June 2020 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-1998) IllegalStateException: unable to create JcaTlsCrypto: DEFAULT SecureRandom not available when configuring BC FIPS on JDK 11

by Farah Juma (Jira)

[ https://issues.redhat.com/browse/ELY-1998?page=com.atlassian.jira.plugin.... ] Farah Juma edited comment on ELY-1998 at 6/16/20 2:07 PM: ---------------------------------------------------------- [~dvilkola] Not sure if this is the problem or not but one thing to try is updating the {{BouncyCastleJsseProvider}} configuration in the {{java.security}} file to specify {{BCFIPS}} as follows: {{security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider:BCFIPS}} Then try adding the following line to the {{java.security}} file that references the BCFIPS provider: {{securerandom.strongAlgorithms=DEFAULT:BCFIPS}} was (Author: fjuma): [~dvilkola] Not sure if this is the problem or not but one thing to try is updating the {{BouncyCastleJsseProvider}} configuration in the {{java.security}} file to specify {{BCFIPS}} as follows: security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider:BCFIPS Then try adding the following line to the {{java.security}} file that references the BCFIPS provider: securerandom.strongAlgorithms=DEFAULT:BCFIPS > IllegalStateException: unable to create JcaTlsCrypto: DEFAULT SecureRandom not available when configuring BC FIPS on JDK 11 > --------------------------------------------------------------------------------------------------------------------------- > > Key: ELY-1998 > URL: https://issues.redhat.com/browse/ELY-1998 > Project: WildFly Elytron > Issue Type: Bug > Components: SSL > Reporter: Diana Vilkolakova > Priority: Major > > The below steps require ELY-1982 bugfix to work. > Configure security providers in java.security file: > {code} > security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider > security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider > security.provider.3=SUN > {code} > Add the bc-fips.jar and bctls-fips-1.0.10.jar to the CLASSPATH and generate keystore in JBOSS_HOME/standalone/configuration folder: > {code} > keytool -genkeypair -alias appserver -keyalg RSA -keysize 2048 -keypass password -keystore "fips.keystore" -provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath $CLASSPATH -storetype BCFKS -storepass password -dname "CN=testserver,OU=TESTOU,O=TESTO,L=TESTL,ST=TESTCZ,C=TESTCZ" -validity 730 -v > {code} > Try to configure `server-ssl-context`: > {code} > module add --name=org.bouncycastle.fips --resources=/path/to/bc-fips-1.0.2.jar:/path/to/bctls-fips-1.0.10.jar > /subsystem=elytron/provider-loader=bc:add(module=org.bouncycastle.fips) > /subsystem=elytron/key-store=fipsKS:add(path=fips.keystore, relative-to=jboss.server.config.dir, credential-reference={clear-text=password}, type="BCFKS", providers=bc) > /subsystem=elytron/key-manager=fipsKM:add(key-store=fipsKS, algorithm="X509", credential-reference={clear-text=password}, providers=bc) > /subsystem=elytron/server-ssl-context=fipsSSC:add(key-manager=fipsKM, protocols=["TLSv1.2"], providers=bc) > {code} > The last command results in: > {code} > { > "outcome" => "failed", > "failure-description" => {"WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.fipsSSC" => "Failed to start service > Caused by: java.lang.IllegalStateException: unable to create JcaTlsCrypto: DEFAULT SecureRandom not available > Caused by: java.security.NoSuchAlgorithmException: DEFAULT SecureRandom not available"}}, > "rolled-back" => true > } > {code} > The exception is happening [on this line|https://github.com/Skyllarr/wildfly-elytron/blob/ELY-1982/ssl/src/ma...] . This exception can be avoided by either using *new SecureRandom()* instead of null during initialization of sslContext, or by configuring securerandom with using *CryptoServicesRegistrar.setSecureRandom(new SecureRandom());* in code beforehand (this would require bc dependency). > I tried to configure secure random statically by setting *securerandom.strongAlgorithms=DEFAULT:BCFIPS* in java.security or by trying to pass secure random as parameter to constructor with > {code} > security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider "C:DEFRND[SHA512];ENABLE{ALL};" > {code} > but neither had any effect. I did not find how to configure this statically for Java 11 in BC documentation. > We could pass new instance of SecureRandom when initializing sslContext (if bouncycastle is used), or set secureRandom beforehand, or catch this exception and then use `new SecureRandom()`. But should we force the users to use SecureRandom set in the code by us? If users want to use Bouncycastle they should configure the secure random themselves since it is needed by the provider? -- This message was sent by Atlassian Jira (v7.13.8#713008)

4 years, 6 months

1
0
0 / 0

[JBoss JIRA] (ELY-1998) IllegalStateException: unable to create JcaTlsCrypto: DEFAULT SecureRandom not available when configuring BC FIPS on JDK 11

by Farah Juma (Jira)

[ https://issues.redhat.com/browse/ELY-1998?page=com.atlassian.jira.plugin.... ] Farah Juma commented on ELY-1998: --------------------------------- [~dvilkola] Not sure if this is the problem or not but one thing to try is updating the {{BouncyCastleJsseProvider}} configuration in the {{java.security}} file to specify {{BCFIPS}} as follows: security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider:BCFIPS Then try adding the following line to the {{java.security}} file that references the BCFIPS provider: securerandom.strongAlgorithms=DEFAULT:BCFIPS > IllegalStateException: unable to create JcaTlsCrypto: DEFAULT SecureRandom not available when configuring BC FIPS on JDK 11 > --------------------------------------------------------------------------------------------------------------------------- > > Key: ELY-1998 > URL: https://issues.redhat.com/browse/ELY-1998 > Project: WildFly Elytron > Issue Type: Bug > Components: SSL > Reporter: Diana Vilkolakova > Priority: Major > > The below steps require ELY-1982 bugfix to work. > Configure security providers in java.security file: > {code} > security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider > security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider > security.provider.3=SUN > {code} > Add the bc-fips.jar and bctls-fips-1.0.10.jar to the CLASSPATH and generate keystore in JBOSS_HOME/standalone/configuration folder: > {code} > keytool -genkeypair -alias appserver -keyalg RSA -keysize 2048 -keypass password -keystore "fips.keystore" -provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath $CLASSPATH -storetype BCFKS -storepass password -dname "CN=testserver,OU=TESTOU,O=TESTO,L=TESTL,ST=TESTCZ,C=TESTCZ" -validity 730 -v > {code} > Try to configure `server-ssl-context`: > {code} > module add --name=org.bouncycastle.fips --resources=/path/to/bc-fips-1.0.2.jar:/path/to/bctls-fips-1.0.10.jar > /subsystem=elytron/provider-loader=bc:add(module=org.bouncycastle.fips) > /subsystem=elytron/key-store=fipsKS:add(path=fips.keystore, relative-to=jboss.server.config.dir, credential-reference={clear-text=password}, type="BCFKS", providers=bc) > /subsystem=elytron/key-manager=fipsKM:add(key-store=fipsKS, algorithm="X509", credential-reference={clear-text=password}, providers=bc) > /subsystem=elytron/server-ssl-context=fipsSSC:add(key-manager=fipsKM, protocols=["TLSv1.2"], providers=bc) > {code} > The last command results in: > {code} > { > "outcome" => "failed", > "failure-description" => {"WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.fipsSSC" => "Failed to start service > Caused by: java.lang.IllegalStateException: unable to create JcaTlsCrypto: DEFAULT SecureRandom not available > Caused by: java.security.NoSuchAlgorithmException: DEFAULT SecureRandom not available"}}, > "rolled-back" => true > } > {code} > The exception is happening [on this line|https://github.com/Skyllarr/wildfly-elytron/blob/ELY-1982/ssl/src/ma...] . This exception can be avoided by either using *new SecureRandom()* instead of null during initialization of sslContext, or by configuring securerandom with using *CryptoServicesRegistrar.setSecureRandom(new SecureRandom());* in code beforehand (this would require bc dependency). > I tried to configure secure random statically by setting *securerandom.strongAlgorithms=DEFAULT:BCFIPS* in java.security or by trying to pass secure random as parameter to constructor with > {code} > security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider "C:DEFRND[SHA512];ENABLE{ALL};" > {code} > but neither had any effect. I did not find how to configure this statically for Java 11 in BC documentation. > We could pass new instance of SecureRandom when initializing sslContext (if bouncycastle is used), or set secureRandom beforehand, or catch this exception and then use `new SecureRandom()`. But should we force the users to use SecureRandom set in the code by us? If users want to use Bouncycastle they should configure the secure random themselves since it is needed by the provider? -- This message was sent by Atlassian Jira (v7.13.8#713008)

4 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-5004) TlsTestCase#testReloadTrustManager fails on IBM Java 8

by Sonia Zaldana (Jira)

