[jboss-jira] [JBoss JIRA] (WFCORE-2720) Adding keystore with generate-self-signed-certificate-host and without key-password specified fails upon first request

Brian Stansberry (JIRA) issues at jboss.org
Thu Apr 27 19:59:00 EDT 2017 

     [ https://issues.jboss.org/browse/WFCORE-2720?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Brian Stansberry updated WFCORE-2720:
-------------------------------------
    Fix Version/s: 3.0.0.Beta18
                       (was: 3.0.0.Beta17)


> Adding keystore with generate-self-signed-certificate-host and without key-password specified fails upon first request
> ----------------------------------------------------------------------------------------------------------------------
>
>                 Key: WFCORE-2720
>                 URL: https://issues.jboss.org/browse/WFCORE-2720
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Security, Server
>            Reporter: Stuart Douglas
>            Assignee: Stuart Douglas
>            Priority: Critical
>              Labels: legacy
>             Fix For: 3.0.0.Beta18
>
>
> If I create keystore with generate-self-signed-certificate-host defined, and define https listener to use such keystore, upon first request, when it is being created it fails with \[1\]. Any following requests results in this log message \[2\]. All the requests are hanging till client timeouts them.
> If the key-password is really needed, I believe it should be validated upon configuration creation.
> Also the requests should be terminated and rejected with 500 due server failing to initialize the ssl context due server being incorrectly configured.
>  
> \[1\]
> {noformat}
> 13:15:45,781 ERROR [org.xnio.listener] (default I/O-6) XNIO001007: A channel event listener threw an exception: java.lang.RuntimeException: WFLYDM0114: Failed to lazily initialize SSL context
> 	at org.jboss.as.domain.management.security.SSLContextService$LazyInitSSLContext$LazyInitSpi.doInit(SSLContextService.java:231)
> 	at org.jboss.as.domain.management.security.SSLContextService$LazyInitSSLContext$LazyInitSpi.engineCreateSSLEngine(SSLContextService.java:257)
> 	at javax.net.ssl.SSLContext.createSSLEngine(SSLContext.java:361)
> 	at io.undertow.protocols.ssl.UndertowAcceptingSslChannel.accept(UndertowAcceptingSslChannel.java:139)
> 	at io.undertow.protocols.ssl.UndertowAcceptingSslChannel.accept(UndertowAcceptingSslChannel.java:56)
> 	at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:289)
> 	at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:286)
> 	at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
> 	at org.xnio.ChannelListeners$DelegatingChannelListener.handleEvent(ChannelListeners.java:1092)
> 	at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
> 	at org.xnio.nio.QueuedNioTcpServer$1.run(QueuedNioTcpServer.java:131)
> 	at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:588)
> 	at org.xnio.nio.WorkerThread.run(WorkerThread.java:468)
> Caused by: java.lang.RuntimeException: WFLYDM0112: Failed to generate self signed certificate
> 	at org.jboss.as.domain.management.security.FileKeyManagerService.generateFileKeyStore(FileKeyManagerService.java:219)
> 	at org.jboss.as.domain.management.security.FileKeyManagerService.loadKeyStore(FileKeyManagerService.java:185)
> 	at org.jboss.as.domain.management.security.AbstractKeyManagerService.createKeyManagers(AbstractKeyManagerService.java:125)
> 	at org.jboss.as.domain.management.security.AbstractKeyManagerService.getKeyManagers(AbstractKeyManagerService.java:104)
> 	at org.jboss.as.domain.management.security.SSLContextService$LazyInitSSLContext$LazyInitSpi.doInit(SSLContextService.java:228)
> 	... 12 more
> Caused by: java.lang.IllegalArgumentException: password can't be null
> 	at sun.security.provider.KeyProtector.<init>(KeyProtector.java:135)
> 	at sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:266)
> 	at sun.security.provider.JavaKeyStore$JKS.engineSetKeyEntry(JavaKeyStore.java:56)
> 	at sun.security.provider.KeyStoreDelegator.engineSetKeyEntry(KeyStoreDelegator.java:117)
> 	at sun.security.provider.JavaKeyStore$DualFormatJKS.engineSetKeyEntry(JavaKeyStore.java:70)
> 	at java.security.KeyStore.setKeyEntry(KeyStore.java:1140)
> 	at org.jboss.as.domain.management.security.FileKeyManagerService.generateFileKeyStore(FileKeyManagerService.java:212)
> 	... 16 more
> {noformat}
> \[2\]
> {noformat}
> 13:34:05,862 ERROR [org.xnio.listener] (default I/O-2) XNIO001007: A channel event listener threw an exception: java.lang.IllegalStateException: SSLContextImpl is not initialized
> 	at sun.security.ssl.SSLContextImpl.engineCreateSSLEngine(SSLContextImpl.java:207)
> 	at javax.net.ssl.SSLContext.createSSLEngine(SSLContext.java:361)
> 	at org.jboss.as.domain.management.security.SSLContextService$LazyInitSSLContext$LazyInitSpi.engineCreateSSLEngine(SSLContextService.java:258)
> 	at javax.net.ssl.SSLContext.createSSLEngine(SSLContext.java:361)
> 	at io.undertow.protocols.ssl.UndertowAcceptingSslChannel.accept(UndertowAcceptingSslChannel.java:139)
> 	at io.undertow.protocols.ssl.UndertowAcceptingSslChannel.accept(UndertowAcceptingSslChannel.java:56)
> 	at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:289)
> 	at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:286)
> 	at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
> 	at org.xnio.ChannelListeners$DelegatingChannelListener.handleEvent(ChannelListeners.java:1092)
> 	at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
> 	at org.xnio.nio.QueuedNioTcpServer$1.run(QueuedNioTcpServer.java:131)
> 	at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:588)
> 	at org.xnio.nio.WorkerThread.run(WorkerThread.java:468)
> {noformat}



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list