-
Bug
-
Resolution: Not a Bug
-
Blocker
-
None
-
1.5.1.Final
-
None
I am trying to connect from jboss-cli.sh to EAP server. To reproduce the problem it is enough BC FIPS is used only on client side.
08:13:18,469 ERROR [org.jboss.as.cli.impl.CliLauncher] Error processing CLI: java.lang.ExceptionInInitializerError
at org.wildfly.security.auth.client.AuthenticationContext.lambda$static$0(AuthenticationContext.java:54)
at org.wildfly.common.context.ContextManager.getPrivileged(ContextManager.java:286)
at org.wildfly.security.auth.client.AuthenticationContext.captureCurrent(AuthenticationContext.java:86)
at org.jboss.as.cli.impl.CLIModelControllerClient.<init>(CLIModelControllerClient.java:146)
at org.jboss.as.cli.impl.ModelControllerClientFactory$2.getClient(ModelControllerClientFactory.java:85)
at org.jboss.as.cli.impl.CommandContextImpl.connectController(CommandContextImpl.java:1222)
at org.jboss.as.cli.impl.CommandContextImpl.connectController(CommandContextImpl.java:1203)
at org.jboss.as.cli.impl.CommandContextImpl.connectController(CommandContextImpl.java:1198)
at org.jboss.as.cli.impl.CliLauncher.initCommandContext(CliLauncher.java:328)
at org.jboss.as.cli.impl.CliLauncher.main(CliLauncher.java:291)
at org.jboss.as.cli.CommandLineMain.main(CommandLineMain.java:45)
at org.jboss.modules.Module.run(Module.java:352)
at org.jboss.modules.Module.run(Module.java:320)
at org.jboss.modules.Main.main(Main.java:593)
Caused by: org.wildfly.security.auth.client.InvalidAuthenticationConfigurationException: org.wildfly.client.config.ConfigXMLParseException: java.security.KeyStoreException: initialization failed
at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:40)
at java.security.AccessController.doPrivileged(Native Method)
at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.<clinit>(DefaultAuthenticationContextProvider.java:36)
... 14 more
Caused by: org.wildfly.client.config.ConfigXMLParseException: java.security.KeyStoreException: initialization failed
at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseSslContextType$10(ElytronXmlParser.java:525)
at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseSslContextRuleType$11(ElytronXmlParser.java:711)
at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseRulesType$13(ElytronXmlParser.java:749)
at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:356)
at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:231)
at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:192)
at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:38)
... 16 more
Caused by: java.security.KeyStoreException: initialization failed
at org.bouncycastle.jsse.provider.ProvTrustManagerFactorySpi.engineInit(ProvTrustManagerFactorySpi.java:150)
at javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:250)
at org.wildfly.security.auth.client.ElytronXmlParser$TrustManagerBuilder.build(ElytronXmlParser.java:590)
at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseSslContextType$10(ElytronXmlParser.java:523)
... 22 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120)
at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104)
at org.bouncycastle.jsse.provider.ProvX509TrustManagerImpl.<init>(ProvX509TrustManagerImpl.java:53)
at org.bouncycastle.jsse.provider.ProvTrustManagerFactorySpi.engineInit(ProvTrustManagerFactorySpi.java:146)
... 25 more
When I use non-FIPS java with CLI I can make it work. It does occure also when connecting to default unsecured port 9990.
I have double check truststore is there. Correct password is used. Server has permission to open the truststure. And truststore contains certificate
When I use BCFKS truststore on server side, e.g. in 2-way http communication it works.
So it looks to me something on client side is missing? Any hint?