[jboss-jira] [JBoss JIRA] (ELY-1648) FIPS NoSuchAlgorithmException: JKS KeyStore not available when trustmanager SunX509
Martin Choma (JIRA)
issues at jboss.org
Wed Sep 26 03:59:01 EDT 2018
[ https://issues.jboss.org/browse/ELY-1648?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13638547#comment-13638547 ]
Martin Choma commented on ELY-1648:
-----------------------------------
Adding log with jboss-cli.sh -Djavax.net.debug=all
It shows and align with stacktrace error is thrown on client side during processing server certificate.
{code}
[standalone at localhost:9990 /] reload
Using SSLEngineImpl.
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1521170940 bytes = { 91, 161, 212, 139, 54, 91, 159, 74, 137, 194, 1, 152, 46, 109, 66, 145, 103, 199, 38, 54, 112, 199, 44, 71, 133, 111, 124, 193 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension renegotiation_info, renegotiated_connection: <empty>
***
[write] MD5 and SHA1 hashes: len = 196
0000: 01 00 00 C0 03 03 5B AB 3A FC 5B A1 D4 8B 36 5B ......[.:.[...6[
0010: 9F 4A 89 C2 01 98 2E 6D 42 91 67 C7 26 36 70 C7 .J.....mB.g.&6p.
0020: 2C 47 85 6F 7C C1 00 00 54 C0 24 C0 28 00 3D C0 ,G.o....T.$.(.=.
0030: 26 C0 2A 00 6B 00 6A C0 0A C0 14 00 35 C0 05 C0 &.*.k.j.....5...
0040: 0F 00 39 00 38 C0 23 C0 27 00 3C C0 25 C0 29 00 ..9.8.#.'.<.%.).
0050: 67 00 40 C0 09 C0 13 00 2F C0 04 C0 0E 00 33 00 g. at ...../.....3.
0060: 32 C0 2C C0 2B C0 30 00 9D C0 2E C0 32 00 9F 00 2.,.+.0.....2...
0070: A3 C0 2F 00 9C C0 2D C0 31 00 9E 00 A2 01 00 00 ../...-.1.......
0080: 43 00 0A 00 14 00 12 00 17 00 18 00 19 00 09 00 C...............
0090: 0A 00 0B 00 0C 00 0D 00 0E 00 0B 00 02 01 00 00 ................
00A0: 0D 00 1C 00 1A 06 03 06 01 05 03 05 01 04 03 04 ................
00B0: 01 04 02 03 03 03 01 03 02 02 03 02 01 02 02 FF ................
00C0: 01 00 01 00 ....
Remoting "cli-client" I/O-1, WRITE: TLSv1.2 Handshake, length = 196
[Raw write]: length = 201
0000: 16 03 03 00 C4 01 00 00 C0 03 03 5B AB 3A FC 5B ...........[.:.[
0010: A1 D4 8B 36 5B 9F 4A 89 C2 01 98 2E 6D 42 91 67 ...6[.J.....mB.g
0020: C7 26 36 70 C7 2C 47 85 6F 7C C1 00 00 54 C0 24 .&6p.,G.o....T.$
0030: C0 28 00 3D C0 26 C0 2A 00 6B 00 6A C0 0A C0 14 .(.=.&.*.k.j....
0040: 00 35 C0 05 C0 0F 00 39 00 38 C0 23 C0 27 00 3C .5.....9.8.#.'.<
0050: C0 25 C0 29 00 67 00 40 C0 09 C0 13 00 2F C0 04 .%.).g. at ...../..
0060: C0 0E 00 33 00 32 C0 2C C0 2B C0 30 00 9D C0 2E ...3.2.,.+.0....
0070: C0 32 00 9F 00 A3 C0 2F 00 9C C0 2D C0 31 00 9E .2...../...-.1..
0080: 00 A2 01 00 00 43 00 0A 00 14 00 12 00 17 00 18 .....C..........
0090: 00 19 00 09 00 0A 00 0B 00 0C 00 0D 00 0E 00 0B ................
00A0: 00 02 01 00 00 0D 00 1C 00 1A 06 03 06 01 05 03 ................
00B0: 05 01 04 03 04 01 04 02 03 03 03 01 03 02 02 03 ................
00C0: 02 01 02 02 FF 01 00 01 00 .........
[Raw read]: length = 5
0000: 16 03 02 05 37 ....7
[Raw read]: length = 1335
0000: 02 00 00 4D 03 02 5B AB 3A FC F2 E6 88 D2 D5 AC ...M..[.:.......
0010: 4E 94 9A 6C 88 06 71 E9 C7 64 AF 73 9B 93 01 3D N..l..q..d.s...=
0020: 4B 7E 70 09 83 9B 20 5B AB 3A FC 8D 7F C3 69 C6 K.p... [.:....i.
0030: 06 70 79 A3 D0 1C F7 18 C7 01 C6 FB 26 2A 35 90 .py.........&*5.
0040: A5 D5 82 07 F9 2E CF 00 33 00 00 05 FF 01 00 01 ........3.......
0050: 00 0B 00 02 AF 00 02 AC 00 02 A9 30 82 02 A5 30 ...........0...0
0060: 82 01 8D A0 03 02 01 02 02 05 00 A6 9A 90 A2 30 ...............0
0070: 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 30 14 ...*.H........0.
0080: 31 12 30 10 06 03 55 04 03 13 09 6C 6F 63 61 6C 1.0...U....local
0090: 68 6F 73 74 30 1E 17 0D 31 36 30 36 30 39 30 38 host0...16060908
00A0: 35 30 35 33 5A 17 0D 33 36 30 36 30 39 30 38 35 5053Z..360609085
00B0: 30 35 33 5A 30 14 31 12 30 10 06 03 55 04 03 13 053Z0.1.0...U...
00C0: 09 6C 6F 63 61 6C 68 6F 73 74 30 82 01 22 30 0D .localhost0.."0.
00D0: 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 ..*.H...........
00E0: 0F 00 30 82 01 0A 02 82 01 01 00 E6 33 55 5C D1 ..0.........3U\.
00F0: 43 74 86 82 35 F9 0D CD 11 24 F3 14 90 10 32 EA Ct..5....$....2.
0100: 17 1D CF B3 B1 46 AE DF 61 5F B5 7C 30 78 0C 98 .....F..a_..0x..
0110: 51 33 37 D7 23 A3 AC A9 29 37 27 BA EE 42 A4 C2 Q37.#...)7'..B..
0120: F8 E6 0C EE 13 24 83 C4 28 F0 EB 7F BE A7 F7 1C .....$..(.......
0130: 1D F0 80 12 52 8A BB F9 FC 58 11 8D A2 35 74 7A ....R....X...5tz
0140: CB EF D5 24 2D 6D AF C2 F3 8D F7 E6 6D FE B3 7F ...$-m......m...
0150: 3A 30 48 C4 4B AC 35 A5 4A EB 74 E2 7C 34 0D 8E :0H.K.5.J.t..4..
0160: 0F 86 EF 69 F9 FB 10 96 93 BD FE C9 42 02 FC 3F ...i........B..?
0170: FA AD DF 70 67 7B 81 88 A3 FE FB E3 30 DE 1E 98 ...pg.......0...
0180: 40 70 EE 66 89 25 56 D2 89 01 20 AD 8F 78 E3 F3 @p.f.%V... ..x..
0190: A5 30 CD 37 52 CF C5 16 CF E0 AB A1 C5 8F 60 C5 .0.7R.........`.
01A0: 46 77 03 8C 83 7E 59 EB 7E 35 A2 7F 34 A9 5D 0D Fw....Y..5..4.].
01B0: 75 77 2F C2 77 92 96 71 D1 E3 63 2F 3C D0 3F F0 uw/.w..q..c/<.?.
01C0: 35 8E 09 61 EA 51 83 00 FC E9 DB 61 E2 84 01 02 5..a.Q.....a....
01D0: 9E 50 55 AA 30 C2 BF B1 1E 9D 7D C5 2A 21 71 0E .PU.0.......*!q.
01E0: 46 C7 7C 67 3B 52 E4 AD EB E7 E7 02 03 01 00 01 F..g;R..........
01F0: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 03 0...*.H.........
0200: 82 01 01 00 39 D3 A0 BE DD 4D 83 CD BA 59 04 A0 ....9....M...Y..
0210: F0 D9 EE E4 66 3B B8 0B 99 19 0F 2E 2E 79 B4 A5 ....f;.......y..
0220: 71 BD 5A 2B E8 F4 A3 04 42 7E 20 54 90 4F 5E A8 q.Z+....B. T.O^.
0230: DC 8B A1 46 BE 10 FC 45 7C 6D 01 CF D0 A0 4B E5 ...F...E.m....K.
0240: 6F BF 35 3B FB 11 F1 4D 16 B1 E0 4B 19 2A A8 D8 o.5;...M...K.*..
0250: 2D C7 0B 43 3C 55 F3 3E 8C 05 43 14 F0 A1 DE E4 -..C<U.>..C.....
0260: 67 9E 36 D9 35 2E 47 1E D0 78 39 39 81 C6 4C EE g.6.5.G..x99..L.
0270: E7 76 D4 22 50 D0 1A AE CA 98 A2 62 8A 7B A4 F6 .v."P......b....
0280: 3A 1E 87 CD 96 95 61 09 24 35 7A 80 68 42 68 66 :.....a.$5z.hBhf
0290: 73 DC CF 1F 0A DE 1E 6F 90 B0 C8 77 87 E4 B3 E0 s......o...w....
02A0: F7 A6 5F 11 9D 3B 67 F4 31 32 13 26 EA FE 5A 48 .._..;g.12.&..ZH
02B0: C5 8E 6C 28 52 25 59 DB DB 49 40 F6 1F 03 09 AC ..l(R%Y..I at .....
02C0: 28 9C 16 4A 8D 92 DE 53 19 D1 85 12 AA 5C 1A AB (..J...S.....\..
02D0: 1F 5C 32 DB F8 43 92 56 86 A8 7D 2B 9B DD D2 9B .\2..C.V...+....
02E0: 27 F7 5E A4 47 F9 C6 7B D8 71 80 94 16 F5 8E F5 '.^.G....q......
02F0: 4A 45 7A 97 2F C2 62 9D B9 41 54 26 ED C9 DD DF JEz./.b..AT&....
0300: C5 1C F8 B8 0C 00 02 09 00 80 FF FF FF FF FF FF ................
0310: FF FF C9 0F DA A2 21 68 C2 34 C4 C6 62 8B 80 DC ......!h.4..b...
0320: 1C D1 29 02 4E 08 8A 67 CC 74 02 0B BE A6 3B 13 ..).N..g.t....;.
0330: 9B 22 51 4A 08 79 8E 34 04 DD EF 95 19 B3 CD 3A ."QJ.y.4.......:
0340: 43 1B 30 2B 0A 6D F2 5F 14 37 4F E1 35 6D 6D 51 C.0+.m._.7O.5mmQ
0350: C2 45 E4 85 B5 76 62 5E 7E C6 F4 4C 42 E9 A6 37 .E...vb^...LB..7
0360: ED 6B 0B FF 5C B6 F4 06 B7 ED EE 38 6B FB 5A 89 .k..\......8k.Z.
0370: 9F A5 AE 9F 24 11 7C 4B 1F E6 49 28 66 51 EC E6 ....$..K..I(fQ..
0380: 53 81 FF FF FF FF FF FF FF FF 00 01 02 00 80 94 S...............
0390: 35 1B 36 50 05 0F EA CF 92 FD F0 77 AA C0 63 96 5.6P.......w..c.
03A0: EC 2C B1 5B 44 93 C1 18 94 19 A9 A2 CB CB 10 DA .,.[D...........
03B0: 54 B4 F3 99 9E CC 15 4D 73 A2 A8 47 DD 96 4D AF T......Ms..G..M.
03C0: 21 30 1B 94 13 43 D7 F2 AD 2D B4 9D 85 71 AA 15 !0...C...-...q..
03D0: 8D 91 B5 2E AC 6A ED E9 99 50 05 91 53 FF 35 E0 .....j...P..S.5.
03E0: 77 7D 77 BC D7 E3 83 7D 9C 44 75 90 64 EC 3D 86 w.w......Du.d.=.
03F0: A5 CC E0 72 91 1F 40 FE 77 48 58 BA 12 2B 86 0B ...r.. at .wHX..+..
0400: 89 04 A4 0E E4 35 C7 24 4C 5E 3F EB D4 9E 97 01 .....5.$L^?.....
0410: 00 24 A1 C4 3F C1 B3 82 AC 2C 6F 78 D3 A7 C4 DC .$..?....,ox....
0420: 8D 80 C0 13 5A A1 3B 1C CA 81 1F 53 6C 47 5C AA ....Z.;....SlG\.
0430: 7A 8A 0C 34 F6 AC 53 4F A3 7F 96 DF 73 C5 80 1A z..4..SO....s...
0440: A0 BA 6B 50 EB 62 7B E9 16 FE 2A 09 B6 D4 07 B0 ..kP.b....*.....
0450: E9 7B 9D E0 70 05 C1 1D 6E 32 F2 F1 FB 02 88 B9 ....p...n2......
0460: 59 44 A8 8A 67 5A E2 36 B4 3E 55 96 DD D2 C6 47 YD..gZ.6.>U....G
0470: 0B B2 A3 24 97 9A 9D EB 88 E3 D3 6F 0D 57 8D DE ...$.......o.W..
0480: 79 95 B8 45 12 44 2D C8 59 0E 82 5E 0E 1C D1 12 y..E.D-.Y..^....
0490: 8C D9 D5 DE F4 61 3D D8 B1 90 C6 C5 33 E0 DB F1 .....a=.....3...
04A0: 40 D2 CE A5 B8 01 2B 7D 89 12 6A 9E 1F 3A 6D 43 @.....+...j..:mC
04B0: 83 61 F5 05 59 90 9A 38 FD 60 70 CB 13 B1 4D 6B .a..Y..8.`p...Mk
04C0: 3B 5C 44 43 83 81 6D 65 5E 3C 57 80 59 FD 8A 76 ;\DC..me^<W.Y..v
04D0: C8 54 60 9A DC AE 04 04 3E 06 91 E3 18 36 FC 28 .T`.....>....6.(
04E0: 3A 76 D7 B1 23 15 DF A9 47 4B A0 F3 2B A0 8F C5 :v..#...GK..+...
04F0: DB 7C 3C 22 4A E6 27 F1 98 9D 55 FF 6A 76 0F CE ..<"J.'...U.jv..
0500: 46 76 E1 05 6F 44 9B B5 47 F0 C2 1D ED 98 6C 8F Fv..oD..G.....l.
0510: FA 0D 00 00 1E 03 01 02 40 00 18 00 16 30 14 31 ........ at ....0.1
0520: 12 30 10 06 03 55 04 03 13 09 6C 6F 63 61 6C 68 .0...U....localh
0530: 6F 73 74 0E 00 00 00 ost....
Remoting "cli-client" I/O-1, READ: TLSv1.1 Handshake, length = 1335
*** ServerHello, TLSv1.1
RandomCookie: GMT: 1521170940 bytes = { 242, 230, 136, 210, 213, 172, 78, 148, 154, 108, 136, 6, 113, 233, 199, 100, 175, 115, 155, 147, 1, 61, 75, 126, 112, 9, 131, 155 }
Session ID: {91, 171, 58, 252, 141, 127, 195, 105, 198, 6, 112, 121, 163, 208, 28, 247, 24, 199, 1, 198, 251, 38, 42, 53, 144, 165, 213, 130, 7, 249, 46, 207}
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized: [Session-1, TLS_DHE_RSA_WITH_AES_128_CBC_SHA]
** TLS_DHE_RSA_WITH_AES_128_CBC_SHA
[read] MD5 and SHA1 hashes: len = 81
0000: 02 00 00 4D 03 02 5B AB 3A FC F2 E6 88 D2 D5 AC ...M..[.:.......
0010: 4E 94 9A 6C 88 06 71 E9 C7 64 AF 73 9B 93 01 3D N..l..q..d.s...=
0020: 4B 7E 70 09 83 9B 20 5B AB 3A FC 8D 7F C3 69 C6 K.p... [.:....i.
0030: 06 70 79 A3 D0 1C F7 18 C7 01 C6 FB 26 2A 35 90 .py.........&*5.
0040: A5 D5 82 07 F9 2E CF 00 33 00 00 05 FF 01 00 01 ........3.......
0050: 00 .
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=localhost
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: SunPKCS11-testPkcs RSA public key, 2048 bits (id 1, session object)
modulus: 29060123608617163373357149186256302256690451367273583694712552941294495945669213396459502551108916094627533354975746646666668842224005427071342014703724867595834265833597653226684476041132529577057616340675158367673515462715606125948342173240068681053092167230285139913636897825272175166487919177666175429335290108106586350573299399694766185621699238640195733014718643273239932334848508667464273536478425494610303007038278319092995432198293501253513948283570354423460202091267051802117639318389505305071743195030308445185313940330772467812384031836756010630541070712480212261340080742910315102003347114016899339118567
public exponent: 65537
Validity: [From: Thu Jun 09 10:50:53 CEST 2016,
To: Mon Jun 09 10:50:53 CEST 2036]
Issuer: CN=localhost
SerialNumber: [ a69a90a2]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 39 D3 A0 BE DD 4D 83 CD BA 59 04 A0 F0 D9 EE E4 9....M...Y......
0010: 66 3B B8 0B 99 19 0F 2E 2E 79 B4 A5 71 BD 5A 2B f;.......y..q.Z+
0020: E8 F4 A3 04 42 7E 20 54 90 4F 5E A8 DC 8B A1 46 ....B. T.O^....F
0030: BE 10 FC 45 7C 6D 01 CF D0 A0 4B E5 6F BF 35 3B ...E.m....K.o.5;
0040: FB 11 F1 4D 16 B1 E0 4B 19 2A A8 D8 2D C7 0B 43 ...M...K.*..-..C
0050: 3C 55 F3 3E 8C 05 43 14 F0 A1 DE E4 67 9E 36 D9 <U.>..C.....g.6.
0060: 35 2E 47 1E D0 78 39 39 81 C6 4C EE E7 76 D4 22 5.G..x99..L..v."
0070: 50 D0 1A AE CA 98 A2 62 8A 7B A4 F6 3A 1E 87 CD P......b....:...
0080: 96 95 61 09 24 35 7A 80 68 42 68 66 73 DC CF 1F ..a.$5z.hBhfs...
0090: 0A DE 1E 6F 90 B0 C8 77 87 E4 B3 E0 F7 A6 5F 11 ...o...w......_.
00A0: 9D 3B 67 F4 31 32 13 26 EA FE 5A 48 C5 8E 6C 28 .;g.12.&..ZH..l(
00B0: 52 25 59 DB DB 49 40 F6 1F 03 09 AC 28 9C 16 4A R%Y..I at .....(..J
00C0: 8D 92 DE 53 19 D1 85 12 AA 5C 1A AB 1F 5C 32 DB ...S.....\...\2.
00D0: F8 43 92 56 86 A8 7D 2B 9B DD D2 9B 27 F7 5E A4 .C.V...+....'.^.
00E0: 47 F9 C6 7B D8 71 80 94 16 F5 8E F5 4A 45 7A 97 G....q......JEz.
00F0: 2F C2 62 9D B9 41 54 26 ED C9 DD DF C5 1C F8 B8 /.b..AT&........
]
***
java.security.KeyStoreException: JKS not found
at java.security.KeyStore.getInstance(KeyStore.java:851)
at sun.security.util.AnchorCertificates$1.run(AnchorCertificates.java:59)
at sun.security.util.AnchorCertificates$1.run(AnchorCertificates.java:52)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.util.AnchorCertificates.<clinit>(AnchorCertificates.java:52)
at sun.security.provider.certpath.AlgorithmChecker.checkFingerprint(AlgorithmChecker.java:214)
at sun.security.provider.certpath.AlgorithmChecker.<init>(AlgorithmChecker.java:164)
at sun.security.provider.certpath.AlgorithmChecker.<init>(AlgorithmChecker.java:118)
at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:157)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1601)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:992)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:989)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1467)
at org.xnio.ssl.JsseSslConduitEngine.handleHandshake(JsseSslConduitEngine.java:543)
at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:314)
at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:204)
at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:98)
at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:72)
at org.xnio.conduits.ConduitStreamSinkChannel.write(ConduitStreamSinkChannel.java:150)
at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:385)
at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:372)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at org.xnio.conduits.WriteReadyHandler$ChannelListenerHandler.writeReady(WriteReadyHandler.java:65)
at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:94)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:591)
Caused by: java.security.NoSuchAlgorithmException: JKS KeyStore not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
at java.security.Security.getImpl(Security.java:695)
at java.security.KeyStore.getInstance(KeyStore.java:848)
... 31 more
Found trusted certificate:
[
[
Version: V3
Subject: CN=localhost
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: SunPKCS11-testPkcs RSA public key, 2048 bits (id 1, session object)
modulus: 29060123608617163373357149186256302256690451367273583694712552941294495945669213396459502551108916094627533354975746646666668842224005427071342014703724867595834265833597653226684476041132529577057616340675158367673515462715606125948342173240068681053092167230285139913636897825272175166487919177666175429335290108106586350573299399694766185621699238640195733014718643273239932334848508667464273536478425494610303007038278319092995432198293501253513948283570354423460202091267051802117639318389505305071743195030308445185313940330772467812384031836756010630541070712480212261340080742910315102003347114016899339118567
public exponent: 65537
Validity: [From: Thu Jun 09 10:50:53 CEST 2016,
To: Mon Jun 09 10:50:53 CEST 2036]
Issuer: CN=localhost
SerialNumber: [ a69a90a2]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 39 D3 A0 BE DD 4D 83 CD BA 59 04 A0 F0 D9 EE E4 9....M...Y......
0010: 66 3B B8 0B 99 19 0F 2E 2E 79 B4 A5 71 BD 5A 2B f;.......y..q.Z+
0020: E8 F4 A3 04 42 7E 20 54 90 4F 5E A8 DC 8B A1 46 ....B. T.O^....F
0030: BE 10 FC 45 7C 6D 01 CF D0 A0 4B E5 6F BF 35 3B ...E.m....K.o.5;
0040: FB 11 F1 4D 16 B1 E0 4B 19 2A A8 D8 2D C7 0B 43 ...M...K.*..-..C
0050: 3C 55 F3 3E 8C 05 43 14 F0 A1 DE E4 67 9E 36 D9 <U.>..C.....g.6.
0060: 35 2E 47 1E D0 78 39 39 81 C6 4C EE E7 76 D4 22 5.G..x99..L..v."
0070: 50 D0 1A AE CA 98 A2 62 8A 7B A4 F6 3A 1E 87 CD P......b....:...
0080: 96 95 61 09 24 35 7A 80 68 42 68 66 73 DC CF 1F ..a.$5z.hBhfs...
0090: 0A DE 1E 6F 90 B0 C8 77 87 E4 B3 E0 F7 A6 5F 11 ...o...w......_.
00A0: 9D 3B 67 F4 31 32 13 26 EA FE 5A 48 C5 8E 6C 28 .;g.12.&..ZH..l(
00B0: 52 25 59 DB DB 49 40 F6 1F 03 09 AC 28 9C 16 4A R%Y..I at .....(..J
00C0: 8D 92 DE 53 19 D1 85 12 AA 5C 1A AB 1F 5C 32 DB ...S.....\...\2.
00D0: F8 43 92 56 86 A8 7D 2B 9B DD D2 9B 27 F7 5E A4 .C.V...+....'.^.
00E0: 47 F9 C6 7B D8 71 80 94 16 F5 8E F5 4A 45 7A 97 G....q......JEz.
00F0: 2F C2 62 9D B9 41 54 26 ED C9 DD DF C5 1C F8 B8 /.b..AT&........
]
[read] MD5 and SHA1 hashes: len = 691
0000: 0B 00 02 AF 00 02 AC 00 02 A9 30 82 02 A5 30 82 ..........0...0.
0010: 01 8D A0 03 02 01 02 02 05 00 A6 9A 90 A2 30 0D ..............0.
0020: 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 30 14 31 ..*.H........0.1
0030: 12 30 10 06 03 55 04 03 13 09 6C 6F 63 61 6C 68 .0...U....localh
0040: 6F 73 74 30 1E 17 0D 31 36 30 36 30 39 30 38 35 ost0...160609085
0050: 30 35 33 5A 17 0D 33 36 30 36 30 39 30 38 35 30 053Z..3606090850
0060: 35 33 5A 30 14 31 12 30 10 06 03 55 04 03 13 09 53Z0.1.0...U....
0070: 6C 6F 63 61 6C 68 6F 73 74 30 82 01 22 30 0D 06 localhost0.."0..
0080: 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F .*.H............
0090: 00 30 82 01 0A 02 82 01 01 00 E6 33 55 5C D1 43 .0.........3U\.C
00A0: 74 86 82 35 F9 0D CD 11 24 F3 14 90 10 32 EA 17 t..5....$....2..
00B0: 1D CF B3 B1 46 AE DF 61 5F B5 7C 30 78 0C 98 51 ....F..a_..0x..Q
00C0: 33 37 D7 23 A3 AC A9 29 37 27 BA EE 42 A4 C2 F8 37.#...)7'..B...
00D0: E6 0C EE 13 24 83 C4 28 F0 EB 7F BE A7 F7 1C 1D ....$..(........
00E0: F0 80 12 52 8A BB F9 FC 58 11 8D A2 35 74 7A CB ...R....X...5tz.
00F0: EF D5 24 2D 6D AF C2 F3 8D F7 E6 6D FE B3 7F 3A ..$-m......m...:
0100: 30 48 C4 4B AC 35 A5 4A EB 74 E2 7C 34 0D 8E 0F 0H.K.5.J.t..4...
0110: 86 EF 69 F9 FB 10 96 93 BD FE C9 42 02 FC 3F FA ..i........B..?.
0120: AD DF 70 67 7B 81 88 A3 FE FB E3 30 DE 1E 98 40 ..pg.......0...@
0130: 70 EE 66 89 25 56 D2 89 01 20 AD 8F 78 E3 F3 A5 p.f.%V... ..x...
0140: 30 CD 37 52 CF C5 16 CF E0 AB A1 C5 8F 60 C5 46 0.7R.........`.F
0150: 77 03 8C 83 7E 59 EB 7E 35 A2 7F 34 A9 5D 0D 75 w....Y..5..4.].u
0160: 77 2F C2 77 92 96 71 D1 E3 63 2F 3C D0 3F F0 35 w/.w..q..c/<.?.5
0170: 8E 09 61 EA 51 83 00 FC E9 DB 61 E2 84 01 02 9E ..a.Q.....a.....
0180: 50 55 AA 30 C2 BF B1 1E 9D 7D C5 2A 21 71 0E 46 PU.0.......*!q.F
0190: C7 7C 67 3B 52 E4 AD EB E7 E7 02 03 01 00 01 30 ..g;R..........0
01A0: 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 03 82 ...*.H..........
01B0: 01 01 00 39 D3 A0 BE DD 4D 83 CD BA 59 04 A0 F0 ...9....M...Y...
01C0: D9 EE E4 66 3B B8 0B 99 19 0F 2E 2E 79 B4 A5 71 ...f;.......y..q
01D0: BD 5A 2B E8 F4 A3 04 42 7E 20 54 90 4F 5E A8 DC .Z+....B. T.O^..
01E0: 8B A1 46 BE 10 FC 45 7C 6D 01 CF D0 A0 4B E5 6F ..F...E.m....K.o
01F0: BF 35 3B FB 11 F1 4D 16 B1 E0 4B 19 2A A8 D8 2D .5;...M...K.*..-
0200: C7 0B 43 3C 55 F3 3E 8C 05 43 14 F0 A1 DE E4 67 ..C<U.>..C.....g
0210: 9E 36 D9 35 2E 47 1E D0 78 39 39 81 C6 4C EE E7 .6.5.G..x99..L..
0220: 76 D4 22 50 D0 1A AE CA 98 A2 62 8A 7B A4 F6 3A v."P......b....:
0230: 1E 87 CD 96 95 61 09 24 35 7A 80 68 42 68 66 73 .....a.$5z.hBhfs
0240: DC CF 1F 0A DE 1E 6F 90 B0 C8 77 87 E4 B3 E0 F7 ......o...w.....
0250: A6 5F 11 9D 3B 67 F4 31 32 13 26 EA FE 5A 48 C5 ._..;g.12.&..ZH.
0260: 8E 6C 28 52 25 59 DB DB 49 40 F6 1F 03 09 AC 28 .l(R%Y..I at .....(
0270: 9C 16 4A 8D 92 DE 53 19 D1 85 12 AA 5C 1A AB 1F ..J...S.....\...
0280: 5C 32 DB F8 43 92 56 86 A8 7D 2B 9B DD D2 9B 27 \2..C.V...+....'
0290: F7 5E A4 47 F9 C6 7B D8 71 80 94 16 F5 8E F5 4A .^.G....q......J
02A0: 45 7A 97 2F C2 62 9D B9 41 54 26 ED C9 DD DF C5 Ez./.b..AT&.....
02B0: 1C F8 B8 ...
*** Diffie-Hellman ServerKeyExchange
DH Modulus: { 255, 255, 255, 255, 255, 255, 255, 255, 201, 15, 218, 162, 33, 104, 194, 52, 196, 198, 98, 139, 128, 220, 28, 209, 41, 2, 78, 8, 138, 103, 204, 116, 2, 11, 190, 166, 59, 19, 155, 34, 81, 74, 8, 121, 142, 52, 4, 221, 239, 149, 25, 179, 205, 58, 67, 27, 48, 43, 10, 109, 242, 95, 20, 55, 79, 225, 53, 109, 109, 81, 194, 69, 228, 133, 181, 118, 98, 94, 126, 198, 244, 76, 66, 233, 166, 55, 237, 107, 11, 255, 92, 182, 244, 6, 183, 237, 238, 56, 107, 251, 90, 137, 159, 165, 174, 159, 36, 17, 124, 75, 31, 230, 73, 40, 102, 81, 236, 230, 83, 129, 255, 255, 255, 255, 255, 255, 255, 255 }
DH Base: { 2 }
Server DH Public Key: { 148, 53, 27, 54, 80, 5, 15, 234, 207, 146, 253, 240, 119, 170, 192, 99, 150, 236, 44, 177, 91, 68, 147, 193, 24, 148, 25, 169, 162, 203, 203, 16, 218, 84, 180, 243, 153, 158, 204, 21, 77, 115, 162, 168, 71, 221, 150, 77, 175, 33, 48, 27, 148, 19, 67, 215, 242, 173, 45, 180, 157, 133, 113, 170, 21, 141, 145, 181, 46, 172, 106, 237, 233, 153, 80, 5, 145, 83, 255, 53, 224, 119, 125, 119, 188, 215, 227, 131, 125, 156, 68, 117, 144, 100, 236, 61, 134, 165, 204, 224, 114, 145, 31, 64, 254, 119, 72, 88, 186, 18, 43, 134, 11, 137, 4, 164, 14, 228, 53, 199, 36, 76, 94, 63, 235, 212, 158, 151 }
Anonymous
[read] MD5 and SHA1 hashes: len = 525
0000: 0C 00 02 09 00 80 FF FF FF FF FF FF FF FF C9 0F ................
0010: DA A2 21 68 C2 34 C4 C6 62 8B 80 DC 1C D1 29 02 ..!h.4..b.....).
0020: 4E 08 8A 67 CC 74 02 0B BE A6 3B 13 9B 22 51 4A N..g.t....;.."QJ
0030: 08 79 8E 34 04 DD EF 95 19 B3 CD 3A 43 1B 30 2B .y.4.......:C.0+
0040: 0A 6D F2 5F 14 37 4F E1 35 6D 6D 51 C2 45 E4 85 .m._.7O.5mmQ.E..
0050: B5 76 62 5E 7E C6 F4 4C 42 E9 A6 37 ED 6B 0B FF .vb^...LB..7.k..
0060: 5C B6 F4 06 B7 ED EE 38 6B FB 5A 89 9F A5 AE 9F \......8k.Z.....
0070: 24 11 7C 4B 1F E6 49 28 66 51 EC E6 53 81 FF FF $..K..I(fQ..S...
0080: FF FF FF FF FF FF 00 01 02 00 80 94 35 1B 36 50 ............5.6P
0090: 05 0F EA CF 92 FD F0 77 AA C0 63 96 EC 2C B1 5B .......w..c..,.[
00A0: 44 93 C1 18 94 19 A9 A2 CB CB 10 DA 54 B4 F3 99 D...........T...
00B0: 9E CC 15 4D 73 A2 A8 47 DD 96 4D AF 21 30 1B 94 ...Ms..G..M.!0..
00C0: 13 43 D7 F2 AD 2D B4 9D 85 71 AA 15 8D 91 B5 2E .C...-...q......
00D0: AC 6A ED E9 99 50 05 91 53 FF 35 E0 77 7D 77 BC .j...P..S.5.w.w.
00E0: D7 E3 83 7D 9C 44 75 90 64 EC 3D 86 A5 CC E0 72 .....Du.d.=....r
00F0: 91 1F 40 FE 77 48 58 BA 12 2B 86 0B 89 04 A4 0E .. at .wHX..+......
0100: E4 35 C7 24 4C 5E 3F EB D4 9E 97 01 00 24 A1 C4 .5.$L^?......$..
0110: 3F C1 B3 82 AC 2C 6F 78 D3 A7 C4 DC 8D 80 C0 13 ?....,ox........
0120: 5A A1 3B 1C CA 81 1F 53 6C 47 5C AA 7A 8A 0C 34 Z.;....SlG\.z..4
0130: F6 AC 53 4F A3 7F 96 DF 73 C5 80 1A A0 BA 6B 50 ..SO....s.....kP
0140: EB 62 7B E9 16 FE 2A 09 B6 D4 07 B0 E9 7B 9D E0 .b....*.........
0150: 70 05 C1 1D 6E 32 F2 F1 FB 02 88 B9 59 44 A8 8A p...n2......YD..
0160: 67 5A E2 36 B4 3E 55 96 DD D2 C6 47 0B B2 A3 24 gZ.6.>U....G...$
0170: 97 9A 9D EB 88 E3 D3 6F 0D 57 8D DE 79 95 B8 45 .......o.W..y..E
0180: 12 44 2D C8 59 0E 82 5E 0E 1C D1 12 8C D9 D5 DE .D-.Y..^........
0190: F4 61 3D D8 B1 90 C6 C5 33 E0 DB F1 40 D2 CE A5 .a=.....3... at ...
01A0: B8 01 2B 7D 89 12 6A 9E 1F 3A 6D 43 83 61 F5 05 ..+...j..:mC.a..
01B0: 59 90 9A 38 FD 60 70 CB 13 B1 4D 6B 3B 5C 44 43 Y..8.`p...Mk;\DC
01C0: 83 81 6D 65 5E 3C 57 80 59 FD 8A 76 C8 54 60 9A ..me^<W.Y..v.T`.
01D0: DC AE 04 04 3E 06 91 E3 18 36 FC 28 3A 76 D7 B1 ....>....6.(:v..
01E0: 23 15 DF A9 47 4B A0 F3 2B A0 8F C5 DB 7C 3C 22 #...GK..+.....<"
01F0: 4A E6 27 F1 98 9D 55 FF 6A 76 0F CE 46 76 E1 05 J.'...U.jv..Fv..
0200: 6F 44 9B B5 47 F0 C2 1D ED 98 6C 8F FA oD..G.....l..
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Cert Authorities:
<CN=localhost>
[read] MD5 and SHA1 hashes: len = 34
0000: 0D 00 00 1E 03 01 02 40 00 18 00 16 30 14 31 12 ....... at ....0.1.
0010: 30 10 06 03 55 04 03 13 09 6C 6F 63 61 6C 68 6F 0...U....localho
0020: 73 74 st
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
Warning: no suitable certificate found - continuing without client authentication
*** Certificate chain
<Empty>
***
*** ClientKeyExchange, DH
DH Public key: { 31, 66, 240, 208, 16, 143, 66, 141, 11, 20, 75, 55, 116, 18, 2, 229, 98, 172, 167, 10, 203, 198, 95, 178, 234, 223, 11, 247, 132, 4, 253, 98, 164, 191, 243, 215, 152, 231, 163, 2, 154, 88, 110, 19, 120, 71, 156, 106, 175, 140, 218, 20, 102, 132, 210, 193, 36, 2, 202, 72, 220, 154, 73, 244, 151, 206, 126, 125, 1, 178, 198, 222, 100, 7, 8, 51, 234, 199, 169, 7, 8, 189, 115, 8, 200, 86, 253, 241, 206, 223, 197, 135, 184, 90, 224, 38, 134, 15, 18, 122, 82, 6, 242, 119, 29, 140, 233, 239, 79, 108, 100, 206, 87, 75, 203, 143, 191, 168, 93, 186, 86, 163, 76, 131, 73, 193, 198, 206 }
[write] MD5 and SHA1 hashes: len = 141
0000: 0B 00 00 03 00 00 00 10 00 00 82 00 80 1F 42 F0 ..............B.
0010: D0 10 8F 42 8D 0B 14 4B 37 74 12 02 E5 62 AC A7 ...B...K7t...b..
0020: 0A CB C6 5F B2 EA DF 0B F7 84 04 FD 62 A4 BF F3 ..._........b...
0030: D7 98 E7 A3 02 9A 58 6E 13 78 47 9C 6A AF 8C DA ......Xn.xG.j...
0040: 14 66 84 D2 C1 24 02 CA 48 DC 9A 49 F4 97 CE 7E .f...$..H..I....
0050: 7D 01 B2 C6 DE 64 07 08 33 EA C7 A9 07 08 BD 73 .....d..3......s
0060: 08 C8 56 FD F1 CE DF C5 87 B8 5A E0 26 86 0F 12 ..V.......Z.&...
0070: 7A 52 06 F2 77 1D 8C E9 EF 4F 6C 64 CE 57 4B CB zR..w....Old.WK.
0080: 8F BF A8 5D BA 56 A3 4C 83 49 C1 C6 CE ...].V.L.I...
Remoting "cli-client" I/O-1, WRITE: TLSv1.1 Handshake, length = 141
SESSION KEYGEN:
PreMaster Secret:
(key bytes not available)
CONNECTION KEYGEN:
Client Nonce:
0000: 5B AB 3A FC 5B A1 D4 8B 36 5B 9F 4A 89 C2 01 98 [.:.[...6[.J....
0010: 2E 6D 42 91 67 C7 26 36 70 C7 2C 47 85 6F 7C C1 .mB.g.&6p.,G.o..
Server Nonce:
0000: 5B AB 3A FC F2 E6 88 D2 D5 AC 4E 94 9A 6C 88 06 [.:.......N..l..
0010: 71 E9 C7 64 AF 73 9B 93 01 3D 4B 7E 70 09 83 9B q..d.s...=K.p...
Master Secret:
(key bytes not available)
Client MAC write Secret:
(key bytes not available)
Server MAC write Secret:
(key bytes not available)
Client write key:
(key bytes not available)
Server write key:
(key bytes not available)
... no IV derived for this protocol
Remoting "cli-client" I/O-1, WRITE: TLSv1.1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 120, 192, 198, 77, 85, 94, 52, 196, 226, 125, 145, 15 }
***
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 78 C0 C6 4D 55 5E 34 C4 E2 7D 91 0F ....x..MU^4.....
Padded plaintext before ENCRYPTION: len = 64
0000: C3 8C B0 C2 95 1F F5 53 37 81 9F 29 E7 DB 5C D5 .......S7..)..\.
0010: 14 00 00 0C 78 C0 C6 4D 55 5E 34 C4 E2 7D 91 0F ....x..MU^4.....
0020: A0 87 D1 82 3C B3 68 4F E4 0B DB 4D FB A6 C7 0D ....<.hO...M....
0030: 67 A4 C4 91 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B g...............
Remoting "cli-client" I/O-1, WRITE: TLSv1.1 Handshake, length = 64
[Raw write]: length = 146
0000: 16 03 02 00 8D 0B 00 00 03 00 00 00 10 00 00 82 ................
0010: 00 80 1F 42 F0 D0 10 8F 42 8D 0B 14 4B 37 74 12 ...B....B...K7t.
0020: 02 E5 62 AC A7 0A CB C6 5F B2 EA DF 0B F7 84 04 ..b....._.......
0030: FD 62 A4 BF F3 D7 98 E7 A3 02 9A 58 6E 13 78 47 .b.........Xn.xG
0040: 9C 6A AF 8C DA 14 66 84 D2 C1 24 02 CA 48 DC 9A .j....f...$..H..
0050: 49 F4 97 CE 7E 7D 01 B2 C6 DE 64 07 08 33 EA C7 I.........d..3..
0060: A9 07 08 BD 73 08 C8 56 FD F1 CE DF C5 87 B8 5A ....s..V.......Z
0070: E0 26 86 0F 12 7A 52 06 F2 77 1D 8C E9 EF 4F 6C .&...zR..w....Ol
0080: 64 CE 57 4B CB 8F BF A8 5D BA 56 A3 4C 83 49 C1 d.WK....].V.L.I.
0090: C6 CE ..
[Raw write]: length = 6
0000: 14 03 02 00 01 01 ......
[Raw write]: length = 69
0000: 16 03 02 00 40 0E 05 59 FD 7F FD 53 C3 98 4B 55 .... at ..Y...S..KU
0010: 48 BD CC 67 CB 1C C4 7C 4E 32 ED 06 D2 DD 24 96 H..g....N2....$.
0020: 66 BF 9F 4D 65 58 84 65 67 0E A3 8C C8 94 7D 9E f..MeX.eg.......
0030: ED 02 35 D1 E8 8E 5B CD FD 37 0F 35 F6 58 AF 7D ..5...[..7.5.X..
0040: 5D 0F 5E 14 46 ].^.F
[Raw read]: length = 5
0000: 15 03 02 00 02 .....
[Raw read]: length = 2
0000: 02 2A .*
Remoting "cli-client" I/O-1, READ: TLSv1.1 Alert, length = 2
Remoting "cli-client" I/O-1, RECV TLSv1.1 ALERT: fatal, bad_certificate
Remoting "cli-client" I/O-1, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: bad_certificate
Remoting "cli-client" I/O-1, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: bad_certificate
Remoting "cli-client" I/O-1, called closeOutbound()
Remoting "cli-client" I/O-1, closeOutboundInternal()
Remoting "cli-client" I/O-1, SEND TLSv1.1 ALERT: warning, description = close_notify
Padded plaintext before ENCRYPTION: len = 48
0000: 16 46 34 B5 6C 35 D2 EC 86 6B 7E D0 F6 3B F4 2B .F4.l5...k...;.+
0010: 01 00 4C 69 07 CE 53 E7 B5 BC D6 8B 93 98 8E 3A ..Li..S........:
0020: CB 89 5B 7D FD 42 09 09 09 09 09 09 09 09 09 09 ..[..B..........
Remoting "cli-client" I/O-1, WRITE: TLSv1.1 Alert, length = 48
[Raw write]: length = 53
0000: 15 03 02 00 30 E3 16 30 AF 31 48 C2 D7 66 AB 75 ....0..0.1H..f.u
0010: BA 76 13 DC E9 BC F8 62 B4 CA A9 2F 13 8B 1A 30 .v.....b.../...0
0020: CB AB B8 A5 24 09 20 BF F1 48 64 F7 2C BF AB B6 ....$. ..Hd.,...
0030: 8F E4 99 5E 83 ...^.
Failed to establish connection in 6044ms
{code}
> FIPS NoSuchAlgorithmException: JKS KeyStore not available when trustmanager SunX509
> -----------------------------------------------------------------------------------
>
> Key: ELY-1648
> URL: https://issues.jboss.org/browse/ELY-1648
> Project: WildFly Elytron
> Issue Type: Bug
> Components: SSL
> Affects Versions: 1.5.5.Final
> Reporter: Martin Choma
> Assignee: Justin Cook
> Attachments: java.security
>
>
> With SunX509 truststore algorithm I can succesfully connect with CLI.
> {code}
> <configuration>
> <authentication-client xmlns="urn:elytron:client:1.1">
> <key-stores>
> <key-store name="truststore" type="PKCS11">
> <key-store-clear-password password="${password}" />
> </key-store>
> </key-stores>
> <ssl-contexts>
> <ssl-context name="client-cli-context">
> <trust-manager algorithm="SunX509" />
> <trust-store key-store-name="truststore" />
> <cipher-suite selector="${cipher.suite.filter}" />
> <protocol names="${protocol}" />
> </ssl-context>
> </ssl-contexts>
> <ssl-context-rules>
> <rule use-ssl-context="client-cli-context" />
> </ssl-context-rules>
> </authentication-client>
> </configuration>
> {code}
> But there is a exception in log
> {code}
> 13:58:27,652 INFO [com.redhat.eap.qe.cli.CustomCLIExecutor] (main) java.security.KeyStoreException: JKS not found
> at java.security.KeyStore.getInstance(KeyStore.java:851)
> at sun.security.util.AnchorCertificates$1.run(AnchorCertificates.java:59)
> at sun.security.util.AnchorCertificates$1.run(AnchorCertificates.java:52)
> at java.security.AccessController.doPrivileged(Native Method)
> at sun.security.util.AnchorCertificates.<clinit>(AnchorCertificates.java:52)
> at sun.security.provider.certpath.AlgorithmChecker.checkFingerprint(AlgorithmChecker.java:214)
> at sun.security.provider.certpath.AlgorithmChecker.<init>(AlgorithmChecker.java:164)
> at sun.security.provider.certpath.AlgorithmChecker.<init>(AlgorithmChecker.java:118)
> at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:157)
> at sun.security.validator.Validator.validate(Validator.java:260)
> at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
> at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281)
> at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
> at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1601)
> at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
> at sun.security.ssl.Handshaker$1.run(Handshaker.java:992)
> at sun.security.ssl.Handshaker$1.run(Handshaker.java:989)
> at java.security.AccessController.doPrivileged(Native Method)
> at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1467)
> at org.xnio.ssl.JsseSslConduitEngine.handleHandshake(JsseSslConduitEngine.java:543)
> at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:314)
> at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:204)
> at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:98)
> at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:72)
> at org.xnio.conduits.ConduitStreamSinkChannel.write(ConduitStreamSinkChannel.java:150)
> at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:385)
> at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:372)
> at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
> at org.xnio.conduits.WriteReadyHandler$ChannelListenerHandler.writeReady(WriteReadyHandler.java:65)
> at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:94)
> at org.xnio.nio.WorkerThread.run(WorkerThread.java:591)
> Caused by: java.security.NoSuchAlgorithmException: JKS KeyStore not available
> at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
> at java.security.Security.getImpl(Security.java:695)
> at java.security.KeyStore.getInstance(KeyStore.java:848)
> ... 31 more
> {code}
> When I change SunX509 to PKIX exception does not occure anymore.
> Seems exception is thrown by code https://github.com/JetBrains/jdk8u_jdk/blob/master/src/share/classes/sun/security/util/AnchorCertificates.java#L59
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list