9:08 a.m.
[
https://issues.jboss.org/browse/WFCORE-3799?page=com.atlassian.jira.plugi...
]
Darran Lofthouse updated WFCORE-3799:
-------------------------------------
Description:
Trying SSL in FIPS mode I get "KeyManagementException: FIPS mode: only SunJSSE
KeyManagers may be used"
{code}
17:45:32,678 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC000001: Failed
to start service org.wildfly.security.ssl-context.server-ssl-context:
org.jboss.msc.service.StartException in service
org.wildfly.security.ssl-context.server-ssl-context: java.security.KeyManagementException:
FIPS mode: only SunJSSE KeyManagers may be used
at
org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:926)
at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53)
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1714)
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1693)
at
org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1540)
at
org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
at
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
at
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.security.KeyManagementException: FIPS mode: only SunJSSE KeyManagers may
be used
at sun.security.ssl.SSLContextImpl.chooseKeyManager(SSLContextImpl.java:149)
at sun.security.ssl.SSLContextImpl.engineInit(SSLContextImpl.java:66)
at javax.net.ssl.SSLContext.init(SSLContext.java:282)
at org.wildfly.security.ssl.SSLContextBuilder.lambda$build$0(SSLContextBuilder.java:372)
at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:53)
at
org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:924)
... 9 more
17:45:32,686 ERROR [org.jboss.as.controller.management-operation]
(management-handler-thread - 1) WFLYCTL0013: Operation ("add") failed - address:
([
("subsystem" => "elytron"),
("server-ssl-context" => "server-ssl-context")
]) - failure description: {"WFLYCTL0080: Failed services" =>
{"org.wildfly.security.ssl-context.server-ssl-context" =>
"java.security.KeyManagementException: FIPS mode: only SunJSSE KeyManagers may be
used
Caused by: java.security.KeyManagementException: FIPS mode: only SunJSSE KeyManagers
may be used"}}
{code}
https://github.com/wildfly/wildfly-core/blob/02e2de734c68e23e0bae81fc12d7...
Debugging revealed problem is in this call
{code:java|title=SSLDefinitions.java}
final Class<?> providerClazz =
SSLDefinitions.class.getClassLoader().loadClass("com.sun.net.ssl.internal.ssl.Provider");
{code}
which ends with ClassNotFoundException
{code}
java.lang.ClassNotFoundException: com.sun.net.ssl.internal.ssl.Provider from [Module
"org.wildfly.extension.elytron" version 5.0.0.Alpha-redhat-20180502 from local
module loader @41ee392b (finder: local module finder @1e67a849 (roots:
/home/mchoma/Repos/tests-security/fips/target/dist/jboss-eap/modules,/home/mchoma/Repos/tests-security/fips/target/dist/jboss-eap/modules/system/layers/base))]
{code}
was:
Trying SSL in FIPS mode I get "KeyManagementException: FIPS mode: only SunJSSE
KeyManagers may be used"
{code}
17:45:32,678 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC000001: Failed
to start service org.wildfly.security.ssl-context.server-ssl-context:
org.jboss.msc.service.StartException in service
org.wildfly.security.ssl-context.server-ssl-context: java.security.KeyManagementException:
FIPS mode: only SunJSSE KeyManagers may be used
at
org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:926)
at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53)
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1714)
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1693)
at
org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1540)
at
org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
at
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
at
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.security.KeyManagementException: FIPS mode: only SunJSSE KeyManagers may
be used
at sun.security.ssl.SSLContextImpl.chooseKeyManager(SSLContextImpl.java:149)
at sun.security.ssl.SSLContextImpl.engineInit(SSLContextImpl.java:66)
at javax.net.ssl.SSLContext.init(SSLContext.java:282)
at org.wildfly.security.ssl.SSLContextBuilder.lambda$build$0(SSLContextBuilder.java:372)
at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:53)
at
org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:924)
... 9 more
17:45:32,686 ERROR [org.jboss.as.controller.management-operation]
(management-handler-thread - 1) WFLYCTL0013: Operation ("add") failed - address:
([
("subsystem" => "elytron"),
("server-ssl-context" => "server-ssl-context")
]) - failure description: {"WFLYCTL0080: Failed services" =>
{"org.wildfly.security.ssl-context.server-ssl-context" =>
"java.security.KeyManagementException: FIPS mode: only SunJSSE KeyManagers may be
used
Caused by: java.security.KeyManagementException: FIPS mode: only SunJSSE KeyManagers
may be used"}}
{code}
Debugging revealed problem is in this call
{code:java|title=SSLDefinitions.java}
final Class<?> providerClazz =
SSLDefinitions.class.getClassLoader().loadClass("com.sun.net.ssl.internal.ssl.Provider");
{code}
which ends with ClassNotFoundException
{code}
java.lang.ClassNotFoundException: com.sun.net.ssl.internal.ssl.Provider from [Module
"org.wildfly.extension.elytron" version 5.0.0.Alpha-redhat-20180502 from local
module loader @41ee392b (finder: local module finder @1e67a849 (roots:
/home/mchoma/Repos/tests-security/fips/target/dist/jboss-eap/modules,/home/mchoma/Repos/tests-security/fips/target/dist/jboss-eap/modules/system/layers/base))]
{code}
FIPS mode is not detected correctly on JDK 8
--------------------------------------------
Key: WFCORE-3799
URL: https://issues.jboss.org/browse/WFCORE-3799
Project: WildFly Core
Issue Type: Bug
Components: Security
Affects Versions: 5.0.0.Alpha4
Environment: jdk 8
Reporter: Martin Choma
Assignee: Darran Lofthouse
Priority: Blocker
Trying SSL in FIPS mode I get "KeyManagementException: FIPS mode: only SunJSSE
KeyManagers may be used"
{code}
17:45:32,678 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC000001:
Failed to start service org.wildfly.security.ssl-context.server-ssl-context:
org.jboss.msc.service.StartException in service
org.wildfly.security.ssl-context.server-ssl-context: java.security.KeyManagementException:
FIPS mode: only SunJSSE KeyManagers may be used
at
org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:926)
at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53)
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1714)
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1693)
at
org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1540)
at
org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
at
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
at
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.security.KeyManagementException: FIPS mode: only SunJSSE KeyManagers may
be used
at sun.security.ssl.SSLContextImpl.chooseKeyManager(SSLContextImpl.java:149)
at sun.security.ssl.SSLContextImpl.engineInit(SSLContextImpl.java:66)
at javax.net.ssl.SSLContext.init(SSLContext.java:282)
at
org.wildfly.security.ssl.SSLContextBuilder.lambda$build$0(SSLContextBuilder.java:372)
at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:53)
at
org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:924)
... 9 more
17:45:32,686 ERROR [org.jboss.as.controller.management-operation]
(management-handler-thread - 1) WFLYCTL0013: Operation ("add") failed - address:
([
("subsystem" => "elytron"),
("server-ssl-context" => "server-ssl-context")
]) - failure description: {"WFLYCTL0080: Failed services" =>
{"org.wildfly.security.ssl-context.server-ssl-context" =>
"java.security.KeyManagementException: FIPS mode: only SunJSSE KeyManagers may be
used
Caused by: java.security.KeyManagementException: FIPS mode: only SunJSSE KeyManagers
may be used"}}
{code}
https://github.com/wildfly/wildfly-core/blob/02e2de734c68e23e0bae81fc12d7...
Debugging revealed problem is in this call
{code:java|title=SSLDefinitions.java}
final Class<?> providerClazz =
SSLDefinitions.class.getClassLoader().loadClass("com.sun.net.ssl.internal.ssl.Provider");
{code}
which ends with ClassNotFoundException
{code}
java.lang.ClassNotFoundException: com.sun.net.ssl.internal.ssl.Provider from [Module
"org.wildfly.extension.elytron" version 5.0.0.Alpha-redhat-20180502 from local
module loader @41ee392b (finder: local module finder @1e67a849 (roots:
/home/mchoma/Repos/tests-security/fips/target/dist/jboss-eap/modules,/home/mchoma/Repos/tests-security/fips/target/dist/jboss-eap/modules/system/layers/base))]
{code}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
2940
days inactive
2940
days old
0 comments
1 participants
participants (1)
-
Darran Lofthouse (JIRA)