[jboss-jira] [JBoss JIRA] (ELY-1648) FIPS NoSuchAlgorithmException: JKS KeyStore not available when trustmanager SunX509

Martin Choma (JIRA) issues at jboss.org
Fri Aug 17 08:15:00 EDT 2018 

    [ https://issues.jboss.org/browse/ELY-1648?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13620715#comment-13620715 ] 

Martin Choma commented on ELY-1648:
-----------------------------------

Attaching also interesting part of server.log

{code}
13:58:26,116 INFO  [com.redhat.eap.qe.cli.CustomCLIExecutor] (main) Command:[/home/mchoma/git-repo/tests-security/fips/target/dist/jboss-eap/bin/jboss-cli.sh, -Djboss.cli.config=/home/mchoma/git-repo/tests-security/fips/target/dist/jboss-eap/bin/jboss-cli.xml, -c, --controller=remote+https://localhost:9993, -Dwildfly.config.url=file:///home/mchoma/git-repo/tests-security/fips/target/CliClientTestCase/cli-test-wildfly-config-2583967554159159457.xml, --connect, --error-on-interact, :read-attribute(name=server-state)]
13:58:27,065 TRACE [org.wildfly.security.tls] (management I/O-2) Evaluating filter "add cipher name is "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", then add cipher name is "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", then add cipher name is "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", then add cipher name is "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", then add cipher name is "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", then add cipher name is "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", then add cipher name is "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", then add cipher name is "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", then add cipher name is "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", then add cipher name is "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", then add cipher name is "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", then add cipher name is "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", then add cipher name is "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", then add cipher name is "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", then add cipher name is "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", then add cipher name is "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", then add cipher name is "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", then add cipher name is "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", then add cipher name is "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"" on supported mechanisms:
    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
    TLS_RSA_WITH_AES_256_CBC_SHA256
    TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
    TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    TLS_RSA_WITH_AES_256_CBC_SHA
    TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA
    TLS_DHE_DSS_WITH_AES_256_CBC_SHA
    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    TLS_RSA_WITH_AES_128_CBC_SHA256
    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
    TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
    TLS_RSA_WITH_AES_128_CBC_SHA
    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA
    TLS_DHE_DSS_WITH_AES_128_CBC_SHA
    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_RSA_WITH_AES_256_GCM_SHA384
    TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
    TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    TLS_RSA_WITH_AES_128_GCM_SHA256
    TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
    TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
    TLS_EMPTY_RENEGOTIATION_INFO_SCSV
13:58:27,065 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
13:58:27,065 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
13:58:27,065 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_RSA_WITH_AES_256_CBC_SHA256
13:58:27,065 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
13:58:27,065 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
13:58:27,066 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
13:58:27,066 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
13:58:27,066 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
13:58:27,066 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
13:58:27,066 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_RSA_WITH_AES_256_CBC_SHA
13:58:27,066 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
13:58:27,066 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
13:58:27,066 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_DHE_RSA_WITH_AES_256_CBC_SHA
13:58:27,066 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_DHE_DSS_WITH_AES_256_CBC_SHA
13:58:27,066 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
13:58:27,067 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
13:58:27,067 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_RSA_WITH_AES_128_CBC_SHA256
13:58:27,067 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
13:58:27,067 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
13:58:27,067 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
13:58:27,067 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
13:58:27,067 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
13:58:27,067 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
13:58:27,067 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_RSA_WITH_AES_128_CBC_SHA
13:58:27,067 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
13:58:27,067 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
13:58:27,067 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_DHE_RSA_WITH_AES_128_CBC_SHA
13:58:27,068 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_DHE_DSS_WITH_AES_128_CBC_SHA
13:58:27,068 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
13:58:27,068 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
13:58:27,068 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
13:58:27,068 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_RSA_WITH_AES_256_GCM_SHA384
13:58:27,068 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
13:58:27,068 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
13:58:27,068 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
13:58:27,068 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
13:58:27,068 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
13:58:27,068 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_RSA_WITH_AES_128_GCM_SHA256
13:58:27,068 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
13:58:27,068 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
13:58:27,069 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
13:58:27,069 TRACE [org.wildfly.security.tls] (management I/O-2) Found supported mechanism TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
13:58:27,069 TRACE [org.wildfly.security.tls] (management I/O-2) Dropping unknown mechanism TLS_EMPTY_RENEGOTIATION_INFO_SCSV
13:58:27,069 TRACE [org.wildfly.security.tls] (management I/O-2) Adding cipher suite TLS_DHE_DSS_WITH_AES_128_CBC_SHA/DHE-DSS-AES128-SHA due to add rule
13:58:27,069 TRACE [org.wildfly.security.tls] (management I/O-2) Adding cipher suite TLS_DHE_RSA_WITH_AES_128_CBC_SHA/DHE-RSA-AES128-SHA due to add rule
13:58:27,069 TRACE [org.wildfly.security.tls] (management I/O-2) Adding cipher suite TLS_DHE_DSS_WITH_AES_256_CBC_SHA/DHE-DSS-AES256-SHA due to add rule
13:58:27,069 TRACE [org.wildfly.security.tls] (management I/O-2) Adding cipher suite TLS_DHE_RSA_WITH_AES_256_CBC_SHA/DHE-RSA-AES256-SHA due to add rule
13:58:27,069 TRACE [org.wildfly.security.tls] (management I/O-2) Adding cipher suite TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA/ECDH-ECDSA-AES128-SHA due to add rule
13:58:27,070 TRACE [org.wildfly.security.tls] (management I/O-2) Adding cipher suite TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA/ECDH-ECDSA-AES256-SHA due to add rule
13:58:27,070 TRACE [org.wildfly.security.tls] (management I/O-2) Adding cipher suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA/ECDHE-ECDSA-AES128-SHA due to add rule
13:58:27,070 TRACE [org.wildfly.security.tls] (management I/O-2) Adding cipher suite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA/ECDHE-ECDSA-AES256-SHA due to add rule
13:58:27,070 TRACE [org.wildfly.security.tls] (management I/O-2) Adding cipher suite TLS_ECDH_RSA_WITH_AES_128_CBC_SHA/ECDH-RSA-AES128-SHA due to add rule
13:58:27,070 TRACE [org.wildfly.security.tls] (management I/O-2) Adding cipher suite TLS_ECDH_RSA_WITH_AES_256_CBC_SHA/ECDH-RSA-AES256-SHA due to add rule
13:58:27,070 TRACE [org.wildfly.security.tls] (management I/O-2) Adding cipher suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA/ECDHE-RSA-AES128-SHA due to add rule
13:58:27,071 TRACE [org.wildfly.security.tls] (management I/O-2) Adding cipher suite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA/ECDHE-RSA-AES256-SHA due to add rule
13:58:27,234 TRACE [org.wildfly.security] (management I/O-2) Peer unverified: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
	at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:440)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:1000)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:839)
	at org.wildfly.security.sasl.util.SSLQueryCallbackHandler.handle(SSLQueryCallbackHandler.java:68)
	at org.wildfly.security.sasl.util.TrustManagerSaslServerFactory.lambda$createSaslServer$0(TrustManagerSaslServerFactory.java:96)
	at org.wildfly.security.sasl.util.SetMechanismInformationSaslServerFactory.createSaslServer(SetMechanismInformationSaslServerFactory.java:74)
	at org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory.createSaslServer(AuthenticationCompleteCallbackSaslServerFactory.java:51)
	at org.wildfly.security.sasl.util.TrustManagerSaslServerFactory.createSaslServer(TrustManagerSaslServerFactory.java:72)
	at org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory.createSaslServer(AuthenticationTimeoutSaslServerFactory.java:74)
	at org.wildfly.security.sasl.util.AbstractDelegatingSaslServerFactory.createSaslServer(AbstractDelegatingSaslServerFactory.java:66)
	at org.wildfly.security.sasl.util.SSLSaslServerFactory.createSaslServer(SSLSaslServerFactory.java:67)
	at org.wildfly.security.sasl.util.AbstractDelegatingSaslServerFactory.createSaslServer(AbstractDelegatingSaslServerFactory.java:66)
	at org.wildfly.security.sasl.util.ServerNameSaslServerFactory.createSaslServer(ServerNameSaslServerFactory.java:48)
	at org.wildfly.security.sasl.util.AbstractDelegatingSaslServerFactory.createSaslServer(AbstractDelegatingSaslServerFactory.java:66)
	at org.wildfly.security.sasl.util.ProtocolSaslServerFactory.createSaslServer(ProtocolSaslServerFactory.java:48)
	at org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory.createSaslServer(SecurityIdentitySaslServerFactory.java:53)
	at org.wildfly.security.auth.server.SaslAuthenticationFactory.doCreate(SaslAuthenticationFactory.java:61)
	at org.wildfly.security.auth.server.SaslAuthenticationFactory.doCreate(SaslAuthenticationFactory.java:52)
	at org.wildfly.security.auth.server.AbstractMechanismAuthenticationFactory.createMechanism(AbstractMechanismAuthenticationFactory.java:54)
	at org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial.handleEvent(ServerConnectionOpenListener.java:281)
	at org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial.handleEvent(ServerConnectionOpenListener.java:141)
	at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
	at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
	at io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.readReady(SslConduit.java:1162)
	at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)
	at org.xnio.nio.WorkerThread.run(WorkerThread.java:591)

13:58:27,235 TRACE [org.wildfly.security] (management I/O-2) Handling MechanismInformationCallback type='SASL' name='ANONYMOUS' host-name='localhost' protocol='remote'
13:58:27,236 TRACE [org.wildfly.security] (management I/O-2) Created SaslServer [org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1 at 7e66c795->org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer at 1b9f6c1a->org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1 at 7d98f0f1->org.wildfly.security.sasl.anonymous.AnonymousSaslServer at 4266afc1] for mechanism [ANONYMOUS]
13:58:27,236 TRACE [org.wildfly.security] (management task-1) Permission mapping: identity [anonymous] with roles [] implies ("org.wildfly.security.auth.permission.LoginPermission" "") = true
13:58:27,237 TRACE [org.wildfly.security] (management task-1) Handling AnonymousAuthorizationCallback: authorized = true
13:58:27,237 TRACE [org.wildfly.security] (management task-1) Handling AuthenticationCompleteCallback: succeed
13:58:27,237 TRACE [org.wildfly.security] (management task-1) Handling SecurityIdentityCallback: identity = SecurityIdentity{principal=anonymous, securityDomain=org.wildfly.security.auth.server.SecurityDomain at 19dd89ce, authorizationIdentity=EMPTY, realmInfo=RealmInfo{name='default', securityRealm=EMPTY_REALM}, creationTime=2018-08-17T11:58:25.808Z}
13:58:27,651 INFO  [com.redhat.eap.qe.cli.CustomCLIExecutor] (main) CLI executor output:
13:58:27,652 INFO  [com.redhat.eap.qe.cli.CustomCLIExecutor] (main) java.security.KeyStoreException: JKS not found
	at java.security.KeyStore.getInstance(KeyStore.java:851)
	at sun.security.util.AnchorCertificates$1.run(AnchorCertificates.java:59)
	at sun.security.util.AnchorCertificates$1.run(AnchorCertificates.java:52)
	at java.security.AccessController.doPrivileged(Native Method)
	at sun.security.util.AnchorCertificates.<clinit>(AnchorCertificates.java:52)
	at sun.security.provider.certpath.AlgorithmChecker.checkFingerprint(AlgorithmChecker.java:214)
	at sun.security.provider.certpath.AlgorithmChecker.<init>(AlgorithmChecker.java:164)
	at sun.security.provider.certpath.AlgorithmChecker.<init>(AlgorithmChecker.java:118)
	at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:157)
	at sun.security.validator.Validator.validate(Validator.java:260)
	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1601)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
	at sun.security.ssl.Handshaker$1.run(Handshaker.java:992)
	at sun.security.ssl.Handshaker$1.run(Handshaker.java:989)
	at java.security.AccessController.doPrivileged(Native Method)
	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1467)
	at org.xnio.ssl.JsseSslConduitEngine.handleHandshake(JsseSslConduitEngine.java:543)
	at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:314)
	at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:204)
	at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:98)
	at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:72)
	at org.xnio.conduits.ConduitStreamSinkChannel.write(ConduitStreamSinkChannel.java:150)
	at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:385)
	at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:372)
	at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
	at org.xnio.conduits.WriteReadyHandler$ChannelListenerHandler.writeReady(WriteReadyHandler.java:65)
	at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:94)
	at org.xnio.nio.WorkerThread.run(WorkerThread.java:591)
Caused by: java.security.NoSuchAlgorithmException: JKS KeyStore not available
	at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
	at java.security.Security.getImpl(Security.java:695)
	at java.security.KeyStore.getInstance(KeyStore.java:848)
	... 31 more
{
    "outcome" => "success",
    "result" => "running"
}
{code}

> FIPS NoSuchAlgorithmException: JKS KeyStore not available when trustmanager SunX509
> -----------------------------------------------------------------------------------
>
>                 Key: ELY-1648
>                 URL: https://issues.jboss.org/browse/ELY-1648
>             Project: WildFly Elytron
>          Issue Type: Bug
>          Components: SSL
>    Affects Versions: 1.5.5.Final
>            Reporter: Martin Choma
>         Attachments: java.security
>
>
> With SunX509 truststore algorithm I can succesfully connect with CLI.
> {code}
> <configuration>
>     <authentication-client xmlns="urn:elytron:client:1.1">
>         <key-stores>
>             <key-store name="truststore" type="PKCS11">
>                 <key-store-clear-password password="${password}" />
>             </key-store>
>         </key-stores>
>         <ssl-contexts>
>             <ssl-context name="client-cli-context">
>                 <trust-manager algorithm="SunX509" />
>                 <trust-store key-store-name="truststore" />
>                 <cipher-suite selector="${cipher.suite.filter}" />
>                 <protocol names="${protocol}" />
>             </ssl-context>
>         </ssl-contexts>
>         <ssl-context-rules>
>             <rule use-ssl-context="client-cli-context" />
>         </ssl-context-rules>
>     </authentication-client>
> </configuration>
> {code}
> But there is a exception in log
> {code}
> 13:58:27,652 INFO  [com.redhat.eap.qe.cli.CustomCLIExecutor] (main) java.security.KeyStoreException: JKS not found
> 	at java.security.KeyStore.getInstance(KeyStore.java:851)
> 	at sun.security.util.AnchorCertificates$1.run(AnchorCertificates.java:59)
> 	at sun.security.util.AnchorCertificates$1.run(AnchorCertificates.java:52)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at sun.security.util.AnchorCertificates.<clinit>(AnchorCertificates.java:52)
> 	at sun.security.provider.certpath.AlgorithmChecker.checkFingerprint(AlgorithmChecker.java:214)
> 	at sun.security.provider.certpath.AlgorithmChecker.<init>(AlgorithmChecker.java:164)
> 	at sun.security.provider.certpath.AlgorithmChecker.<init>(AlgorithmChecker.java:118)
> 	at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:157)
> 	at sun.security.validator.Validator.validate(Validator.java:260)
> 	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
> 	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281)
> 	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
> 	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1601)
> 	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
> 	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
> 	at sun.security.ssl.Handshaker$1.run(Handshaker.java:992)
> 	at sun.security.ssl.Handshaker$1.run(Handshaker.java:989)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1467)
> 	at org.xnio.ssl.JsseSslConduitEngine.handleHandshake(JsseSslConduitEngine.java:543)
> 	at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:314)
> 	at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:204)
> 	at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:98)
> 	at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:72)
> 	at org.xnio.conduits.ConduitStreamSinkChannel.write(ConduitStreamSinkChannel.java:150)
> 	at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:385)
> 	at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:372)
> 	at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
> 	at org.xnio.conduits.WriteReadyHandler$ChannelListenerHandler.writeReady(WriteReadyHandler.java:65)
> 	at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:94)
> 	at org.xnio.nio.WorkerThread.run(WorkerThread.java:591)
> Caused by: java.security.NoSuchAlgorithmException: JKS KeyStore not available
> 	at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
> 	at java.security.Security.getImpl(Security.java:695)
> 	at java.security.KeyStore.getInstance(KeyStore.java:848)
> 	... 31 more
> {code}
> When I change SunX509 to PKIX exception does not occure anymore.
> Seems exception is thrown by code https://github.com/JetBrains/jdk8u_jdk/blob/master/src/share/classes/sun/security/util/AnchorCertificates.java#L59



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list