[ https://issues.redhat.com/browse/WFCORE-5004?page=com.atlassian.jira.plug... ] Sonia Zaldana reassigned WFCORE-5004: ------------------------------------- Assignee: Sonia Zaldana > TlsTestCase#testReloadTrustManager fails on IBM Java 8 > ------------------------------------------------------ > > Key: WFCORE-5004 > URL: https://issues.redhat.com/browse/WFCORE-5004 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 13.0.0.Beta1 > Reporter: Ondrej Kotek > Assignee: Sonia Zaldana > Priority: Major > > TlsTestCase#testReloadTrustManager fails on IBM Java 8 at [TlsTestCase.java#L439|https://github.com/wildfly/wildfly-core/blob/master...] reporting the same DN. When I try to compare using canonical names, there is a difference. Using RFC1779 or RFC2253 names is ok. > {noformat} > Assert.assertEquals(originalFoundDN.getIssuerX500Principal().getName(X500Principal.CANONICAL), ISSUER_DN.getName(X500Principal.CANONICAL)); > [ERROR] TlsTestCase.testReloadTrustManager:439 expected:<....2.840.113549.1.9.1=[#1613656c7974726f6e4077696c64666c792e6f7267],c=uk,st=elytron,cn=...> but was:<....2.840.113549.1.9.1=[elytron@wildfly.org],c=uk,st=elytron,cn=...> > {noformat} > Is it just a test issue, or can there be an impact on functionality? In case it's just a test issue, can we assert equality of names? I.e. > {noformat} > Assert.assertEquals(originalFoundDN.getIssuerX500Principal().getName(), ISSUER_DN.getName()); > {noformat} > The same for [TlsTestCase.java#L465|https://github.com/wildfly/wildfly-core/blob/master...] then. -- This message was sent by Atlassian Jira (v7.13.8#713008)

4 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2086) Intermittent failure in OperationCancellationTestCase

by Yeray Borges Santana (Jira)

[ https://issues.redhat.com/browse/WFCORE-2086?page=com.atlassian.jira.plug... ] Yeray Borges Santana commented on WFCORE-2086: ---------------------------------------------- The analysis revealed there is a bug in JBoss Thread that affects to this scenario, see https://issues.redhat.com/browse/JBTHR-88 > Intermittent failure in OperationCancellationTestCase > ----------------------------------------------------- > > Key: WFCORE-2086 > URL: https://issues.redhat.com/browse/WFCORE-2086 > Project: WildFly Core > Issue Type: Bug > Components: Management > Affects Versions: 5.0.0.Beta5 > Reporter: Brian Stansberry > Assignee: Yeray Borges Santana > Priority: Major > > Investigate this: > https://ci.wildfly.org/viewLog.html?buildId=36108&buildTypeId=WildFlyCore... -- This message was sent by Atlassian Jira (v7.13.8#713008)

4 years, 6 months

1
0
0 / 0

[JBoss JIRA] (ELY-1982) TLS with BCJSSE Provider does not work

by Farah Juma (Jira)

[ https://issues.redhat.com/browse/ELY-1982?page=com.atlassian.jira.plugin.... ] Farah Juma reassigned ELY-1982: ------------------------------- Assignee: Diana Vilkolakova > TLS with BCJSSE Provider does not work > -------------------------------------- > > Key: ELY-1982 > URL: https://issues.redhat.com/browse/ELY-1982 > Project: WildFly Elytron > Issue Type: Bug > Components: SSL > Reporter: Diana Vilkolakova > Assignee: Diana Vilkolakova > Priority: Major > > Configuration of `server-ssl-context` does not seem to work with BCJSSE Provider. The steps above work for EAP 7.2, however they throw the following error in EAP 7.3: > ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("add") failed - address: ([ > ("subsystem" => "elytron"), > ("server-ssl-context" => "server-ssl-context") > ]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.server-ssl-context" => "Failed to start service > Caused by: java.lang.IllegalStateException: SSLContext has not been initialized."}} > Stacktrace: > ERROR [org.jboss.msc.service.fail] (MSC service thread 1-7) MSC000001: Failed to start service org.wildfly.security.ssl-context.server-ssl-context: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.server-ssl-context: Failed to start service > at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1731) > at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1559) > at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377) > at java.lang.Thread.run(Thread.java:748) > Caused by: java.lang.IllegalStateException: SSLContext has not been initialized. > at org.bouncycastle.jsse.provider.ProvSSLContextSpi.getContextData(Unknown Source) > at org.bouncycastle.jsse.provider.ProvSSLContextSpi.engineGetServerSessionContext(Unknown Source) > at javax.net.ssl.SSLContext.getServerSessionContext(SSLContext.java:386) > at org.wildfly.security.ssl.SSLContextBuilder.lambda$build$0(SSLContextBuilder.java:340) > at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:53) > at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:1173) > at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1739) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1701) > ... 6 more -- This message was sent by Atlassian Jira (v7.13.8#713008)

4 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-13591) TCP_NIO2 sockets are not registered with socket binding manager

by Paul Ferraro (Jira)

Paul Ferraro created WFLY-13591: ----------------------------------- Summary: TCP_NIO2 sockets are not registered with socket binding manager Key: WFLY-13591 URL: https://issues.redhat.com/browse/WFLY-13591 Project: WildFly Issue Type: Bug Components: Clustering Affects Versions: 20.0.0.Final Reporter: Paul Ferraro Assignee: Paul Ferraro -- This message was sent by Atlassian Jira (v7.13.8#713008)

4 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-13590) JGroups subsystem logs "version is missing in the configuration file" warning on startup

by Paul Ferraro (Jira)

Paul Ferraro created WFLY-13590: ----------------------------------- Summary: JGroups subsystem logs "version is missing in the configuration file" warning on startup Key: WFLY-13590 URL: https://issues.redhat.com/browse/WFLY-13590 Project: WildFly Issue Type: Bug Components: Clustering Affects Versions: 20.0.0.Final Reporter: Paul Ferraro Assignee: Paul Ferraro -- This message was sent by Atlassian Jira (v7.13.8#713008)

4 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-13578) Add a testcase for transaction propagation over EJB remote simulating network issues on remote calls

by Ondrej Chaloupka (Jira)

[ https://issues.redhat.com/browse/WFLY-13578?page=com.atlassian.jira.plugi... ] Ondrej Chaloupka commented on WFLY-13578: ----------------------------------------- I've created the tests https://github.com/ochaloup/wildfly/commits/JBEAP-19435-openshift-do-not-... but for I'm able to create PR I'm waiting for resolution on WFTC-85 > Add a testcase for transaction propagation over EJB remote simulating network issues on remote calls > ---------------------------------------------------------------------------------------------------- > > Key: WFLY-13578 > URL: https://issues.redhat.com/browse/WFLY-13578 > Project: WildFly > Issue Type: Enhancement > Components: Test Suite > Affects Versions: 20.0.0.Final > Reporter: Ondrej Chaloupka > Assignee: Ondrej Chaloupka > Priority: Major > > The WFLY integration testsuite misses integration tests for EJB remote calls which comes with transaction propagation which would simlate network issues during 2PC processing. > > There was recently added a testcase WFLY-13516 but there is still missing a test for issue JBEAP-19435. > > The testcase should be verifying that if transaction intermittently fails during commit phase of 2PC then the transaction recovery processing is capable to finish with commit. -- This message was sent by Atlassian Jira (v7.13.8#713008)

4 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-5009) Enhance JBoss CLI generic "command" with support for existing resource

by Jean Francois Denise (Jira)

[ https://issues.redhat.com/browse/WFCORE-5009?page=com.atlassian.jira.plug... ] Jean Francois Denise updated WFCORE-5009: ----------------------------------------- Summary: Enhance JBoss CLI generic "command" with support for existing resource (was: Request for enhancement in the JBoss EAP CLI generic type "command") > Enhance JBoss CLI generic "command" with support for existing resource > ---------------------------------------------------------------------- > > Key: WFCORE-5009 > URL: https://issues.redhat.com/browse/WFCORE-5009 > Project: WildFly Core > Issue Type: Feature Request > Components: CLI > Reporter: Jean Francois Denise > Assignee: Jean Francois Denise > Priority: Major > Labels: Previous_RFE > > One of our strategic customers, requested an enhancement in the JBoss EAP CLI. Currently they are using in their scripts the Generic type Command (https://developer.jboss.org/wiki/GenericTypeCLICommands) to set the properties of a resource. > Unfortunately that does not work in several cases. For example when they need to set attributes like the following: > /core-service=management/access=authorization:write-attribute(name=permission-combination-policy,value=permissive) > /core-service=management/access=authorization:write-attribute(name=provider,value=rbac) > This can not be done with the command syntax: > [standalone@127.0.0.1:9999 /] command add --node-type=/core-service=management/access --command-name=access > Failed to validate input: operation response doesn't contain result info. > It would be extremely helpful for us to have an improvement in the CLI that allows setting multiple attributes on resources referenced by 'command'. -- This message was sent by Atlassian Jira (v7.13.8#713008)

4 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-13571) JSF: selectOneMenu required+disabled true

by Cody Lerum (Jira)

[ https://issues.redhat.com/browse/WFLY-13571?page=com.atlassian.jira.plugi... ] Cody Lerum commented on WFLY-13571: ----------------------------------- Thanks [~fjuma] looking forward to a 20.0.1 release. We tested against 20.0.0.Beta1, but our testing and CI didn't catch this one. We've added some tests that would catch it in the future. > JSF: selectOneMenu required+disabled true > ----------------------------------------- > > Key: WFLY-13571 > URL: https://issues.redhat.com/browse/WFLY-13571 > Project: WildFly > Issue Type: Bug > Components: JSF > Affects Versions: 20.0.0.Final > Reporter: erick leal > Assignee: Farah Juma > Priority: Major > Attachments: project.zip > > > Submitin selectOneMenu required=true+disabled=true result in validation error message. > Regression in WildFly 20, clicking button fires a message. > WildFly 19 it's ok. > Mojarra issue: https://github.com/eclipse-ee4j/mojarra/issues/4716 -- This message was sent by Atlassian Jira (v7.13.8#713008)

4 years, 6 months

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira June 2020