-
Bug
-
Resolution: Not an Issue
-
P4
-
None
-
8u102
-
x86
-
os_x
FULL PRODUCT VERSION :
Java(TM) SE Runtime Environment (build 1.8.0_92-b14)
ADDITIONAL OS VERSION INFORMATION :
OSX 10.11.6
A DESCRIPTION OF THE PROBLEM :
The problem comes when you set the property value for org.xnio.Options.SSL_PROTOCOL, on a two way ssl, if you do this, you have to provide also your own implementation for the SSL_JSSE_KEY_MANAGER_CLASSES property, otherwise it defaults to DummyX509KeyManager. For the trust manager it always sets the default to the X509TrustManagerImpl. The implementation is in engineInit in sun.security.ssl.SSLContextImpl, the behaviour is not consistent.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
set mutual ssl, set SSL_PROTOCOL to tlsv1.2 or any other.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Set X509TrustManagerImpl and SunX509KeyManagerImpl
ACTUAL -
X509TrustManagerImpl and DummyX509KeyManager
ERROR MESSAGES/STACK TRACES THAT OCCUR :
WARN: Could not register a EJB receiver for connection to localhost:8443
java.lang.RuntimeException: java.nio.channels.ClosedChannelException
at org.jboss.ejb.client.remoting.IoFutureHelper.get(IoFutureHelper.java:92)
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
package client;
import ejb3.MathRemote;
import javax.naming.*;
import org.jboss.ejb.client.ContextSelector;
import org.jboss.ejb.client.EJBClientConfiguration;
import org.jboss.ejb.client.EJBClientContext;
import org.jboss.ejb.client.PropertiesBasedEJBClientConfiguration;
import org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector;
import java.util.*;
public class StandaloneClient {
public static void main(String args[]) {
Context context=null;
String JNDI_NAME="ejb:/EJB_WildFly_Https/MathBean!ejb3.MathRemote";
System.setProperty("javax.net.ssl.keyStore", "path/standalone/configuration/clientkeystore.jks"); //change it
System.setProperty("javax.net.ssl.trustStore", "path/standalone/configuration/clienttruststore.jks"); //change it
System.setProperty("javax.net.ssl.keyStorePassword", "password"); //change it
System.setProperty("javax.net.ssl.trustStorePassword", "password"); //change it
try {
Properties props = new Properties();
props.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");
props.put("org.jboss.ejb.client.scoped.context", "true");
props.put("remote.connection.default.connect.options.org.xnio.Options.SSL_ENABLED", "true");
props.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS", "false");
props.put("remote.connection.default.connect.options.org.xnio.Options.SSL_PROTOCOL","TLSv1.2");
props.put("remote.connections", "default");
props.put("remote.connection.default.host", "localhost");
props.put("remote.connection.default.port", "8443");
props.put("remote.connection.default.protocol", "https-remoting");
props.put("remote.connection.default.username", "admin"); //change it
props.put("remote.connection.default.password", "admin"); //change it
props.put("remote.connection.default.connect.timeout", "6000000");
context = new InitialContext(props);
System.out.println("\n\tGot initial Context: "+context);
} catch (Exception e) {
e.printStackTrace();
}
try {
MathRemote remote=(MathRemote)context.lookup(JNDI_NAME);
System.out.println("remote "+ remote);
int sum=remote.add(2,10);
System.out.println("add 2, 10 "+ sum);
String result = remote.sayHello("Hello");
System.out.println("\n\t remote.add(2,10) => "+ sum);
System.out.println("\n\t remote.sayHello('Hello') => "+ result);
} catch(Exception e) {
e.printStackTrace();
}
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
props.put("remote.connection.default.connect.options.org.xnio.Options.SSL_ENABLED_PROTOCOLS", "TLSv1.2");
and remove
props.put("remote.connection.default.connect.options.org.xnio.Options.SSL_PROTOCOL","TLSv1.2");
Java(TM) SE Runtime Environment (build 1.8.0_92-b14)
ADDITIONAL OS VERSION INFORMATION :
OSX 10.11.6
A DESCRIPTION OF THE PROBLEM :
The problem comes when you set the property value for org.xnio.Options.SSL_PROTOCOL, on a two way ssl, if you do this, you have to provide also your own implementation for the SSL_JSSE_KEY_MANAGER_CLASSES property, otherwise it defaults to DummyX509KeyManager. For the trust manager it always sets the default to the X509TrustManagerImpl. The implementation is in engineInit in sun.security.ssl.SSLContextImpl, the behaviour is not consistent.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
set mutual ssl, set SSL_PROTOCOL to tlsv1.2 or any other.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Set X509TrustManagerImpl and SunX509KeyManagerImpl
ACTUAL -
X509TrustManagerImpl and DummyX509KeyManager
ERROR MESSAGES/STACK TRACES THAT OCCUR :
WARN: Could not register a EJB receiver for connection to localhost:8443
java.lang.RuntimeException: java.nio.channels.ClosedChannelException
at org.jboss.ejb.client.remoting.IoFutureHelper.get(IoFutureHelper.java:92)
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
package client;
import ejb3.MathRemote;
import javax.naming.*;
import org.jboss.ejb.client.ContextSelector;
import org.jboss.ejb.client.EJBClientConfiguration;
import org.jboss.ejb.client.EJBClientContext;
import org.jboss.ejb.client.PropertiesBasedEJBClientConfiguration;
import org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector;
import java.util.*;
public class StandaloneClient {
public static void main(String args[]) {
Context context=null;
String JNDI_NAME="ejb:/EJB_WildFly_Https/MathBean!ejb3.MathRemote";
System.setProperty("javax.net.ssl.keyStore", "path/standalone/configuration/clientkeystore.jks"); //change it
System.setProperty("javax.net.ssl.trustStore", "path/standalone/configuration/clienttruststore.jks"); //change it
System.setProperty("javax.net.ssl.keyStorePassword", "password"); //change it
System.setProperty("javax.net.ssl.trustStorePassword", "password"); //change it
try {
Properties props = new Properties();
props.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");
props.put("org.jboss.ejb.client.scoped.context", "true");
props.put("remote.connection.default.connect.options.org.xnio.Options.SSL_ENABLED", "true");
props.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS", "false");
props.put("remote.connection.default.connect.options.org.xnio.Options.SSL_PROTOCOL","TLSv1.2");
props.put("remote.connections", "default");
props.put("remote.connection.default.host", "localhost");
props.put("remote.connection.default.port", "8443");
props.put("remote.connection.default.protocol", "https-remoting");
props.put("remote.connection.default.username", "admin"); //change it
props.put("remote.connection.default.password", "admin"); //change it
props.put("remote.connection.default.connect.timeout", "6000000");
context = new InitialContext(props);
System.out.println("\n\tGot initial Context: "+context);
} catch (Exception e) {
e.printStackTrace();
}
try {
MathRemote remote=(MathRemote)context.lookup(JNDI_NAME);
System.out.println("remote "+ remote);
int sum=remote.add(2,10);
System.out.println("add 2, 10 "+ sum);
String result = remote.sayHello("Hello");
System.out.println("\n\t remote.add(2,10) => "+ sum);
System.out.println("\n\t remote.sayHello('Hello') => "+ result);
} catch(Exception e) {
e.printStackTrace();
}
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
props.put("remote.connection.default.connect.options.org.xnio.Options.SSL_ENABLED_PROTOCOLS", "TLSv1.2");
and remove
props.put("remote.connection.default.connect.options.org.xnio.Options.SSL_PROTOCOL","TLSv1.2");