[Red Hat JIRA] (WFLY-14260) ClassCastException during expiration scheduling
by Paul Ferraro (Jira)
[ https://issues.redhat.com/browse/WFLY-14260?page=com.atlassian.jira.plugi... ]
Paul Ferraro updated WFLY-14260:
--------------------------------
Description:
This appears to be a regression due to:
[https://github.com/wildfly/wildfly/commit/ff22a98553a4168a9cd47a8fbf59afa...]
As seen on CI:
{noformat}
[0m09:30:39,897 INFO [org.wildfly.clustering.ee.infinispan] (default task-2) WFLYCLEEINF0002: Failed to schedule 3wnQESQq-yAwHD6_ygq39emcPLeSonW6P-oDO-0N on primary owner.: java.lang.ClassCastException: org.infinispan.remoting.transport.jgroups.JGroupsAddress cannot be cast to org.jgroups.Address
at org.wildfly.clustering.server.dispatcher.ChannelCommandDispatcherFactory.createNode(ChannelCommandDispatcherFactory.java:98)
at org.wildfly.clustering.ee.infinispan.PrimaryOwnerLocator.apply(PrimaryOwnerLocator.java:57)
at org.wildfly.clustering.ee.infinispan.PrimaryOwnerLocator.apply(PrimaryOwnerLocator.java:39)
at org.wildfly.clustering.ee.infinispan.scheduler.PrimaryOwnerScheduler$1.get(PrimaryOwnerScheduler.java:81)
at org.wildfly.clustering.ee.infinispan.scheduler.PrimaryOwnerScheduler$1.get(PrimaryOwnerScheduler.java:78)
at org.wildfly.clustering.ee.cache.retry.RetryingInvoker.invoke(RetryingInvoker.java:72)
at org.wildfly.clustering.ee.infinispan.scheduler.PrimaryOwnerScheduler.executeOnPrimaryOwner(PrimaryOwnerScheduler.java:86)
at org.wildfly.clustering.ee.infinispan.scheduler.PrimaryOwnerScheduler.schedule(PrimaryOwnerScheduler.java:59)
at org.wildfly.clustering.web.infinispan.session.InfinispanSessionManager$1.accept(InfinispanSessionManager.java:123)
at org.wildfly.clustering.web.infinispan.session.InfinispanSessionManager$1.accept(InfinispanSessionManager.java:119)
at org.wildfly.clustering.web.cache.session.ValidSession.close(ValidSession.java:89)
at org.wildfly.clustering.web.cache.session.ConcurrentSessionManager$ConcurrentSession.closeSession(ConcurrentSessionManager.java:151)
at org.wildfly.clustering.web.cache.session.ConcurrentSessionManager$1.accept(ConcurrentSessionManager.java:55)
at org.wildfly.clustering.web.cache.session.ConcurrentSessionManager$1.accept(ConcurrentSessionManager.java:52)
at org.wildfly.clustering.ee.cache.SimpleManager$1.run(SimpleManager.java:55)
at org.wildfly.clustering.web.cache.session.ConcurrentSessionManager$ConcurrentSession.close(ConcurrentSessionManager.java:182)
at org.wildfly.clustering.web.undertow.session.DistributableSession.requestDone(DistributableSession.java:98)
at io.undertow.servlet.spec.ServletContextImpl.updateSessionAccessTime(ServletContextImpl.java:960)
at io.undertow.servlet.spec.HttpServletResponseImpl.responseDone(HttpServletResponseImpl.java:590)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:328)
at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130)
at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78)
at io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:105)
at java.security.AccessController.doPrivileged(Native Method)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:102)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:387)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:841)
at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1280)
at java.lang.Thread.run(Thread.java:748)
{noformat}
was:
This appears to be a regression due to:
https://github.com/wildfly/wildfly/commit/ff22a98553a4168a9cd47a8fbf59afa...
As seen on CI:
{noformat}
[0m09:30:39,897 INFO [org.wildfly.clustering.ee.infinispan] (default task-2) WFLYCLEEINF0002: Failed to schedule 3wnQESQq-yAwHD6_ygq39emcPLeSonW6P-oDO-0N on primary owner.: java.lang.ClassCastException: org.infinispan.remoting.transport.jgroups.JGroupsAddress cannot be cast to org.jgroups.Address
at org.wildfly.clustering.server.dispatcher.ChannelCommandDispatcherFactory.createNode(ChannelCommandDispatcherFactory.java:98)
at org.wildfly.clustering.ee.infinispan.PrimaryOwnerLocator.apply(PrimaryOwnerLocator.java:57)
at org.wildfly.clustering.ee.infinispan.PrimaryOwnerLocator.apply(PrimaryOwnerLocator.java:39)
at org.wildfly.clustering.ee.infinispan.scheduler.PrimaryOwnerScheduler$1.get(PrimaryOwnerScheduler.java:81)
at org.wildfly.clustering.ee.infinispan.scheduler.PrimaryOwnerScheduler$1.get(PrimaryOwnerScheduler.java:78)
at org.wildfly.clustering.ee.cache.retry.RetryingInvoker.invoke(RetryingInvoker.java:72)
at org.wildfly.clustering.ee.infinispan.scheduler.PrimaryOwnerScheduler.executeOnPrimaryOwner(PrimaryOwnerScheduler.java:86)
at org.wildfly.clustering.ee.infinispan.scheduler.PrimaryOwnerScheduler.schedule(PrimaryOwnerScheduler.java:59)
at org.wildfly.clustering.web.infinispan.session.InfinispanSessionManager$1.accept(InfinispanSessionManager.java:123)
at org.wildfly.clustering.web.infinispan.session.InfinispanSessionManager$1.accept(InfinispanSessionManager.java:119)
at org.wildfly.clustering.web.cache.session.ValidSession.close(ValidSession.java:89)
at org.wildfly.clustering.web.cache.session.ConcurrentSessionManager$ConcurrentSession.closeSession(ConcurrentSessionManager.java:151)
at org.wildfly.clustering.web.cache.session.ConcurrentSessionManager$1.accept(ConcurrentSessionManager.java:55)
at org.wildfly.clustering.web.cache.session.ConcurrentSessionManager$1.accept(ConcurrentSessionManager.java:52)
at org.wildfly.clustering.ee.cache.SimpleManager$1.run(SimpleManager.java:55)
at org.wildfly.clustering.web.cache.session.ConcurrentSessionManager$ConcurrentSession.close(ConcurrentSessionManager.java:182)
at org.wildfly.clustering.web.undertow.session.DistributableSession.requestDone(DistributableSession.java:98)
at io.undertow.servlet.spec.ServletContextImpl.updateSessionAccessTime(ServletContextImpl.java:960)
at io.undertow.servlet.spec.HttpServletResponseImpl.responseDone(HttpServletResponseImpl.java:590)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:328)
at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130)
at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78)
at io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:105)
at java.security.AccessController.doPrivileged(Native Method)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:102)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:387)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:841)
at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1280)
at java.lang.Thread.run(Thread.java:748)
{noformat}
To fix, we should rollback the changes to InfinispanSessionManagerFactoryServiceConfigurator, and leverage the new web-passivation layer where needed.
> ClassCastException during expiration scheduling
> -----------------------------------------------
>
> Key: WFLY-14260
> URL: https://issues.redhat.com/browse/WFLY-14260
> Project: WildFly
> Issue Type: Bug
> Components: Clustering
> Affects Versions: 22.0.0.Beta1
> Reporter: Paul Ferraro
> Assignee: Paul Ferraro
> Priority: Critical
>
> This appears to be a regression due to:
> [https://github.com/wildfly/wildfly/commit/ff22a98553a4168a9cd47a8fbf59afa...]
> As seen on CI:
> {noformat}
> [0m09:30:39,897 INFO [org.wildfly.clustering.ee.infinispan] (default task-2) WFLYCLEEINF0002: Failed to schedule 3wnQESQq-yAwHD6_ygq39emcPLeSonW6P-oDO-0N on primary owner.: java.lang.ClassCastException: org.infinispan.remoting.transport.jgroups.JGroupsAddress cannot be cast to org.jgroups.Address
> at org.wildfly.clustering.server.dispatcher.ChannelCommandDispatcherFactory.createNode(ChannelCommandDispatcherFactory.java:98)
> at org.wildfly.clustering.ee.infinispan.PrimaryOwnerLocator.apply(PrimaryOwnerLocator.java:57)
> at org.wildfly.clustering.ee.infinispan.PrimaryOwnerLocator.apply(PrimaryOwnerLocator.java:39)
> at org.wildfly.clustering.ee.infinispan.scheduler.PrimaryOwnerScheduler$1.get(PrimaryOwnerScheduler.java:81)
> at org.wildfly.clustering.ee.infinispan.scheduler.PrimaryOwnerScheduler$1.get(PrimaryOwnerScheduler.java:78)
> at org.wildfly.clustering.ee.cache.retry.RetryingInvoker.invoke(RetryingInvoker.java:72)
> at org.wildfly.clustering.ee.infinispan.scheduler.PrimaryOwnerScheduler.executeOnPrimaryOwner(PrimaryOwnerScheduler.java:86)
> at org.wildfly.clustering.ee.infinispan.scheduler.PrimaryOwnerScheduler.schedule(PrimaryOwnerScheduler.java:59)
> at org.wildfly.clustering.web.infinispan.session.InfinispanSessionManager$1.accept(InfinispanSessionManager.java:123)
> at org.wildfly.clustering.web.infinispan.session.InfinispanSessionManager$1.accept(InfinispanSessionManager.java:119)
> at org.wildfly.clustering.web.cache.session.ValidSession.close(ValidSession.java:89)
> at org.wildfly.clustering.web.cache.session.ConcurrentSessionManager$ConcurrentSession.closeSession(ConcurrentSessionManager.java:151)
> at org.wildfly.clustering.web.cache.session.ConcurrentSessionManager$1.accept(ConcurrentSessionManager.java:55)
> at org.wildfly.clustering.web.cache.session.ConcurrentSessionManager$1.accept(ConcurrentSessionManager.java:52)
> at org.wildfly.clustering.ee.cache.SimpleManager$1.run(SimpleManager.java:55)
> at org.wildfly.clustering.web.cache.session.ConcurrentSessionManager$ConcurrentSession.close(ConcurrentSessionManager.java:182)
> at org.wildfly.clustering.web.undertow.session.DistributableSession.requestDone(DistributableSession.java:98)
> at io.undertow.servlet.spec.ServletContextImpl.updateSessionAccessTime(ServletContextImpl.java:960)
> at io.undertow.servlet.spec.HttpServletResponseImpl.responseDone(HttpServletResponseImpl.java:590)
> at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:328)
> at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78)
> at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133)
> at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130)
> at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
> at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
> at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)
> at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78)
> at io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:105)
> at java.security.AccessController.doPrivileged(Native Method)
> at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:102)
> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:387)
> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:841)
> at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
> at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
> at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
> at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
> at org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1280)
> at java.lang.Thread.run(Thread.java:748)
> {noformat}
>
--
This message was sent by Atlassian Jira
(v8.13.1#813001)
3 years, 9 months
[Red Hat JIRA] (WFLY-14168) Override README.txt in WildFly Preview
by Brian Stansberry (Jira)
[ https://issues.redhat.com/browse/WFLY-14168?page=com.atlassian.jira.plugi... ]
Brian Stansberry updated WFLY-14168:
------------------------------------
Description:
A WildFly distribution or Galleon-provisioned installation includes a README.txt file in the root folder. Like everything else in a WildFly dist or installation, that file is provisioned because a feature pack includes it or references it (in this case it includes it.)
For a WildFly Preview dist/installation we should use a different README.txt that explains a bit about its Tech Preview nature and, at least for now, talks a bit about the bytecode transformation stuff.
This will require a new package in ee-9/feature-pack/src/main/resources/packages.
was:Use a different README.txt in WildFly Preview that explains a bit about its TP nature and, at least for now, talks a bit about the bytecode transformation stuff.
> Override README.txt in WildFly Preview
> --------------------------------------
>
> Key: WFLY-14168
> URL: https://issues.redhat.com/browse/WFLY-14168
> Project: WildFly
> Issue Type: Task
> Components: Server
> Reporter: Brian Stansberry
> Assignee: Brian Stansberry
> Priority: Major
>
> A WildFly distribution or Galleon-provisioned installation includes a README.txt file in the root folder. Like everything else in a WildFly dist or installation, that file is provisioned because a feature pack includes it or references it (in this case it includes it.)
> For a WildFly Preview dist/installation we should use a different README.txt that explains a bit about its Tech Preview nature and, at least for now, talks a bit about the bytecode transformation stuff.
> This will require a new package in ee-9/feature-pack/src/main/resources/packages.
--
This message was sent by Atlassian Jira
(v8.13.1#813001)
3 years, 9 months
[Red Hat JIRA] (ELY-2065) No suitable provider found for type 'PKCS11' on openjdk 11 when configuration is passed in provider-loader
by Diana Vilkolakova (Jira)
[ https://issues.redhat.com/browse/ELY-2065?page=com.atlassian.jira.plugin.... ]
Diana Vilkolakova closed ELY-2065.
----------------------------------
Resolution: Duplicate Issue
Superceded by https://issues.redhat.com/browse/WFCORE-5239
> No suitable provider found for type 'PKCS11' on openjdk 11 when configuration is passed in provider-loader
> ----------------------------------------------------------------------------------------------------------
>
> Key: ELY-2065
> URL: https://issues.redhat.com/browse/ELY-2065
> Project: WildFly Elytron
> Issue Type: Bug
> Components: API / SPI
> Reporter: Diana Vilkolakova
> Assignee: Diana Vilkolakova
> Priority: Major
>
> Steps to Reproduce work using OpenJDK 8, but on OpenJDK 11 the following exception gets thrown:
> {code}
> {{ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([}}
> {{ ("subsystem" => "elytron"),}}
> {{ ("key-store" => "pkcs11ks")}}
> {{]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.key-store.pkcs11ks" => "WFLYELY00004: Unable to start the service.}}
> {{ Caused by: org.jboss.msc.service.StartException in anonymous service: WFLYELY00012: No suitable provider found for type 'PKCS11'"}}}}
> {code}
> Configuration loading for SunPKCS11 was changed after Java 8 and the constructor that accepts InputStream configuration is not present in openjdk 11. Maybe because of this, the configuration is ignored when it is passed in *provider-loader*.
--
This message was sent by Atlassian Jira
(v8.13.1#813001)
3 years, 9 months
[Red Hat JIRA] (WFCORE-5239) No suitable provider found for type 'PKCS11' on openjdk 11 when configuration is passed in provider-loader
by Diana Vilkolakova (Jira)
[ https://issues.redhat.com/browse/WFCORE-5239?page=com.atlassian.jira.plug... ]
Diana Vilkolakova updated WFCORE-5239:
--------------------------------------
Steps to Reproduce:
The below steps will pass using OpenJDK 8, but will throw an exception using OpenJDK 11.
1. Configure NSS:
{code:java}
mkdir /tmp/nssdb
echo "pass123+" > /tmp/newpass.txt
echo "dsadasdasdasdadasdasdasdasdsadfwerwerjfdksdjfksdlfhjsdk" > /tmp/noise.txt
MODUTIL_CMD="modutil -force -dbdir /tmp/nssdb"
$MODUTIL_CMD -create
$MODUTIL_CMD -changepw "NSS Certificate DB" -newpwfile /tmp/newpass.txt
certutil -S -v 240 -k rsa -n "CN=localhost" -t "u,u,u" -x -s "CN=localhost" -d /tmp/nssdb -f /tmp/newpass.txt -z /tmp/noise.txt
touch /tmp/nssdb/secmod.db
$JBOSS_HOME/bin/standalone.sh
$JBOSS_HOME/bin/jboss-cli -c
{code}
2. Configure keystore:
{code:java}
/subsystem=elytron/provider-loader=nss:add(class-names=["sun.security.pkcs11.SunPKCS11"], configuration={name=testPkcs11, nssLibraryDirectory=/usr/lib64, nssSecmodDirectory=/tmp/nssdb, nssModule=keystore},module=sun.jdk)
/subsystem=elytron/key-store=pkcs11ks:add(credential-reference={clear-text=pass123+}, type=PKCS11, providers=nss){code}
Workaround Description: Possible workaround is to configure PKCS11 provider statically in java.security.
Description:
Steps to Reproduce work using OpenJDK 8, but on OpenJDK 11 the following exception gets thrown:
{code:java}
{{ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([}}
{{ ("subsystem" => "elytron"),}}
{{ ("key-store" => "pkcs11ks")}}
{{]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.key-store.pkcs11ks" => "WFLYELY00004: Unable to start the service.}}
{{ Caused by: org.jboss.msc.service.StartException in anonymous service: WFLYELY00012: No suitable provider found for type 'PKCS11'"}}}}
{code}
Configuration loading for SunPKCS11 was changed after Java 8 and the constructor that accepts InputStream configuration is not present in openjdk 11. Maybe because of this, the configuration is ignored when it is passed in *provider-loader*.
> No suitable provider found for type 'PKCS11' on openjdk 11 when configuration is passed in provider-loader
> ----------------------------------------------------------------------------------------------------------
>
> Key: WFCORE-5239
> URL: https://issues.redhat.com/browse/WFCORE-5239
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Diana Vilkolakova
> Assignee: Diana Vilkolakova
> Priority: Major
>
> Steps to Reproduce work using OpenJDK 8, but on OpenJDK 11 the following exception gets thrown:
> {code:java}
> {{ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([}}
> {{ ("subsystem" => "elytron"),}}
> {{ ("key-store" => "pkcs11ks")}}
> {{]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.key-store.pkcs11ks" => "WFLYELY00004: Unable to start the service.}}
> {{ Caused by: org.jboss.msc.service.StartException in anonymous service: WFLYELY00012: No suitable provider found for type 'PKCS11'"}}}}
> {code}
> Configuration loading for SunPKCS11 was changed after Java 8 and the constructor that accepts InputStream configuration is not present in openjdk 11. Maybe because of this, the configuration is ignored when it is passed in *provider-loader*.
--
This message was sent by Atlassian Jira
(v8.13.1#813001)
3 years, 9 months
[Red Hat JIRA] (ELY-2064) Elytron Quarkus integration not supporting key cloning
by Darran Lofthouse (Jira)
[ https://issues.redhat.com/browse/ELY-2064?page=com.atlassian.jira.plugin.... ]
Darran Lofthouse updated ELY-2064:
----------------------------------
Priority: Critical (was: Major)
> Elytron Quarkus integration not supporting key cloning
> ------------------------------------------------------
>
> Key: ELY-2064
> URL: https://issues.redhat.com/browse/ELY-2064
> Project: WildFly Elytron
> Issue Type: Enhancement
> Reporter: Galder Zamarreño
> Assignee: Darran Lofthouse
> Priority: Critical
>
> Elytron Quarkus integration does not support key cloning, which causes Infinispan native server to not be buildable. See [here|https://github.com/infinispan/infinispan-quarkus/issues/44] for details.
> From an Elytron perspective, a way to solve this would be to have a substitution that looks something like this, where MethodHandle uses are replaced by standard reflection:
> {code:java}
> package org.example.elytron.graal;
> import com.oracle.svm.core.annotate.Substitute;
> import com.oracle.svm.core.annotate.TargetClass;
> import java.lang.reflect.Constructor;
> import java.lang.reflect.Method;
> import java.lang.reflect.UndeclaredThrowableException;
> import java.security.Key;
> import java.security.PrivilegedAction;
> import java.util.function.UnaryOperator;
> import static java.security.AccessController.doPrivileged;
> @TargetClass(className = "org.wildfly.security.key.KeyUtil$KeyClonerCreator")
> final class Target_org_wildfly_security_key_KeyUtil_KeyClonerCreator
> {
> @Substitute
> private UnaryOperator<Key> checkForCloneMethod(final Class<?> declType, final Class<?> returnType)
> {
> System.out.printf("Call checkForCloneMethod(%s,%s)%n", declType, returnType);
> final Method method = doPrivileged(new PrivilegedAction<Method>()
> {
> @Override
> public Method run()
> {
> try
> {
> final var cloneMethod = declType.getDeclaredMethod("clone");
> if (cloneMethod.getReturnType() == returnType)
> return cloneMethod;
> return null;
> }
> catch (NoSuchMethodException e)
> {
> return null;
> }
> }
> });
> if (method == null)
> return null;
> return new UnaryOperator<Key>()
> {
> @Override
> public Key apply(Key key)
> {
> try
> {
> return (Key) method.invoke(key);
> }
> catch (RuntimeException | Error e)
> {
> throw e;
> }
> catch (Throwable throwable)
> {
> throw new UndeclaredThrowableException(throwable);
> }
> }
> };
> }
> @Substitute
> private UnaryOperator<Key> checkForCopyCtor(final Class<?> declType, final Class<?> paramType)
> {
> System.out.printf("Call checkForCopyCtor(%s,%s)%n", declType, paramType);
> final Constructor<?> constructor = doPrivileged(new PrivilegedAction<Constructor<?>>()
> {
> @Override
> public Constructor<?> run()
> {
> try
> {
> return declType.getDeclaredConstructor(paramType);
> }
> catch (NoSuchMethodException e)
> {
> System.out.printf("Copy ctor in %s for parameter %s not found%n", declType, paramType);
> return null;
> }
> }
> });
> if (constructor == null)
> return null;
> return new UnaryOperator<Key>()
> {
> @Override
> public Key apply(Key key)
> {
> try
> {
> return (Key) constructor.newInstance(key);
> }
> catch (RuntimeException | Error e)
> {
> throw e;
> }
> catch (Throwable throwable)
> {
> throw new UndeclaredThrowableException(throwable);
> }
> }
> };
> }
> } {code}
> These substitutions alone are not enough, there are also needs to be some reflection registrations for the keys for which this is expected to work. As example:
> {code:java}
> package org.example.elytron.graal;
> import com.oracle.svm.core.annotate.AutomaticFeature;
> import org.example.elytron.Main;
> import org.graalvm.nativeimage.hosted.Feature;
> import org.graalvm.nativeimage.hosted.RuntimeReflection;
> import javax.crypto.SecretKey;
> import java.lang.reflect.UndeclaredThrowableException;
> @AutomaticFeature
> public class RuntimeReflectionRegistrations implements Feature
> {
> public void beforeAnalysis(BeforeAnalysisAccess access)
> {
> try
> {
> RuntimeReflection.register(Main.CopyConstructorSecretKey.class.getDeclaredConstructor(SecretKey.class));
> RuntimeReflection.register(Main.CopyConstructorSecretKey.class.getDeclaredMethod("destroy"));
> RuntimeReflection.register(Main.CloneMethodSecretKey.class.getDeclaredMethod("clone"));
> RuntimeReflection.register(Main.CloneMethodSecretKey.class.getDeclaredMethod("destroy"));
> }
> catch (NoSuchMethodException e)
> {
> throw new UndeclaredThrowableException(e);
> }
> }
> } {code}
> [This main class|https://github.com/galderz/mendrugo/blob/master/elytron-cloning/src... these substitutions which have been verified to work with a couple of custom designed secret keys that fall within the expected substitution.
> The Elytron and Infinispan teams should work together to figure out which keys require support from the reflection calls above.
> All the code above can be found in [this sample project.|https://github.com/galderz/mendrugo/tree/master/elytron-cloning]
--
This message was sent by Atlassian Jira
(v8.13.1#813001)
3 years, 9 months