[
https://issues.redhat.com/browse/ELY-2065?page=com.atlassian.jira.plugin....
]
Diana Vilkolakova updated ELY-2065:
-----------------------------------
Steps to Reproduce:
The below steps will pass using OpenJDK 8, but will throw an exception using OpenJDK 11.
1. Configure NSS:
{code}
mkdir /tmp/nssdb
echo "pass123+" > /tmp/newpass.txt
echo "dsadasdasdasdadasdasdasdasdsadfwerwerjfdksdjfksdlfhjsdk" >
/tmp/noise.txt
MODUTIL_CMD="modutil -force -dbdir /tmp/nssdb"$MODUTIL_CMD -create
$MODUTIL_CMD -changepw "NSS Certificate DB" -newpwfile /tmp/newpass.txt
certutil -S -v 240 -k rsa -n "CN=localhost" -t "u,u,u" -x -s
"CN=localhost" -d /tmp/nssdb -f /tmp/newpass.txt -z /tmp/noise.txt
touch /tmp/nssdb/secmod.db
$JBOSS_HOME/bin/standalone.sh
$JBOSS_HOME/bin/jboss-cli -c
{code}
2. Configure keystore:
{code}
/subsystem=elytron/provider-loader=nss:add(class-names=["sun.security.pkcs11.SunPKCS11"],
configuration=\{name=testPkcs11, nssLibraryDirectory=/usr/lib64,
nssSecmodDirectory=/tmp/nssdb, nssModule=keystore, name=testPkcs11},module=sun.jdk)
/subsystem=elytron/key-store=pkcs11ks:add(credential-reference=\{clear-text=pass123+},
type=PKCS11, providers=nss)
{code}
was:
The below steps will pass using OpenJDK 8, but will throw an exception using OpenJDK 11.
1. Configure NSS:
mkdir /tmp/nssdb
echo "pass123+" > /tmp/newpass.txt
echo "dsadasdasdasdadasdasdasdasdsadfwerwerjfdksdjfksdlfhjsdk" >
/tmp/noise.txt
MODUTIL_CMD="modutil -force -dbdir /tmp/nssdb"$MODUTIL_CMD -create
$MODUTIL_CMD -changepw "NSS Certificate DB" -newpwfile /tmp/newpass.txt
certutil -S -v 240 -k rsa -n "CN=localhost" -t "u,u,u" -x -s
"CN=localhost" -d /tmp/nssdb -f /tmp/newpass.txt -z /tmp/noise.txt
touch /tmp/nssdb/secmod.db
$JBOSS_HOME/bin/standalone.sh
$JBOSS_HOME/bin/jboss-cli -c
2. Configure keystore:
/subsystem=elytron/provider-loader=nss:add(class-names=["sun.security.pkcs11.SunPKCS11"],
configuration=\{name=testPkcs11, nssLibraryDirectory=/usr/lib64,
nssSecmodDirectory=/tmp/nssdb, nssModule=keystore,
name=testPkcs11},module=sun.jdk)/subsystem=elytron/key-store=pkcs11ks:add(credential-reference=\{clear-text=pass123+},
type=PKCS11, providers=nss)
No suitable provider found for type 'PKCS11' on openjdk 11
when configuration is passed in provider-loader
----------------------------------------------------------------------------------------------------------
Key: ELY-2065
URL:
https://issues.redhat.com/browse/ELY-2065
Project: WildFly Elytron
Issue Type: Bug
Components: API / SPI
Reporter: Diana Vilkolakova
Assignee: Diana Vilkolakova
Priority: Major
Steps to Reproduce work using OpenJDK 8, but on OpenJDK 11 the following exception gets
thrown:
{{ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread)
WFLYCTL0013: Operation ("add") failed - address: ([}}
{{ ("subsystem" => "elytron"),}}
{{ ("key-store" => "pkcs11ks")}}
{{]) - failure description: {"WFLYCTL0080: Failed services" =>
{"org.wildfly.security.key-store.pkcs11ks" => "WFLYELY00004: Unable to
start the service.}}
{{ Caused by: org.jboss.msc.service.StartException in anonymous service: WFLYELY00012: No
suitable provider found for type 'PKCS11'"}}}}
Configuration loading for SunPKCS11 was changed after Java 8 and the constructor that
accepts InputStream configuration is not present in openjdk 11. Maybe because of this, the
configuration is ignored when it is passed in *provider-loader*.
--
This message was sent by Atlassian Jira
(v8.13.1#813001)