9A 90 A2 30 0D ..............0.
0020: 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 30 14 31 ..*.H........0.1
0030: 12 30 10 06 03 55 04 03 13 09 6C 6F 63 61 6C 68 .0...U....localh
0040: 6F 73 74 30 1E 17 0D 31 36 30 36 30 39 30 38 35 ost0...160609085
0050: 30 35 33 5A 17 0D 33 36 30 36 30 39 30 38 35 30 053Z..3606090850
0060: 35 33 5A 30 14 31 12 30 10 06 03 55 04 03 13 09 53Z0.1.0...U....
0070: 6C 6F 63 61 6C 68 6F 73 74 30 82 01 22 30 0D 06 localhost0.."0..
0080: 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F .*.H............
0090: 00 30 82 01 0A 02 82 01 01 00 E6 33 55 5C D1 43 .0.........3U\.C
00A0: 74 86 82 35 F9 0D CD 11 24 F3 14 90 10 32 EA 17 t..5....$....2..
00B0: 1D CF B3 B1 46 AE DF 61 5F B5 7C 30 78 0C 98 51 ....F..a_..0x..Q
00C0: 33 37 D7 23 A3 AC A9 29 37 27 BA EE 42 A4 C2 F8 37.#...)7'..B...
00D0: E6 0C EE 13 24 83 C4 28 F0 EB 7F BE A7 F7 1C 1D ....$..(........
00E0: F0 80 12 52 8A BB F9 FC 58 11 8D A2 35 74 7A CB ...R....X...5tz.
00F0: EF D5 24 2D 6D AF C2 F3 8D F7 E6 6D FE B3 7F 3A ..$-m......m...:
0100: 30 48 C4 4B AC 35 A5 4A EB 74 E2 7C 34 0D 8E 0F 0H.K.5.J.t..4...
0110: 86 EF 69 F9 FB 10 96 93 BD FE C9 42 02 FC 3F FA ..i........B..?.
0120: AD DF 70 67 7B 81 88 A3 FE FB E3 30 DE 1E 98 40 ..pg.......0...@
0130: 70 EE 66 89 25 56 D2 89 01 20 AD 8F 78 E3 F3 A5 p.f.%V... ..x...
0140: 30 CD 37 52 CF C5 16 CF E0 AB A1 C5 8F 60 C5 46 0.7R.........`.F
0150: 77 03 8C 83 7E 59 EB 7E 35 A2 7F 34 A9 5D 0D 75 w....Y..5..4.].u
0160: 77 2F C2 77 92 96 71 D1 E3 63 2F 3C D0 3F F0 35 w/.w..q..c/<.?.5
0170: 8E 09 61 EA 51 83 00 FC E9 DB 61 E2 84 01 02 9E ..a.Q.....a.....
0180: 50 55 AA 30 C2 BF B1 1E 9D 7D C5 2A 21 71 0E 46 PU.0.......*!q.F
0190: C7 7C 67 3B 52 E4 AD EB E7 E7 02 03 01 00 01 30 ..g;R..........0
01A0: 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 03 82 ...*.H..........
01B0: 01 01 00 39 D3 A0 BE DD 4D 83 CD BA 59 04 A0 F0 ...9....M...Y...
01C0: D9 EE E4 66 3B B8 0B 99 19 0F 2E 2E 79 B4 A5 71 ...f;.......y..q
01D0: BD 5A 2B E8 F4 A3 04 42 7E 20 54 90 4F 5E A8 DC .Z+....B. T.O^..
01E0: 8B A1 46 BE 10 FC 45 7C 6D 01 CF D0 A0 4B E5 6F ..F...E.m....K.o
01F0: BF 35 3B FB 11 F1 4D 16 B1 E0 4B 19 2A A8 D8 2D .5;...M...K.*..-
0200: C7 0B 43 3C 55 F3 3E 8C 05 43 14 F0 A1 DE E4 67 ..C<U.>..C.....g
0210: 9E 36 D9 35 2E 47 1E D0 78 39 39 81 C6 4C EE E7 .6.5.G..x99..L..
0220: 76 D4 22 50 D0 1A AE CA 98 A2 62 8A 7B A4 F6 3A v."P......b....:
0230: 1E 87 CD 96 95 61 09 24 35 7A 80 68 42 68 66 73 .....a.$5z.hBhfs
0240: DC CF 1F 0A DE 1E 6F 90 B0 C8 77 87 E4 B3 E0 F7 ......o...w.....
0250: A6 5F 11 9D 3B 67 F4 31 32 13 26 EA FE 5A 48 C5 ._..;g.12.&..ZH.
0260: 8E 6C 28 52 25 59 DB DB 49 40 F6 1F 03 09 AC 28 .l(R%Y..I@.....(
0270: 9C 16 4A 8D 92 DE 53 19 D1 85 12 AA 5C 1A AB 1F ..J...S.....\...
0280: 5C 32 DB F8 43 92 56 86 A8 7D 2B 9B DD D2 9B 27 \2..C.V...+....'
0290: F7 5E A4 47 F9 C6 7B D8 71 80 94 16 F5 8E F5 4A .^.G....q......J
02A0: 45 7A 97 2F C2 62 9D B9 41 54 26 ED C9 DD DF C5 Ez./.b..AT&.....
02B0: 1C F8 B8 ...
*** Diffie-Hellman ServerKeyExchange
DH Modulus: { 255, 255, 255, 255, 255, 255, 255, 255, 201, 15, 218, 162, 33, 104, 194, 52, 196, 198, 98, 139, 128, 220, 28, 209, 41, 2, 78, 8, 138, 103, 204, 116, 2, 11, 190, 166, 59, 19, 155, 34, 81, 74, 8, 121, 142, 52, 4, 221, 239, 149, 25, 179, 205, 58, 67, 27, 48, 43, 10, 109, 242, 95, 20, 55, 79, 225, 53, 109, 109, 81, 194, 69, 228, 133, 181, 118, 98, 94, 126, 198, 244, 76, 66, 233, 166, 55, 237, 107, 11, 255, 92, 182, 244, 6, 183, 237, 238, 56, 107, 251, 90, 137, 159, 165, 174, 159, 36, 17, 124, 75, 31, 230, 73, 40, 102, 81, 236, 230, 83, 129, 255, 255, 255, 255, 255, 255, 255, 255 }
DH Base: { 2 }
Server DH Public Key: { 148, 53, 27, 54, 80, 5, 15, 234, 207, 146, 253, 240, 119, 170, 192, 99, 150, 236, 44, 177, 91, 68, 147, 193, 24, 148, 25, 169, 162, 203, 203, 16, 218, 84, 180, 243, 153, 158, 204, 21, 77, 115, 162, 168, 71, 221, 150, 77, 175, 33, 48, 27, 148, 19, 67, 215, 242, 173, 45, 180, 157, 133, 113, 170, 21, 141, 145, 181, 46, 172, 106, 237, 233, 153, 80, 5, 145, 83, 255, 53, 224, 119, 125, 119, 188, 215, 227, 131, 125, 156, 68, 117, 144, 100, 236, 61, 134, 165, 204, 224, 114, 145, 31, 64, 254, 119, 72, 88, 186, 18, 43, 134, 11, 137, 4, 164, 14, 228, 53, 199, 36, 76, 94, 63, 235, 212, 158, 151 }
Anonymous
[read] MD5 and SHA1 hashes: len = 525
0000: 0C 00 02 09 00 80 FF FF FF FF FF FF FF FF C9 0F ................
0010: DA A2 21 68 C2 34 C4 C6 62 8B 80 DC 1C D1 29 02 ..!h.4..b.....).
0020: 4E 08 8A 67 CC 74 02 0B BE A6 3B 13 9B 22 51 4A N..g.t....;.."QJ
0030: 08 79 8E 34 04 DD EF 95 19 B3 CD 3A 43 1B 30 2B .y.4.......:C.0+
0040: 0A 6D F2 5F 14 37 4F E1 35 6D 6D 51 C2 45 E4 85 .m._.7O.5mmQ.E..
0050: B5 76 62 5E 7E C6 F4 4C 42 E9 A6 37 ED 6B 0B FF .vb^...LB..7.k..
0060: 5C B6 F4 06 B7 ED EE 38 6B FB 5A 89 9F A5 AE 9F \......8k.Z.....
0070: 24 11 7C 4B 1F E6 49 28 66 51 EC E6 53 81 FF FF $..K..I(fQ..S...
0080: FF FF FF FF FF FF 00 01 02 00 80 94 35 1B 36 50 ............5.6P
0090: 05 0F EA CF 92 FD F0 77 AA C0 63 96 EC 2C B1 5B .......w..c..,.[
00A0: 44 93 C1 18 94 19 A9 A2 CB CB 10 DA 54 B4 F3 99 D...........T...
00B0: 9E CC 15 4D 73 A2 A8 47 DD 96 4D AF 21 30 1B 94 ...Ms..G..M.!0..
00C0: 13 43 D7 F2 AD 2D B4 9D 85 71 AA 15 8D 91 B5 2E .C...-...q......
00D0: AC 6A ED E9 99 50 05 91 53 FF 35 E0 77 7D 77 BC .j...P..S.5.w.w.
00E0: D7 E3 83 7D 9C 44 75 90 64 EC 3D 86 A5 CC E0 72 .....Du.d.=....r
00F0: 91 1F 40 FE 77 48 58 BA 12 2B 86 0B 89 04 A4 0E ..@.wHX..+......
0100: E4 35 C7 24 4C 5E 3F EB D4 9E 97 01 00 24 A1 C4 .5.$L^?......$..
0110: 3F C1 B3 82 AC 2C 6F 78 D3 A7 C4 DC 8D 80 C0 13 ?....,ox........
0120: 5A A1 3B 1C CA 81 1F 53 6C 47 5C AA 7A 8A 0C 34 Z.;....SlG\.z..4
0130: F6 AC 53 4F A3 7F 96 DF 73 C5 80 1A A0 BA 6B 50 ..SO....s.....kP
0140: EB 62 7B E9 16 FE 2A 09 B6 D4 07 B0 E9 7B 9D E0 .b....*.........
0150: 70 05 C1 1D 6E 32 F2 F1 FB 02 88 B9 59 44 A8 8A p...n2......YD..
0160: 67 5A E2 36 B4 3E 55 96 DD D2 C6 47 0B B2 A3 24 gZ.6.>U....G...$
0170: 97 9A 9D EB 88 E3 D3 6F 0D 57 8D DE 79 95 B8 45 .......o.W..y..E
0180: 12 44 2D C8 59 0E 82 5E 0E 1C D1 12 8C D9 D5 DE .D-.Y..^........
0190: F4 61 3D D8 B1 90 C6 C5 33 E0 DB F1 40 D2 CE A5 .a=.....3...@...
01A0: B8 01 2B 7D 89 12 6A 9E 1F 3A 6D 43 83 61 F5 05 ..+...j..:mC.a..
01B0: 59 90 9A 38 FD 60 70 CB 13 B1 4D 6B 3B 5C 44 43 Y..8.`p...Mk;\DC
01C0: 83 81 6D 65 5E 3C 57 80 59 FD 8A 76 C8 54 60 9A ..me^<W.Y..v.T`.
01D0: DC AE 04 04 3E 06 91 E3 18 36 FC 28 3A 76 D7 B1 ....>....6.(:v..
01E0: 23 15 DF A9 47 4B A0 F3 2B A0 8F C5 DB 7C 3C 22 #...GK..+.....<"
01F0: 4A E6 27 F1 98 9D 55 FF 6A 76 0F CE 46 76 E1 05 J.'...U.jv..Fv..
0200: 6F 44 9B B5 47 F0 C2 1D ED 98 6C 8F FA oD..G.....l..
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Cert Authorities:
<CN=localhost>
[read] MD5 and SHA1 hashes: len = 34
0000: 0D 00 00 1E 03 01 02 40 00 18 00 16 30 14 31 12 .......@....0.1.
