[jboss-jira] [JBoss JIRA] (ELY-1646) FIPS PKCS11 breaks after migrating from client scheme 1.0 to 1.1
Martin Choma (JIRA)
issues at jboss.org
Fri Aug 17 05:25:00 EDT 2018
Martin Choma created ELY-1646:
---------------------------------
Summary: FIPS PKCS11 breaks after migrating from client scheme 1.0 to 1.1
Key: ELY-1646
URL: https://issues.jboss.org/browse/ELY-1646
Project: WildFly Elytron
Issue Type: Bug
Components: Authentication Client
Affects Versions: 1.5.5.Final
Reporter: Martin Choma
Priority: Blocker
I have working configuration
{code}
<configuration>
<authentication-client xmlns="urn:elytron:1.0">
<key-stores>
<key-store name="truststore" type="PKCS11">
<key-store-clear-password password="${password}" />
</key-store>
</key-stores>
<ssl-contexts>
<ssl-context name="client-cli-context">
<trust-store key-store-name="truststore" />
<cipher-suite selector="${cipher.suite.filter}" />
<protocol names="${protocol}" />
</ssl-context>
</ssl-contexts>
<ssl-context-rules>
<rule use-ssl-context="client-cli-context" />
</ssl-context-rules>
</authentication-client>
</configuration>
{code}
After migrating to urn:elytron:1.1 error occurs.
{code}
10:44:07,823 ERROR [org.jboss.as.cli.impl.CliLauncher] Error processing CLI: org.jboss.as.cli.CliInitializationException: Failed to connect to the controller
at org.jboss.as.cli.impl.CliLauncher.initCommandContext(CliLauncher.java:330)
at org.jboss.as.cli.impl.CliLauncher.main(CliLauncher.java:291)
at org.jboss.as.cli.CommandLineMain.main(CommandLineMain.java:45)
at org.jboss.modules.Module.run(Module.java:352)
at org.jboss.modules.Module.run(Module.java:320)
at org.jboss.modules.Main.main(Main.java:593)
Caused by: org.jboss.as.cli.CommandLineException: Failed to resolve host 'localhost'
at org.jboss.as.cli.impl.CommandContextImpl.connectController(CommandContextImpl.java:1256)
at org.jboss.as.cli.impl.CommandContextImpl.connectController(CommandContextImpl.java:1203)
at org.jboss.as.cli.impl.CommandContextImpl.connectController(CommandContextImpl.java:1198)
at org.jboss.as.cli.impl.CliLauncher.initCommandContext(CliLauncher.java:328)
... 5 more
Caused by: java.io.IOException: Failed to obtain SSLContext
at org.jboss.as.cli.impl.CLIModelControllerClient.<init>(CLIModelControllerClient.java:156)
at org.jboss.as.cli.impl.ModelControllerClientFactory$2.getClient(ModelControllerClientFactory.java:85)
at org.jboss.as.cli.impl.CommandContextImpl.connectController(CommandContextImpl.java:1222)
... 8 more
Caused by: java.security.KeyManagementException: FIPS mode: only SunJSSE TrustManagers may be used
at sun.security.ssl.SSLContextImpl.chooseTrustManager(SSLContextImpl.java:115)
at sun.security.ssl.SSLContextImpl.engineInit(SSLContextImpl.java:78)
at javax.net.ssl.SSLContext.init(SSLContext.java:282)
at org.jboss.as.cli.impl.CommandContextImpl.createSslContext(CommandContextImpl.java:715)
at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:53)
at org.wildfly.security.auth.client.AuthenticationContextConfigurationClient.getSSLContext(AuthenticationContextConfigurationClient.java:221)
at org.wildfly.security.auth.client.AuthenticationContextConfigurationClient.getSSLContext(AuthenticationContextConfigurationClient.java:208)
at org.jboss.as.cli.impl.CLIModelControllerClient.<init>(CLIModelControllerClient.java:153)
... 10 more
{code}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list