[jboss-jira] [JBoss JIRA] (REMJMX-144) Elytron, JMX client fails to work when the JVM is running in FIPS mode
Darran Lofthouse (JIRA)
issues at jboss.org
Fri Jun 2 12:33:00 EDT 2017
[ https://issues.jboss.org/browse/REMJMX-144?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse updated REMJMX-144:
------------------------------------
Fix Version/s: 3.0.0.Beta6
(was: 3.0.0.Beta5)
> Elytron, JMX client fails to work when the JVM is running in FIPS mode
> ----------------------------------------------------------------------
>
> Key: REMJMX-144
> URL: https://issues.jboss.org/browse/REMJMX-144
> Project: Remoting JMX
> Issue Type: Bug
> Components: Security
> Reporter: Martin Choma
> Assignee: Darran Lofthouse
> Priority: Blocker
> Fix For: 3.0.0.Beta6
>
>
> The JMX client fails to work when the JVM is running in FIPS mode.
> There should be possible to configure client ssl context with Elytron. However doing so, still javax.net.ssl.SSLContext.getDefault() is called which fails with the following stacktrace:
> {code:title=server.log}
> 10:55:00,762 TRACE [org.jboss.remoting.endpoint] (default task-1) Completed open of endpoint "endpoint" <67ce59be>
> 10:55:00,762 TRACE [org.jboss.remoting.endpoint] (default task-1) Allocated tick to 1 of endpoint "endpoint" <67ce59be> (opened Connection provider for remote)
> 10:55:00,762 TRACE [org.jboss.remoting.endpoint] (default task-1) Adding connection provider registration named 'remote': Remoting remote connection provider 42a0d0b7 for endpoint "endpoint" <67ce59be>
> 10:55:00,762 TRACE [org.jboss.remoting.endpoint] (default task-1) Allocated tick to 2 of endpoint "endpoint" <67ce59be> (opened Connection provider for remote+tls)
> 10:55:00,762 TRACE [org.jboss.remoting.endpoint] (default task-1) Adding connection provider registration named 'remote+tls': Remoting remote connection provider 7dc22d9b for endpoint "endpoint" <67ce59be>
> 10:55:00,762 TRACE [org.jboss.remoting.endpoint] (default task-1) Allocated tick to 3 of endpoint "endpoint" <67ce59be> (opened Connection provider for remoting)
> 10:55:00,763 TRACE [org.jboss.remoting.endpoint] (default task-1) Adding connection provider registration named 'remoting': Remoting remote connection provider 194d9579 for endpoint "endpoint" <67ce59be>
> 10:55:00,763 TRACE [org.jboss.remoting.endpoint] (default task-1) Allocated tick to 4 of endpoint "endpoint" <67ce59be> (opened Connection provider for remote+http)
> 10:55:00,763 TRACE [org.jboss.remoting.endpoint] (default task-1) Adding connection provider registration named 'remote+http': Remoting remote connection provider 21f0cb0a for endpoint "endpoint" <67ce59be>
> 10:55:00,763 TRACE [org.jboss.remoting.endpoint] (default task-1) Allocated tick to 5 of endpoint "endpoint" <67ce59be> (opened Connection provider for remote+https)
> 10:55:00,763 TRACE [org.jboss.remoting.endpoint] (default task-1) Adding connection provider registration named 'remote+https': Remoting remote connection provider 27b862 for endpoint "endpoint" <67ce59be>
> 10:55:00,763 TRACE [org.jboss.remoting.endpoint] (default task-1) Allocated tick to 6 of endpoint "endpoint" <67ce59be> (opened Connection provider for http-remoting)
> 10:55:00,763 TRACE [org.jboss.remoting.endpoint] (default task-1) Adding connection provider registration named 'http-remoting': Remoting remote connection provider 422cda30 for endpoint "endpoint" <67ce59be>
> 10:55:00,763 TRACE [org.jboss.remoting.endpoint] (default task-1) Allocated tick to 7 of endpoint "endpoint" <67ce59be> (opened Connection provider for https-remoting)
> 10:55:00,763 TRACE [org.jboss.remoting.endpoint] (default task-1) Adding connection provider registration named 'https-remoting': Remoting remote connection provider 55cb3d77 for endpoint "endpoint" <67ce59be>
> 10:55:00,764 WARN [org.jboss.remotingjmx.Util] (default task-1) The protocol 'remoting-jmx' is deprecated, instead you should use 'remote'.
> 10:55:00,764 TRACE [org.wildfly.security] (default task-1) getAuthenticationConfiguration uri=remote://localhost:9999, protocolDefaultPort=-1, abstractType=null, abstractTypeAuthority=null, purpose=null, MatchRule=[null], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=localhost,set-port=9999]
> 10:55:00,764 WARN [org.jboss.remotingjmx.Util] (default task-1) The protocol 'remoting-jmx' is deprecated, instead you should use 'remote'.
> 10:55:00,765 TRACE [org.wildfly.security] (default task-1) getAuthenticationConfiguration uri=remote://localhost:9999, protocolDefaultPort=-1, abstractType=null, abstractTypeAuthority=null, purpose=connect, MatchRule=[], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=localhost,set-port=9999]
> 10:55:00,772 INFO [stdout] (default task-1) *** Error:JBREM000212: Failed to configure SSL context
> 10:55:00,773 ERROR [stderr] (default task-1) java.io.IOException: JBREM000212: Failed to configure SSL context
> 10:55:00,773 ERROR [stderr] (default task-1) at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:497)
> 10:55:00,773 ERROR [stderr] (default task-1) at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:487)
> 10:55:00,773 ERROR [stderr] (default task-1) at org.jboss.remotingjmx.RemotingConnector.internalRemotingConnect(RemotingConnector.java:241)
> 10:55:00,773 ERROR [stderr] (default task-1) at org.jboss.remotingjmx.RemotingConnector.internalConnect(RemotingConnector.java:158)
> 10:55:00,773 ERROR [stderr] (default task-1) at org.jboss.remotingjmx.RemotingConnector.connect(RemotingConnector.java:105)
> 10:55:00,773 ERROR [stderr] (default task-1) at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:270)
> 10:55:00,773 ERROR [stderr] (default task-1) at com.redhat.eap.qe.fips.standalone.elytron.client.jmx.JmxClientServlet.doGet(JmxClientServlet.java:33)
> 10:55:00,773 ERROR [stderr] (default task-1) at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
> 10:55:00,773 ERROR [stderr] (default task-1) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> 10:55:00,773 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> 10:55:00,774 ERROR [stderr] (default task-1) at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> 10:55:00,774 ERROR [stderr] (default task-1) at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> 10:55:00,775 ERROR [stderr] (default task-1) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> 10:55:00,775 ERROR [stderr] (default task-1) at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
> 10:55:00,775 ERROR [stderr] (default task-1) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> 10:55:00,775 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
> 10:55:00,775 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
> 10:55:00,775 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
> 10:55:00,775 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
> 10:55:00,775 ERROR [stderr] (default task-1) at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
> 10:55:00,775 ERROR [stderr] (default task-1) at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> 10:55:00,775 ERROR [stderr] (default task-1) at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
> 10:55:00,775 ERROR [stderr] (default task-1) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704)
> 10:55:00,775 ERROR [stderr] (default task-1) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704)
> 10:55:00,775 ERROR [stderr] (default task-1) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704)
> 10:55:00,775 ERROR [stderr] (default task-1) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704)
> 10:55:00,775 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
> 10:55:00,776 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
> 10:55:00,776 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
> 10:55:00,776 ERROR [stderr] (default task-1) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211)
> 10:55:00,776 ERROR [stderr] (default task-1) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809)
> 10:55:00,776 ERROR [stderr] (default task-1) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> 10:55:00,776 ERROR [stderr] (default task-1) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> 10:55:00,776 ERROR [stderr] (default task-1) at java.lang.Thread.run(Thread.java:745)
> 10:55:00,776 ERROR [stderr] (default task-1) Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
> 10:55:00,776 ERROR [stderr] (default task-1) at java.security.Provider$Service.newInstance(Provider.java:1617)
> 10:55:00,776 ERROR [stderr] (default task-1) at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
> 10:55:00,776 ERROR [stderr] (default task-1) at sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
> 10:55:00,777 ERROR [stderr] (default task-1) at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
> 10:55:00,777 ERROR [stderr] (default task-1) at javax.net.ssl.SSLContext.getDefault(SSLContext.java:96)
> 10:55:00,777 ERROR [stderr] (default task-1) at org.wildfly.security.auth.client.AuthenticationContextConfigurationClient.getSSLContext(AuthenticationContextConfigurationClient.java:183)
> 10:55:00,777 ERROR [stderr] (default task-1) at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:495)
> 10:55:00,777 ERROR [stderr] (default task-1) ... 46 more
> 10:55:00,777 ERROR [stderr] (default task-1) Caused by: java.security.KeyStoreException: FIPS mode: KeyStore must be from provider SunPKCS11-testPkcs
> 10:55:00,777 ERROR [stderr] (default task-1) at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:67)
> 10:55:00,777 ERROR [stderr] (default task-1) at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256)
> 10:55:00,777 ERROR [stderr] (default task-1) at sun.security.ssl.SSLContextImpl$DefaultSSLContext.getDefaultKeyManager(SSLContextImpl.java:874)
> 10:55:00,777 ERROR [stderr] (default task-1) at sun.security.ssl.SSLContextImpl$DefaultSSLContext.<init>(SSLContextImpl.java:732)
> 10:55:00,777 ERROR [stderr] (default task-1) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> 10:55:00,777 ERROR [stderr] (default task-1) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> 10:55:00,778 ERROR [stderr] (default task-1) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> 10:55:00,778 ERROR [stderr] (default task-1) at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
> 10:55:00,778 ERROR [stderr] (default task-1) at java.security.Provider$Service.newInstance(Provider.java:1595)
> 10:55:00,778 ERROR [stderr] (default task-1) ... 52 more
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list