8:06 a.m.
[
https://issues.redhat.com/browse/ELY-1982?page=com.atlassian.jira.plugin....
]
Diana Vilkolakova updated ELY-1982:
-----------------------------------
Steps to Reproduce:
* drop two bc fips jars into java.home/jre/lib/ext
** bc-fips-1.0.2.jar
** bctls-fips-1.0.10.jar
* configure providers in java.security:
{code}
security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider
security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS
security.provider.3=sun.security.provider.Sun
{code}
* create BCFKS keystore in standalone/configuration:
keytool -genkeypair -alias appserver -keyalg RSA -keysize 2048 -keypass password -keystore
"keystore.bcfks" -provider
org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath bc-fips-1.0.1.jar
-storetype BCFKS -storepass password -dname
"CN=testserver,OU=TESTOU,O=TESTO,L=TESTL,ST=TESTCZ,C=TESTCZ" -validity 730 -v
* configure server-ssl-context:
{code}
/subsystem=elytron/key-store=bcfks_keystore:add(path=keystore.bcfks,relative-to=jboss.server.config.dir,type="BCFKS",credential-reference={clear-text=password})
/subsystem=elytron/key-manager=bcfks_keymanager:add(key-store=bcfks_keystore,credential-reference={clear-text=password},algorithm=SunX509)
/subsystem=elytron/server-ssl-context=server-ssl-context:add(key-manager=bcfks_keymanager,need-client-auth=false)
{code}
was:
* drop two bc fips jars into java.home/jre/lib/ext
** bc-fips-1.0.1.jar
** bctls-fips-1.0.5.jar
* configure providers in java.security:
{code}
security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider
security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS
security.provider.3=sun.security.provider.Sun
{code}
* create BCFKS keystore in standalone/configuration:
keytool -genkeypair -alias appserver -keyalg RSA -keysize 2048 -keypass password -keystore
"keystore.bcfks" -provider
org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath bc-fips-1.0.1.jar
-storetype BCFKS -storepass password -dname
"CN=testserver,OU=TESTOU,O=TESTO,L=TESTL,ST=TESTCZ,C=TESTCZ" -validity 730 -v
* configure server-ssl-context:
{code}
/subsystem=elytron/key-store=bcfks_keystore:add(path=keystore.bcfks,relative-to=jboss.server.config.dir,type="BCFKS",credential-reference={clear-text=password})
/subsystem=elytron/key-manager=bcfks_keymanager:add(key-store=bcfks_keystore,credential-reference={clear-text=password},algorithm=SunX509)
/subsystem=elytron/server-ssl-context=server-ssl-context:add(key-manager=bcfks_keymanager,need-client-auth=false)
{code}
TLS with BCJSSE Provider does not work
--------------------------------------
Key: ELY-1982
URL: https://issues.redhat.com/browse/ELY-1982
Project: WildFly Elytron
Issue Type: Bug
Components: SSL
Reporter: Diana Vilkolakova
Priority: Major
Configuration of `server-ssl-context` does not seem to work with BCJSSE Provider. The
steps above work for EAP 7.2, however they throw the following error in EAP 7.3:
ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1)
WFLYCTL0013: Operation ("add") failed - address: ([
("subsystem" => "elytron"),
("server-ssl-context" => "server-ssl-context")
]) - failure description: {"WFLYCTL0080: Failed services" =>
{"org.wildfly.security.ssl-context.server-ssl-context" => "Failed to
start service
Caused by: java.lang.IllegalStateException: SSLContext has not been
initialized."}}
Stacktrace:
ERROR [org.jboss.msc.service.fail] (MSC service thread 1-7) MSC000001: Failed to start
service org.wildfly.security.ssl-context.server-ssl-context:
org.jboss.msc.service.StartException in service
org.wildfly.security.ssl-context.server-ssl-context: Failed to start service
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1731)
at
org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1559)
at
org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
at
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.IllegalStateException: SSLContext has not been initialized.
at org.bouncycastle.jsse.provider.ProvSSLContextSpi.getContextData(Unknown Source)
at
org.bouncycastle.jsse.provider.ProvSSLContextSpi.engineGetServerSessionContext(Unknown
Source)
at javax.net.ssl.SSLContext.getServerSessionContext(SSLContext.java:386)
at
org.wildfly.security.ssl.SSLContextBuilder.lambda$build$0(SSLContextBuilder.java:340)
at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:53)
at
org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:1173)
at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53)
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1739)
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1701)
... 6 more
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
1680
days inactive
1680
days old
0 comments
1 participants
participants (1)
-
Diana Vilkolakova (Jira)