[jboss-jira] [JBoss JIRA] (WFCORE-2720) Adding keystore with generate-self-signed-certificate-host and without key-password specified fails upon first request
Stuart Douglas (JIRA)
issues at jboss.org
Mon Apr 24 20:02:03 EDT 2017
[ https://issues.jboss.org/browse/WFCORE-2720?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stuart Douglas moved JBEAP-10517 to WFCORE-2720:
------------------------------------------------
Project: WildFly Core (was: JBoss Enterprise Application Platform)
Key: WFCORE-2720 (was: JBEAP-10517)
Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1)
Component/s: Security
Server
(was: Security)
(was: Server)
(was: Web (Undertow))
Affects Version/s: (was: 7.1.0.DR11)
> Adding keystore with generate-self-signed-certificate-host and without key-password specified fails upon first request
> ----------------------------------------------------------------------------------------------------------------------
>
> Key: WFCORE-2720
> URL: https://issues.jboss.org/browse/WFCORE-2720
> Project: WildFly Core
> Issue Type: Bug
> Components: Security, Server
> Reporter: Stuart Douglas
> Assignee: Stuart Douglas
> Priority: Critical
> Labels: legacy
>
> If I create keystore with generate-self-signed-certificate-host defined, and define https listener to use such keystore, upon first request, when it is being created it fails with \[1\]. Any following requests results in this log message \[2\]. All the requests are hanging till client timeouts them.
> If the key-password is really needed, I believe it should be validated upon configuration creation.
> Also the requests should be terminated and rejected with 500 due server failing to initialize the ssl context due server being incorrectly configured.
>
> \[1\]
> {noformat}
> 13:15:45,781 ERROR [org.xnio.listener] (default I/O-6) XNIO001007: A channel event listener threw an exception: java.lang.RuntimeException: WFLYDM0114: Failed to lazily initialize SSL context
> at org.jboss.as.domain.management.security.SSLContextService$LazyInitSSLContext$LazyInitSpi.doInit(SSLContextService.java:231)
> at org.jboss.as.domain.management.security.SSLContextService$LazyInitSSLContext$LazyInitSpi.engineCreateSSLEngine(SSLContextService.java:257)
> at javax.net.ssl.SSLContext.createSSLEngine(SSLContext.java:361)
> at io.undertow.protocols.ssl.UndertowAcceptingSslChannel.accept(UndertowAcceptingSslChannel.java:139)
> at io.undertow.protocols.ssl.UndertowAcceptingSslChannel.accept(UndertowAcceptingSslChannel.java:56)
> at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:289)
> at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:286)
> at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
> at org.xnio.ChannelListeners$DelegatingChannelListener.handleEvent(ChannelListeners.java:1092)
> at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
> at org.xnio.nio.QueuedNioTcpServer$1.run(QueuedNioTcpServer.java:131)
> at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:588)
> at org.xnio.nio.WorkerThread.run(WorkerThread.java:468)
> Caused by: java.lang.RuntimeException: WFLYDM0112: Failed to generate self signed certificate
> at org.jboss.as.domain.management.security.FileKeyManagerService.generateFileKeyStore(FileKeyManagerService.java:219)
> at org.jboss.as.domain.management.security.FileKeyManagerService.loadKeyStore(FileKeyManagerService.java:185)
> at org.jboss.as.domain.management.security.AbstractKeyManagerService.createKeyManagers(AbstractKeyManagerService.java:125)
> at org.jboss.as.domain.management.security.AbstractKeyManagerService.getKeyManagers(AbstractKeyManagerService.java:104)
> at org.jboss.as.domain.management.security.SSLContextService$LazyInitSSLContext$LazyInitSpi.doInit(SSLContextService.java:228)
> ... 12 more
> Caused by: java.lang.IllegalArgumentException: password can't be null
> at sun.security.provider.KeyProtector.<init>(KeyProtector.java:135)
> at sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:266)
> at sun.security.provider.JavaKeyStore$JKS.engineSetKeyEntry(JavaKeyStore.java:56)
> at sun.security.provider.KeyStoreDelegator.engineSetKeyEntry(KeyStoreDelegator.java:117)
> at sun.security.provider.JavaKeyStore$DualFormatJKS.engineSetKeyEntry(JavaKeyStore.java:70)
> at java.security.KeyStore.setKeyEntry(KeyStore.java:1140)
> at org.jboss.as.domain.management.security.FileKeyManagerService.generateFileKeyStore(FileKeyManagerService.java:212)
> ... 16 more
> {noformat}
> \[2\]
> {noformat}
> 13:34:05,862 ERROR [org.xnio.listener] (default I/O-2) XNIO001007: A channel event listener threw an exception: java.lang.IllegalStateException: SSLContextImpl is not initialized
> at sun.security.ssl.SSLContextImpl.engineCreateSSLEngine(SSLContextImpl.java:207)
> at javax.net.ssl.SSLContext.createSSLEngine(SSLContext.java:361)
> at org.jboss.as.domain.management.security.SSLContextService$LazyInitSSLContext$LazyInitSpi.engineCreateSSLEngine(SSLContextService.java:258)
> at javax.net.ssl.SSLContext.createSSLEngine(SSLContext.java:361)
> at io.undertow.protocols.ssl.UndertowAcceptingSslChannel.accept(UndertowAcceptingSslChannel.java:139)
> at io.undertow.protocols.ssl.UndertowAcceptingSslChannel.accept(UndertowAcceptingSslChannel.java:56)
> at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:289)
> at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:286)
> at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
> at org.xnio.ChannelListeners$DelegatingChannelListener.handleEvent(ChannelListeners.java:1092)
> at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
> at org.xnio.nio.QueuedNioTcpServer$1.run(QueuedNioTcpServer.java:131)
> at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:588)
> at org.xnio.nio.WorkerThread.run(WorkerThread.java:468)
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list