0010: 30 10 06 03 55 04 03 13 09 6C 6F 63 61 6C 68 6F 0...U....localho
0020: 73 74 st
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
Warning: no suitable certificate found - continuing without client authentication
*** Certificate chain
<Empty>
***
*** ClientKeyExchange, DH
DH Public key: { 31, 66, 240, 208, 16, 143, 66, 141, 11, 20, 75, 55, 116, 18, 2, 229, 98, 172, 167, 10, 203, 198, 95, 178, 234, 223, 11, 247, 132, 4, 253, 98, 164, 191, 243, 215, 152, 231, 163, 2, 154, 88, 110, 19, 120, 71, 156, 106, 175, 140, 218, 20, 102, 132, 210, 193, 36, 2, 202, 72, 220, 154, 73, 244, 151, 206, 126, 125, 1, 178, 198, 222, 100, 7, 8, 51, 234, 199, 169, 7, 8, 189, 115, 8, 200, 86, 253, 241, 206, 223, 197, 135, 184, 90, 224, 38, 134, 15, 18, 122, 82, 6, 242, 119, 29, 140, 233, 239, 79, 108, 100, 206, 87, 75, 203, 143, 191, 168, 93, 186, 86, 163, 76, 131, 73, 193, 198, 206 }
[write] MD5 and SHA1 hashes: len = 141
0000: 0B 00 00 03 00 00 00 10 00 00 82 00 80 1F 42 F0 ..............B.
0010: D0 10 8F 42 8D 0B 14 4B 37 74 12 02 E5 62 AC A7 ...B...K7t...b..
0020: 0A CB C6 5F B2 EA DF 0B F7 84 04 FD 62 A4 BF F3 ..._........b...
0030: D7 98 E7 A3 02 9A 58 6E 13 78 47 9C 6A AF 8C DA ......Xn.xG.j...
0040: 14 66 84 D2 C1 24 02 CA 48 DC 9A 49 F4 97 CE 7E .f...$..H..I....
0050: 7D 01 B2 C6 DE 64 07 08 33 EA C7 A9 07 08 BD 73 .....d..3......s
0060: 08 C8 56 FD F1 CE DF C5 87 B8 5A E0 26 86 0F 12 ..V.......Z.&...
0070: 7A 52 06 F2 77 1D 8C E9 EF 4F 6C 64 CE 57 4B CB zR..w....Old.WK.
0080: 8F BF A8 5D BA 56 A3 4C 83 49 C1 C6 CE ...].V.L.I...
Remoting "cli-client" I/O-1, WRITE: TLSv1.1 Handshake, length = 141
SESSION KEYGEN:
PreMaster Secret:
(key bytes not available)
CONNECTION KEYGEN:
Client Nonce:
0000: 5B AB 3A FC 5B A1 D4 8B 36 5B 9F 4A 89 C2 01 98 [.:.[...6[.J....
0010: 2E 6D 42 91 67 C7 26 36 70 C7 2C 47 85 6F 7C C1 .mB.g.&6p.,G.o..
Server Nonce:
0000: 5B AB 3A FC F2 E6 88 D2 D5 AC 4E 94 9A 6C 88 06 [.:.......N..l..
0010: 71 E9 C7 64 AF 73 9B 93 01 3D 4B 7E 70 09 83 9B q..d.s...=K.p...
Master Secret:
(key bytes not available)
Client MAC write Secret:
(key bytes not available)
Server MAC write Secret:
(key bytes not available)
Client write key:
(key bytes not available)
Server write key:
(key bytes not available)
... no IV derived for this protocol
Remoting "cli-client" I/O-1, WRITE: TLSv1.1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 120, 192, 198, 77, 85, 94, 52, 196, 226, 125, 145, 15 }
***
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 78 C0 C6 4D 55 5E 34 C4 E2 7D 91 0F ....x..MU^4.....
Padded plaintext before ENCRYPTION: len = 64
0000: C3 8C B0 C2 95 1F F5 53 37 81 9F 29 E7 DB 5C D5 .......S7..)..\.
0010: 14 00 00 0C 78 C0 C6 4D 55 5E 34 C4 E2 7D 91 0F ....x..MU^4.....
0020: A0 87 D1 82 3C B3 68 4F E4 0B DB 4D FB A6 C7 0D ....<.hO...M....
0030: 67 A4 C4 91 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B g...............
Remoting "cli-client" I/O-1, WRITE: TLSv1.1 Handshake, length = 64
[Raw write]: length = 146
0000: 16 03 02 00 8D 0B 00 00 03 00 00 00 10 00 00 82 ................
0010: 00 80 1F 42 F0 D0 10 8F 42 8D 0B 14 4B 37 74 12 ...B....B...K7t.
0020: 02 E5 62 AC A7 0A CB C6 5F B2 EA DF 0B F7 84 04 ..b....._.......
0030: FD 62 A4 BF F3 D7 98 E7 A3 02 9A 58 6E 13 78 47 .b.........Xn.xG
0040: 9C 6A AF 8C DA 14 66 84 D2 C1 24 02 CA 48 DC 9A .j....f...$..H..
0050: 49 F4 97 CE 7E 7D 01 B2 C6 DE 64 07 08 33 EA C7 I.........d..3..
0060: A9 07 08 BD 73 08 C8 56 FD F1 CE DF C5 87 B8 5A ....s..V.......Z
0070: E0 26 86 0F 12 7A 52 06 F2 77 1D 8C E9 EF 4F 6C .&...zR..w....Ol
0080: 64 CE 57 4B CB 8F BF A8 5D BA 56 A3 4C 83 49 C1 d.WK....].V.L.I.
0090: C6 CE ..
[Raw write]: length = 6
0000: 14 03 02 00 01 01 ......
[Raw write]: length = 69
0000: 16 03 02 00 40 0E 05 59 FD 7F FD 53 C3 98 4B 55 ....@..Y...S..KU
0010: 48 BD CC 67 CB 1C C4 7C 4E 32 ED 06 D2 DD 24 96 H..g....N2....$.
0020: 66 BF 9F 4D 65 58 84 65 67 0E A3 8C C8 94 7D 9E f..MeX.eg.......
0030: ED 02 35 D1 E8 8E 5B CD FD 37 0F 35 F6 58 AF 7D ..5...[..7.5.X..
0040: 5D 0F 5E 14 46 ].^.F
[Raw read]: length = 5
0000: 15 03 02 00 02 .....
[Raw read]: length = 2
0000: 02 2A .*
Remoting "cli-client" I/O-1, READ: TLSv1.1 Alert, length = 2
Remoting "cli-client" I/O-1, RECV TLSv1.1 ALERT: fatal, bad_certificate
Remoting "cli-client" I/O-1, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: bad_certificate
Remoting "cli-client" I/O-1, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: bad_certificate
Remoting "cli-client" I/O-1, called closeOutbound()
Remoting "cli-client" I/O-1, closeOutboundInternal()
Remoting "cli-client" I/O-1, SEND TLSv1.1 ALERT: warning, description = close_notify
Padded plaintext before ENCRYPTION: len = 48
0000: 16 46 34 B5 6C 35 D2 EC 86 6B 7E D0 F6 3B F4 2B .F4.l5...k...;.+
0010: 01 00 4C 69 07 CE 53 E7 B5 BC D6 8B 93 98 8E 3A ..Li..S........:
0020: CB 89 5B 7D FD 42 09 09 09 09 09 09 09 09 09 09 ..[..B..........
Remoting "cli-client" I/O-1, WRITE: TLSv1.1 Alert, length = 48
[Raw write]: length = 53
0000: 15 03 02 00 30 E3 16 30 AF 31 48 C2 D7 66 AB 75 ....0..0.1H..f.u
0010: BA 76 13 DC E9 BC F8 62 B4 CA A9 2F 13 8B 1A 30 .v.....b.../...0
0020: CB AB B8 A5 24 09 20 BF F1 48 64 F7 2C BF AB B6 ....$. ..Hd.,...
0030: 8F E4 99 5E 83 ...^.
Failed to establish connection in 6044ms
{code}
> FIPS NoSuchAlgorithmException: JKS KeyStore not available when trustmanager SunX509
> -----------------------------------------------------------------------------------
>
> Key: ELY-1648
> URL: https://issues.jboss.org/browse/ELY-1648
> Project: WildFly Elytron
> Issue Type: Bug
> Components: SSL
> Affects Versions: 1.5.5.Final
> Reporter: Martin Choma
> Assignee: Justin Cook
> Attachments: java.security
>
>
> With SunX509 truststore algorithm I can succesfully connect with CLI.
> {code}
> <configuration>
> <authentication-client xmlns="urn:elytron:client:1.1">
> <key-stores>
> <key-store name="truststore" type="PKCS11">
> <key-store-clear-password password="${password}" />
> </key-store>
> </key-stores>
> <ssl-contexts>
> <ssl-context name="client-cli-context">
> <trust-manager algorithm="SunX509" />
> <trust-store key-store-name="truststore" />
> <cipher-suite selector="${cipher.suite.filter}" />
> <protocol names="${protocol}" />
> </ssl-context>
> </ssl-contexts>
> <ssl-context-rules>
> <rule use-ssl-context="client-cli-context" />
> </ssl-context-rules>
> </authentication-client>
> </configuration>
> {code}
> But there is a exception in log
> {code}
> 13:58:27,652 INFO [com.redhat.eap.qe.cli.CustomCLIExecutor] (main) java.security.KeyStoreException: JKS not found
> at java.security.KeyStore.getInstance(KeyStore.java:851)
> at sun.security.util.AnchorCertificates$1.run(AnchorCertificates.java:59)
> at sun.security.util.AnchorCertificates$1.run(AnchorCertificates.java:52)
> at java.security.AccessController.doPrivileged(Native Method)
> at sun.security.util.AnchorCertificates.<clinit>(AnchorCertificates.java:52)
> at sun.security.provider.certpath.AlgorithmChecker.checkFingerprint(AlgorithmChecker.java:214)
> at sun.security.provider.certpath.AlgorithmChecker.<init>(AlgorithmChecker.java:164)
> at sun.security.provider.certpath.AlgorithmChecker.<init>(AlgorithmChecker.java:118)
> at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:157)
> at sun.security.validator.Validator.validate(Validator.java:260)
> at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
> at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281)
> at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
> at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1601)
> at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
> at sun.security.ssl.Handshaker$1.run(Handshaker.java:992)
> at sun.security.ssl.Handshaker$1.run(Handshaker.java:989)
> at java.security.AccessController.doPrivileged(Native Method)
> at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1467)
> at org.xnio.ssl.JsseSslConduitEngine.handleHandshake(JsseSslConduitEngine.java:543)
> at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:314)
> at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:204)
> at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:98)
> at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:72)
> at org.xnio.conduits.ConduitStreamSinkChannel.write(ConduitStreamSinkChannel.java:150)
> at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:385)
> at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:372)
> at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
> at org.xnio.conduits.WriteReadyHandler$ChannelListenerHandler.writeReady(WriteReadyHandler.java:65)
> at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:94)
> at org.xnio.nio.WorkerThread.run(WorkerThread.java:591)
> Caused by: java.security.NoSuchAlgorithmException: JKS KeyStore not available
> at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
> at java.security.Security.getImpl(Security.java:695)
> at java.security.KeyStore.getInstance(KeyStore.java:848)
> ... 31 more
> {code}
> When I change SunX509 to PKIX exception does not occure anymore.
> Seems exception is thrown by code https://github.com/JetBrains/jdk8u_jdk/blob/master/src/share/classes/sun/...
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
7 years, 9 months
[JBoss JIRA] (ELY-1648) FIPS NoSuchAlgorithmException: JKS KeyStore not available when trustmanager SunX509
by Martin Choma (JIRA)
[ https://issues.jboss.org/browse/ELY-1648?page=com.atlassian.jira.plugin.s... ]
Martin Choma updated ELY-1648:
------------------------------
Steps to Reproduce:
- Run server and jboss-cli client with FIPS java
- ./jboss-cli.sh \
-c \
-Dwildfly.config.url=file:///home/mchoma/task/ELY-1648/wildfly-config.xml \
--connect
{code}
/subsystem=elytron/key-store=key-store-name_test-server-ssl-context:add(type=PKCS11, credential-reference={clear-text => pass123+})
/subsystem=elytron/key-manager=key-manager-name_test-server-ssl-context:add(key-store=key-store-name_test-server-ssl-context, credential-reference={clear-text => pass123+})
/subsystem=elytron/key-store=trust-store-name_test-server-ssl-context:add(type=PKCS11, credential-reference={clear-text => pass123+})
/subsystem=elytron/trust-manager=trust-manager-name_test-server-ssl-context:add(key-store=trust-store-name_test-server-ssl-context)
/subsystem=elytron/server-ssl-context=test-server-ssl-context:add(key-manager=key-manager-name_test-server-ssl-context, cipher-suite-filter="TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_anon_WITH_AES_128_CBC_SHA,TLS_ECDH_anon_WITH_AES_256_CBC_SHA", trust-manager=trust-manager-name_test-server-ssl-context, protocols=[TLSv1.1], need-client-auth=true)
/core-service=management/management-interface=http-interface:write-attribute(name=ssl-context, value=test-server-ssl-context)
reload
/core-service=management/management-interface=http-interface:write-attribute(name=secure-socket-binding, value=management-https)
reload
{code}
Exception thrown from CLI (not in server.log) while trying to reconnect
was:
- Run server and jboss-cli client with FIPS java
- ./jboss-cli.sh \
-c \
-Dwildfly.config.url=file:///home/mchoma/task/ELY-1648/wildfly-config.xml \
--connect
{code}
/subsystem=elytron/key-store=key-store-name_test-server-ssl-context:add(type=PKCS11, credential-reference={clear-text => pass123+})
/subsystem=elytron/key-manager=key-manager-name_test-server-ssl-context:add(key-store=key-store-name_test-server-ssl-context, credential-reference={clear-text => pass123+})
/subsystem=elytron/key-store=trust-store-name_test-server-ssl-context:add(type=PKCS11, credential-reference={clear-text => pass123+})
/subsystem=elytron/trust-manager=trust-manager-name_test-server-ssl-context:add(key-store=trust-store-name_test-server-ssl-context)
/subsystem=elytron/server-ssl-context=test-server-ssl-context:add(key-manager=key-manager-name_test-server-ssl-context, cipher-suite-filter="TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_anon_WITH_AES_128_CBC_SHA,TLS_ECDH_anon_WITH_AES_256_CBC_SHA", trust-manager=trust-manager-name_test-server-ssl-context, protocols=[TLSv1.1], need-client-auth=true)
/core-service=management/management-interface=http-interface:write-attribute(name=ssl-context, value=test-server-ssl-context)
reload
/core-service=management/management-interface=http-interface:write-attribute(name=secure-socket-binding, value=management-https)
reload
{code}
Exception thrown from CLI trying to reconnect
> FIPS NoSuchAlgorithmException: JKS KeyStore not available when trustmanager SunX509
> -----------------------------------------------------------------------------------
>
> Key: ELY-1648
> URL: https://issues.jboss.org/browse/ELY-1648
> Project: WildFly Elytron
> Issue Type: Bug
> Components: SSL
> Affects Versions: 1.5.5.Final
> Reporter: Martin Choma
> Assignee: Justin Cook
> Attachments: java.security
>
>
> With SunX509 truststore algorithm I can succesfully connect with CLI.
> {code}
> <configuration>
> <authentication-client xmlns="urn:elytron:client:1.1">
> <key-stores>
> <key-store name="truststore" type="PKCS11">
> <key-store-clear-password password="${password}" />
> </key-store>
> </key-stores>
> <ssl-contexts>
> <ssl-context name="client-cli-context">
> <trust-manager algorithm="SunX509" />
> <trust-store key-store-name="truststore" />
> <cipher-suite selector="${cipher.suite.filter}" />
> <protocol names="${protocol}" />
> </ssl-context>
> </ssl-contexts>
> <ssl-context-rules>
> <rule use-ssl-context="client-cli-context" />
> </ssl-context-rules>
> </authentication-client>
> </configuration>
> {code}
> But there is a exception in log
> {code}
> 13:58:27,652 INFO [com.redhat.eap.qe.cli.CustomCLIExecutor] (main) java.security.KeyStoreException: JKS not found
> at java.security.KeyStore.getInstance(KeyStore.java:851)
> at sun.security.util.AnchorCertificates$1.run(AnchorCertificates.java:59)
> at sun.security.util.AnchorCertificates$1.run(AnchorCertificates.java:52)
> at java.security.AccessController.doPrivileged(Native Method)
> at sun.security.util.AnchorCertificates.<clinit>(AnchorCertificates.java:52)
> at sun.security.provider.certpath.AlgorithmChecker.checkFingerprint(AlgorithmChecker.java:214)
> at sun.security.provider.certpath.AlgorithmChecker.<init>(AlgorithmChecker.java:164)
> at sun.security.provider.certpath.AlgorithmChecker.<init>(AlgorithmChecker.java:118)
> at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:157)
> at sun.security.validator.Validator.validate(Validator.java:260)
> at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
> at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281)
> at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
> at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1601)
> at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
> at sun.security.ssl.Handshaker$1.run(Handshaker.java:992)
> at sun.security.ssl.Handshaker$1.run(Handshaker.java:989)
> at java.security.AccessController.doPrivileged(Native Method)
> at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1467)
> at org.xnio.ssl.JsseSslConduitEngine.handleHandshake(JsseSslConduitEngine.java:543)
> at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:314)
> at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:204)
> at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:98)
> at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:72)
> at org.xnio.conduits.ConduitStreamSinkChannel.write(ConduitStreamSinkChannel.java:150)
> at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:385)
> at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:372)
> at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
> at org.xnio.conduits.WriteReadyHandler$ChannelListenerHandler.writeReady(WriteReadyHandler.java:65)
> at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:94)
> at org.xnio.nio.WorkerThread.run(WorkerThread.java:591)
> Caused by: java.security.NoSuchAlgorithmException: JKS KeyStore not available
> at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
> at java.security.Security.getImpl(Security.java:695)
> at java.security.KeyStore.getInstance(KeyStore.java:848)
> ... 31 more
> {code}
> When I change SunX509 to PKIX exception does not occure anymore.
> Seems exception is thrown by code https://github.com/JetBrains/jdk8u_jdk/blob/master/src/share/classes/sun/...
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
7 years, 9 months
[JBoss JIRA] (WFLY-10339) Broadcast/discovery-group resources have ambiguous requirement specs
by Jeff Mesnil (JIRA)
[ https://issues.jboss.org/browse/WFLY-10339?page=com.atlassian.jira.plugin... ]
Jeff Mesnil commented on WFLY-10339:
------------------------------------
>From the messaging point of view, we have one resource to represent discovery-group.
The whole point of this resource is to delegate the actual discovery mechanism to other resources (wether it is internal with Artemis UDP stack, JGroups resources or any future resources from the discovery subsystem).
I don't understand why we should multiply resources in Artemis for every supported mechanisms.
Capabilities and requirements based on attributes should be sufficient:
* if socket-binding is defined, it requires a socket-binding capability
* if jgroups-xxx attribute is defined, it requires a JGroups capability
* etc.
[~aloubyansky] is that something that Galleon can modelize? I looked at http://docs.wildfly.org/galleon/#_features but that was not clear to me if Galleon supports 'alternative' requirements for a single resource (depending on which attribute is defined, it requires capability A or B).
> Broadcast/discovery-group resources have ambiguous requirement specs
> --------------------------------------------------------------------
>
> Key: WFLY-10339
> URL: https://issues.jboss.org/browse/WFLY-10339
> Project: WildFly
> Issue Type: Bug
> Components: JMS
> Affects Versions: 12.0.0.Final
> Reporter: Paul Ferraro
> Assignee: ehsavoie Hugonnet
>
> Currently, the broadcast/discovery-group resources have messy requirement specs, as the capabilities that they require are dependent whether or not the jgroups-cluster attribute is defined.
> I suggest splitting these resources into 2:
> {code}/subsystem=messaging-activemq/server=*/jgroups-broadcast-group=*{code}
> {code}/subsystem=messaging-activemq/server=*/jgroups-discovery-group=*{code}
> which requires clustering capabilities
> and
> {code}/subsystem=messaging-activemq/server=*/socket-broadcast-group=*{code}
> {code}/subsystem=messaging-activemq/server=*/socket-discovery-group=*{code}
> which requires a socket-binding capability.
> This results in clearer requirement specs - which helps simplify the introspection of this subsystem for provisioning purposes.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
7 years, 9 months