-
Bug
-
Resolution: Unresolved
-
Major
-
None
I can see an error when I try to create 'trust-manager' with OCSP enabled and SunX509 algorithm specified. When I don't specify SunX509 algorithm, operation succeeds.
Here are noticed error messages:
{
"outcome" => "failed",
"failure-description" => {"WFLYCTL0080: Failed services" => {"org.wildfly.security.trust-manager.tm" => "Failed to start service
Caused by: java.lang.IllegalStateException: ELY04026: Could not create trust manager [org.wildfly.security.ssl.X509RevocationTrustManager]
Caused by: java.security.InvalidAlgorithmParameterException: SunX509 TrustManagerFactory does not use ManagerFactoryParameters"}},
"rolled-back" => true
}
In server.log, there is following text:
17:14:48,560 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-8) MSC000001: Failed to start service org.wildfly.security.trust-manager.tm: org.jboss.msc.service.StartException in service org.wildfly.security.trust-manager.tm: Failed to start service at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1730) at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1558) at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377) at java.lang.Thread.run(Thread.java:748) Caused by: java.lang.IllegalStateException: ELY04026: Could not create trust manager [org.wildfly.security.ssl.X509RevocationTrustManager] at org.wildfly.security.ssl.X509RevocationTrustManager.<init>(X509RevocationTrustManager.java:108) at org.wildfly.security.ssl.X509RevocationTrustManager.<init>(X509RevocationTrustManager.java:56) at org.wildfly.security.ssl.X509RevocationTrustManager$Builder.build(X509RevocationTrustManager.java:293) at org.wildfly.extension.elytron.SSLDefinitions$2.lambda$createX509RevocationExtendedTrustManager$1(SSLDefinitions.java:732) at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1738) at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1700) ... 6 more Caused by: java.security.InvalidAlgorithmParameterException: SunX509 TrustManagerFactory does not use ManagerFactoryParameters at sun.security.ssl.TrustManagerFactoryImpl$SimpleFactory.getInstance(TrustManagerFactoryImpl.java:257) at sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:90) at javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:273) at org.wildfly.security.ssl.X509RevocationTrustManager.<init>(X509RevocationTrustManager.java:98) ... 12 more 17:14:48,562 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("add") failed - address: ([ ("subsystem" => "elytron"), ("trust-manager" => "tm") ]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.trust-manager.tm" => "Failed to start service Caused by: java.lang.IllegalStateException: ELY04026: Could not create trust manager [org.wildfly.security.ssl.X509RevocationTrustManager] Caused by: java.security.InvalidAlgorithmParameterException: SunX509 TrustManagerFactory does not use ManagerFactoryParameters"}}
I'm attaching kestore file that I used for this. Password is 'weneedthatforjava'.
Note that when I try 'certificate-revocation-list' instead or if I omit 'algorithm' attribute at all, the operation succeeds.
