Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-4299

Creating SNI context requires 'host-context-map' attribute defined

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Major
    • 8.0.0.Beta2
    • 7.0.0.Final
    • Security
    • None
    • Hide
      • get WildFly and unzip
      • go to server home dir and create a keystore 
        keytool -genkeypair -alias localhost -keyalg RSA -keysize 1024 -validity 365 -keystore standalone/configuration/keystore.jks -dname "CN=localhost" -keypass secret -storepass secret
      • now start server and perform following: 
        ./bin/jboss-cli.sh -c "/subsystem=elytron/key-store=newKeyStore:add(path=keystore.jks,relative-to=jboss.server.config.dir,credential-reference={clear-text=secret},type=JKS)"
./bin/jboss-cli.sh -c "/subsystem=elytron/key-manager=newKeyManager:add(key-store=newKeyStore,algorithm=\"PKIX\",credential-reference={clear-text=secret})"
./bin/jboss-cli.sh -c "/subsystem=elytron/server-ssl-context=newServerSSLContext:add(key-manager=newKeyManager,protocols=[\"TLSv1.2\"])"
      • config is prepared for issue to be reproduced, execute following: 
        ./bin/jboss-cli.sh -c "/subsystem=elytron/server-ssl-sni-context=sniContext:add(default-ssl-context=newServerSSLContext)"

        this command fails with error:

        {
    "outcome" => "failed",
    "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.IllegalArgumentException",
    "rolled-back" => true
}
      Show
      get WildFly and unzip go to server home dir and create a keystore keytool -genkeypair -alias localhost -keyalg RSA -keysize 1024 -validity 365 -keystore standalone/configuration/keystore.jks -dname "CN=localhost" -keypass secret -storepass secret now start server and perform following: ./bin/jboss-cli.sh -c "/subsystem=elytron/key-store=newKeyStore:add(path=keystore.jks,relative-to=jboss.server.config.dir,credential-reference={clear-text=secret},type=JKS)" ./bin/jboss-cli.sh -c "/subsystem=elytron/key-manager=newKeyManager:add(key-store=newKeyStore,algorithm=\" PKIX\ ",credential-reference={clear-text=secret})" ./bin/jboss-cli.sh -c "/subsystem=elytron/server-ssl-context=newServerSSLContext:add(key-manager=newKeyManager,protocols=[\" TLSv1.2\ "])" config is prepared for issue to be reproduced, execute following: ./bin/jboss-cli.sh -c "/subsystem=elytron/server-ssl-sni-context=sniContext:add( default -ssl-context=newServerSSLContext)" this command fails with error: { "outcome" => "failed" , "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.IllegalArgumentException" , "rolled-back" => true }

    Description

      When one want to create a server-ssl-sni-context, there are two attributes for such resource:

      • default-ssl-context - this one is marked as required
      • host-context-map - not marked as required

      Still, when I try to create server-ssl-sni-context without specifying 'host-context-map', the operation fails with following (see repro steps for further info):

      $ ./bin/jboss-cli.sh -c "/subsystem=elytron/server-ssl-sni-context=sniContext:add(default-ssl-context=newServerSSLContext)"
{
    "outcome" => "failed",
    "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.IllegalArgumentException",
    "rolled-back" => true
}

      in server log there is following:

      09:08:08,228 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("add") failed - address: ([
    ("subsystem" => "elytron"),
    ("server-ssl-sni-context" => "sniContext")
]): java.lang.IllegalArgumentException
	at org.jboss.dmr.ModelValue.getKeys(ModelValue.java:139)
	at org.jboss.dmr.ModelNode.keys(ModelNode.java:1580)
	at org.wildfly.extension.elytron.SSLDefinitions$7.getValueSupplier(SSLDefinitions.java:1046)
	at org.wildfly.extension.elytron.TrivialAddHandler.performRuntime(TrivialAddHandler.java:68)
	at org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:159)
	at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:999)
	at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:743)
	at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:467)
	at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1411)
	at org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:423)
	at org.jboss.as.controller.ModelControllerImpl.lambda$execute$1(ModelControllerImpl.java:243)
	at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:289)
	at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:255)
	at org.jboss.as.controller.ModelControllerImpl.execute(ModelControllerImpl.java:243)
	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.doExecute(ModelControllerClientOperationHandler.java:240)
	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.access$400(ModelControllerClientOperationHandler.java:138)
	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:162)
	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:158)
	at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:313)
	at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:270)
	at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:254)
	at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:225)
	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1.execute(ModelControllerClientOperationHandler.java:158)
	at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$1.doExecute(ManagementRequestContextImpl.java:70)
	at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$AsyncTaskRunner.run(ManagementRequestContextImpl.java:160)
	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
	at java.lang.Thread.run(Thread.java:748)
	at org.jboss.threads.JBossThread.run(JBossThread.java:485)

      Attachments

        Issue Links

          duplicates

          Bug - A problem that impairs or prevents the functions of the product. WFCORE-4223 IllegalArgumentException when add a server-ssl-sni-context with no host-context-map

          • Minor - To be worked after urgent, high, and medium priorities are resolved. This term is chosen when the severity of the issue is low, or the complexity or effort to correct it may be higher, relatively speaking. For low priority issues, known workarounds exist or are not needed due to the trivial effort needed to address the issue.
          • Resolved
          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-16308 Creating SNI context requires 'host-context-map' attribute defined

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              chaowan@redhat.com Chao Wang
              jstourac@redhat.com Jan Stourac
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: