Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Blocker
Fix Version/s: 14.0.0.Final
Affects Version/s: None
Component/s: Documentation
Labels:
None

Steps to Reproduce:
Hide

./standalone.sh

run CLI with FIPS PKCS11 java

./jboss-cli.sh \ -c \ -Dwildfly.config.url=file:///from/attachment/cli-test-wildfly-config.xml \ --connect \ :read-attribute\(name=server-state\)
Show
./standalone.sh run CLI with FIPS PKCS11 java ./jboss-cli.sh \ -c \ -Dwildfly.config.url=file: ///from/attachment/cli-test-wildfly-config.xml \ --connect \ :read-attribute\(name=server-state\)
Git Pull Request:
https://github.com/wildfly/wildfly/pull/11539

Fix of ~~ELY-1622~~ introduced regression. It is not possible to do 1 way ssl (no key-store-ssl-certificate in wildfly-config.xml) with exception

14:13:56,143 ERROR [org.jboss.as.cli.impl.CliLauncher] Error processing CLI: org.jboss.as.cli.CliInitializationException: Failed to connect to the controller
        at org.jboss.as.cli.impl.CliLauncher.initCommandContext(CliLauncher.java:330)
        at org.jboss.as.cli.impl.CliLauncher.main(CliLauncher.java:291)
        at org.jboss.as.cli.CommandLineMain.main(CommandLineMain.java:45)
        at org.jboss.modules.Module.run(Module.java:352)
        at org.jboss.modules.Module.run(Module.java:320)
        at org.jboss.modules.Main.main(Main.java:593)
Caused by: org.jboss.as.cli.CommandLineException: Failed to resolve host 'localhost'
        at org.jboss.as.cli.impl.CommandContextImpl.connectController(CommandContextImpl.java:1256)
        at org.jboss.as.cli.impl.CommandContextImpl.connectController(CommandContextImpl.java:1203)
        at org.jboss.as.cli.impl.CommandContextImpl.connectController(CommandContextImpl.java:1198)
        at org.jboss.as.cli.impl.CliLauncher.initCommandContext(CliLauncher.java:328)
        ... 5 more
Caused by: java.io.IOException: Failed to obtain SSLContext
        at org.jboss.as.cli.impl.CLIModelControllerClient.<init>(CLIModelControllerClient.java:156)
        at org.jboss.as.cli.impl.ModelControllerClientFactory$2.getClient(ModelControllerClientFactory.java:85)
        at org.jboss.as.cli.impl.CommandContextImpl.connectController(CommandContextImpl.java:1222)
        ... 8 more
Caused by: java.security.KeyManagementException: FIPS mode: only SunJSSE KeyManagers may be used
        at sun.security.ssl.SSLContextImpl.chooseKeyManager(SSLContextImpl.java:149)
        at sun.security.ssl.SSLContextImpl.engineInit(SSLContextImpl.java:66)
        at javax.net.ssl.SSLContext.init(SSLContext.java:282)
        at org.wildfly.security.ssl.SSLContextBuilder.lambda$build$0(SSLContextBuilder.java:372)
        at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:53)
        at org.wildfly.security.auth.client.AuthenticationContextConfigurationClient.getSSLContext(AuthenticationContextConfigurationClient.java:221)
        at org.wildfly.security.auth.client.AuthenticationContextConfigurationClient.getSSLContext(AuthenticationContextConfigurationClient.java:208)
        at org.jboss.as.cli.impl.CLIModelControllerClient.<init>(CLIModelControllerClient.java:153)
        ... 10 more

It is because after fix Fix of ~~ELY-1622~~ custom keymanager is used. But it is forbidden by jdk FIPS PKCS11.

clones

ELY-1639 FIPS PKCS11 Client side: only SunJSSE KeyManagers may be used

Resolved

Assignee:: Jan Kalina (Inactive)

Reporter:: Jan Kalina (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2018/08/17 12:42 PM

Updated:: 2019/10/02 7:07 PM

Resolved:: 2018/08/23 5:33 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates