Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.3.0.CD16
Affects Version/s: 7.3.0.CD15
Component/s: Security
Labels:
None

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.backlog.GA
Git Pull Request:
https://github.com/wildfly/wildfly-core/pull/3595
Steps to Reproduce:
Hide

get WildFly and unzip

go to server home dir and create a keystore

keytool -genkeypair -alias localhost -keyalg RSA -keysize 1024 -validity 365 -keystore standalone/configuration/keystore.jks -dname "CN=localhost" -keypass secret -storepass secret

now start server and perform following:

./bin/jboss-cli.sh -c "/subsystem=elytron/key-store=newKeyStore:add(path=keystore.jks,relative-to=jboss.server.config.dir,credential-reference={clear-text=secret},type=JKS)" ./bin/jboss-cli.sh -c "/subsystem=elytron/key-manager=newKeyManager:add(key-store=newKeyStore,algorithm=\"PKIX\",credential-reference={clear-text=secret})" ./bin/jboss-cli.sh -c "/subsystem=elytron/server-ssl-context=newServerSSLContext:add(key-manager=newKeyManager,protocols=[\"TLSv1.2\"])"

config is prepared for issue to be reproduced, execute following:

./bin/jboss-cli.sh -c "/subsystem=elytron/server-ssl-sni-context=sniContext:add(default-ssl-context=newServerSSLContext)"

this command fails with error:

{ "outcome" => "failed", "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.IllegalArgumentException", "rolled-back" => true }
Show
get WildFly and unzip go to server home dir and create a keystore keytool -genkeypair -alias localhost -keyalg RSA -keysize 1024 -validity 365 -keystore standalone/configuration/keystore.jks -dname "CN=localhost" -keypass secret -storepass secret now start server and perform following: ./bin/jboss-cli.sh -c "/subsystem=elytron/key-store=newKeyStore:add(path=keystore.jks,relative-to=jboss.server.config.dir,credential-reference={clear-text=secret},type=JKS)" ./bin/jboss-cli.sh -c "/subsystem=elytron/key-manager=newKeyManager:add(key-store=newKeyStore,algorithm=\" PKIX\ ",credential-reference={clear-text=secret})" ./bin/jboss-cli.sh -c "/subsystem=elytron/server-ssl-context=newServerSSLContext:add(key-manager=newKeyManager,protocols=[\" TLSv1.2\ "])" config is prepared for issue to be reproduced, execute following: ./bin/jboss-cli.sh -c "/subsystem=elytron/server-ssl-sni-context=sniContext:add( default -ssl-context=newServerSSLContext)" this command fails with error: { "outcome" => "failed" , "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.IllegalArgumentException" , "rolled-back" => true }

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

When one want to create a server-ssl-sni-context, there are two attributes for such resource:

default-ssl-context - this one is marked as required
host-context-map - not marked as required

Still, when I try to create server-ssl-sni-context without specifying 'host-context-map', the operation fails with following (see repro steps for further info):

$ ./bin/jboss-cli.sh -c "/subsystem=elytron/server-ssl-sni-context=sniContext:add(default-ssl-context=newServerSSLContext)"
{
    "outcome" => "failed",
    "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.IllegalArgumentException",
    "rolled-back" => true
}

in server log there is following:

09:08:08,228 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("add") failed - address: ([
    ("subsystem" => "elytron"),
    ("server-ssl-sni-context" => "sniContext")
]): java.lang.IllegalArgumentException
	at org.jboss.dmr.ModelValue.getKeys(ModelValue.java:139)
	at org.jboss.dmr.ModelNode.keys(ModelNode.java:1580)
	at org.wildfly.extension.elytron.SSLDefinitions$7.getValueSupplier(SSLDefinitions.java:1046)
	at org.wildfly.extension.elytron.TrivialAddHandler.performRuntime(TrivialAddHandler.java:68)
	at org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:159)
	at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:999)
	at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:743)
	at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:467)
	at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1411)
	at org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:423)
	at org.jboss.as.controller.ModelControllerImpl.lambda$execute$1(ModelControllerImpl.java:243)
	at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:289)
	at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:255)
	at org.jboss.as.controller.ModelControllerImpl.execute(ModelControllerImpl.java:243)
	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.doExecute(ModelControllerClientOperationHandler.java:240)
	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.access$400(ModelControllerClientOperationHandler.java:138)
	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:162)
	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:158)
	at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:313)
	at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:270)
	at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:254)
	at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:225)
	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1.execute(ModelControllerClientOperationHandler.java:158)
	at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$1.doExecute(ManagementRequestContextImpl.java:70)
	at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$AsyncTaskRunner.run(ManagementRequestContextImpl.java:160)
	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
	at java.lang.Thread.run(Thread.java:748)
	at org.jboss.threads.JBossThread.run(JBossThread.java:485)

clones

WFCORE-4299 Creating SNI context requires 'host-context-map' attribute defined

Resolved

Assignee:: Chao Wang

Reporter:: Jan Stourac

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2019/01/29 5:12 AM

Updated:: 2024/08/28 2:45 PM

Resolved:: 2019/04/23 9:14 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates