Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1646

FIPS PKCS11 breaks after migrating from client scheme 1.0 to 1.1

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Do
    • Blocker
    • None
    • 1.5.5.Final
    • Authentication Client
    • None
    • Hide
      • ./standalone.sh
      • run CLI with FIPS PKCS11 java 
        ./jboss-cli.sh \
    -c \
    -Dwildfly.config.url=file:///from/attachment/cli-test-wildfly-config.xml \
    --connect \
    :read-attribute\(name=server-state\)
      Show
      ./standalone.sh run CLI with FIPS PKCS11 java ./jboss-cli.sh \ -c \ -Dwildfly.config.url=file: ///from/attachment/cli-test-wildfly-config.xml \ --connect \ :read-attribute\(name=server-state\)

    Description

      I have working configuration

      <configuration>
    <authentication-client xmlns="urn:elytron:1.0">
        <key-stores>
            <key-store name="truststore" type="PKCS11">
                <key-store-clear-password password="${password}" />
            </key-store>
        </key-stores>
        <ssl-contexts>
            <ssl-context name="client-cli-context">
                <trust-store key-store-name="truststore" />
                <cipher-suite selector="${cipher.suite.filter}" />
                <protocol names="${protocol}" />
            </ssl-context>
        </ssl-contexts>
        <ssl-context-rules>
            <rule use-ssl-context="client-cli-context" />
        </ssl-context-rules>
    </authentication-client>
</configuration>

      After migrating to urn:elytron:1.1 error occurs.

      10:44:07,823 ERROR [org.jboss.as.cli.impl.CliLauncher] Error processing CLI: org.jboss.as.cli.CliInitializationException: Failed to connect to the controller
        at org.jboss.as.cli.impl.CliLauncher.initCommandContext(CliLauncher.java:330)
        at org.jboss.as.cli.impl.CliLauncher.main(CliLauncher.java:291)
        at org.jboss.as.cli.CommandLineMain.main(CommandLineMain.java:45)
        at org.jboss.modules.Module.run(Module.java:352)
        at org.jboss.modules.Module.run(Module.java:320)
        at org.jboss.modules.Main.main(Main.java:593)
Caused by: org.jboss.as.cli.CommandLineException: Failed to resolve host 'localhost'
        at org.jboss.as.cli.impl.CommandContextImpl.connectController(CommandContextImpl.java:1256)
        at org.jboss.as.cli.impl.CommandContextImpl.connectController(CommandContextImpl.java:1203)
        at org.jboss.as.cli.impl.CommandContextImpl.connectController(CommandContextImpl.java:1198)
        at org.jboss.as.cli.impl.CliLauncher.initCommandContext(CliLauncher.java:328)
        ... 5 more
Caused by: java.io.IOException: Failed to obtain SSLContext
        at org.jboss.as.cli.impl.CLIModelControllerClient.<init>(CLIModelControllerClient.java:156)
        at org.jboss.as.cli.impl.ModelControllerClientFactory$2.getClient(ModelControllerClientFactory.java:85)
        at org.jboss.as.cli.impl.CommandContextImpl.connectController(CommandContextImpl.java:1222)
        ... 8 more
Caused by: java.security.KeyManagementException: FIPS mode: only SunJSSE TrustManagers may be used
        at sun.security.ssl.SSLContextImpl.chooseTrustManager(SSLContextImpl.java:115)
        at sun.security.ssl.SSLContextImpl.engineInit(SSLContextImpl.java:78)
        at javax.net.ssl.SSLContext.init(SSLContext.java:282)
        at org.jboss.as.cli.impl.CommandContextImpl.createSslContext(CommandContextImpl.java:715)
        at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:53)
        at org.wildfly.security.auth.client.AuthenticationContextConfigurationClient.getSSLContext(AuthenticationContextConfigurationClient.java:221)
        at org.wildfly.security.auth.client.AuthenticationContextConfigurationClient.getSSLContext(AuthenticationContextConfigurationClient.java:208)
        at org.jboss.as.cli.impl.CLIModelControllerClient.<init>(CLIModelControllerClient.java:153)
        ... 10 more

      Attachments

        Activity

          People

            Unassigned Unassigned
            mchoma@redhat.com Martin Choma
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: