[
https://issues.apache.org/jira/browse/AMQ-5100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15115177#comment-15115177
]
Tristan Leask commented on AMQ-5100:
------------------------------------
Ok, I am trying to do this as well, and came across the same error. I got
passed this error by editing the SSLContext definition like so...
<sslContext keyStore="c:/nss/cert/key3.db" keyStoreType="PKCS11"
keyStorePassword="***" trustStore="c:/nss/cert/cert8.db"
trustStoreType="PKCS11" trustStorePassword="***"/>
Even though you get past this error, you then come across a "Transport
Connector could not be registered in JMX" due to the random number generator
and FIPS Mode...
{code}
INFO | jvm 1 | 2016/01/25 12:57:11 |
org.springframework.beans.factory.BeanCreationException: Error creating bean
with name 'org.apache.activemq.xbean.XBeanBrokerService#0' defined in class
path resource [activemq.xml]: Invocation of init method failed; nested
exception is java.io.IOException: Transport Connector could not be registered
in JMX: FIPS mode: SecureRandom must be from provider SunPKCS11-NSSfips
INFO | jvm 1 | 2016/01/25 12:57:11 | at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1420)
INFO | jvm 1 | 2016/01/25 12:57:11 | at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
INFO | jvm 1 | 2016/01/25 12:57:11 | at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
INFO | jvm 1 | 2016/01/25 12:57:11 | at
org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
INFO | jvm 1 | 2016/01/25 12:57:11 | at
org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
INFO | jvm 1 | 2016/01/25 12:57:11 | at
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
INFO | jvm 1 | 2016/01/25 12:57:11 | at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:192)
INFO | jvm 1 | 2016/01/25 12:57:11 | at
org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:585)
INFO | jvm 1 | 2016/01/25 12:57:11 | at
org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:895)
INFO | jvm 1 | 2016/01/25 12:57:11 | at
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:425)
INFO | jvm 1 | 2016/01/25 12:57:11 | at
org.apache.xbean.spring.context.ResourceXmlApplicationContext.<init>(ResourceXmlApplicationContext.java:64)
INFO | jvm 1 | 2016/01/25 12:57:11 | at
org.apache.xbean.spring.context.ResourceXmlApplicationContext.<init>(ResourceXmlApplicationContext.java:52)
INFO | jvm 1 | 2016/01/25 12:57:11 | at
org.apache.activemq.xbean.XBeanBrokerFactory$1.<init>(XBeanBrokerFactory.java:108)
INFO | jvm 1 | 2016/01/25 12:57:11 | at
org.apache.activemq.xbean.XBeanBrokerFactory.createApplicationContext(XBeanBrokerFactory.java:108)
INFO | jvm 1 | 2016/01/25 12:57:11 | at
org.apache.activemq.xbean.XBeanBrokerFactory.createBroker(XBeanBrokerFactory.java:72)
INFO | jvm 1 | 2016/01/25 12:57:11 | at
org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:71)
INFO | jvm 1 | 2016/01/25 12:57:11 | at
org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:54)
INFO | jvm 1 | 2016/01/25 12:57:11 | at
org.apache.activemq.console.command.StartCommand.startBroker(StartCommand.java:115)
INFO | jvm 1 | 2016/01/25 12:57:11 | at
org.apache.activemq.console.command.StartCommand.runTask(StartCommand.java:74)
INFO | jvm 1 | 2016/01/25 12:57:11 | at
org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:57)
INFO | jvm 1 | 2016/01/25 12:57:11 | at
org.apache.activemq.console.command.ShellCommand.runTask(ShellCommand.java:148)
INFO | jvm 1 | 2016/01/25 12:57:11 | at
org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:57)
INFO | jvm 1 | 2016/01/25 12:57:11 | at
org.apache.activemq.console.command.ShellCommand.main(ShellCommand.java:90)
INFO | jvm 1 | 2016/01/25 12:57:11 | at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
INFO | jvm 1 | 2016/01/25 12:57:11 | at
sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
INFO | jvm 1 | 2016/01/25 12:57:11 | at
sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
INFO | jvm 1 | 2016/01/25 12:57:11 | at
java.lang.reflect.Method.invoke(Unknown Source)
INFO | jvm 1 | 2016/01/25 12:57:11 | at
org.apache.activemq.console.Main.runTaskClass(Main.java:257)
INFO | jvm 1 | 2016/01/25 12:57:11 | at
org.apache.activemq.console.Main.main(Main.java:111)
INFO | jvm 1 | 2016/01/25 12:57:11 | at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
INFO | jvm 1 | 2016/01/25 12:57:11 | at
sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
INFO | jvm 1 | 2016/01/25 12:57:11 | at
sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
INFO | jvm 1 | 2016/01/25 12:57:11 | at
java.lang.reflect.Method.invoke(Unknown Source)
INFO | jvm 1 | 2016/01/25 12:57:11 | at
org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:240)
INFO | jvm 1 | 2016/01/25 12:57:11 | at java.lang.Thread.run(Unknown
Source)
{code}
> PKCS11 (NSS-FIPS) support in A-MQ/ActiveMQ
> ------------------------------------------
>
> Key: AMQ-5100
> URL: https://issues.apache.org/jira/browse/AMQ-5100
> Project: ActiveMQ
> Issue Type: Bug
> Components: Broker
> Reporter: Jesse Sightler
>
> I have attempted to configure PKCS11/NSS support in ActiveMQ, however, I am
> receiving the following exception:
> Caused by: java.io.FileNotFoundException: class path resource [NONE] cannot
> be opened because it does not exist
> at
> org.springframework.core.io.ClassPathResource.getInputStream(ClassPathResource.java:157)
> at
> org.apache.activemq.spring.SpringSslContext.createKeyManagerKeyStore(SpringSslContext.java:119)
> at
> org.apache.activemq.spring.SpringSslContext.createKeyManagers(SpringSslContext.java:88)
> at
> org.apache.activemq.spring.SpringSslContext.afterPropertiesSet(SpringSslContext.java:65)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:622)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1581)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1522)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1452)
> ... 40 more
> My configured sslContext for the broker looks like this:
> <sslContext>
> <sslContext
> keyStore="NONE" keyStoreType="PKCS11"
> keyStorePassword="password"
> trustStore="/etc/activemqssl/truststore.jks"
> trustStorePassword="password"
> />
> </sslContext>
> AFAIK, setting keyStore to "NONE" is the generally accepted way to do with
> with PKCS11. The code should generate a warning at most for this, but instead
> I receive the above exception and a failure to load the keystore.
> The activemq code looks like this (in
> org.apache.activemq.spring.SpringSslContext):
> private KeyStore createKeyManagerKeyStore() throws Exception {
> if( keyStore ==null ) {
> return null;
> }
> KeyStore ks = KeyStore.getInstance(keyStoreType);
> InputStream is=Utils.resourceFromString(keyStore).getInputStream();
> try {
> ks.load(is, keyStorePassword==null? null :
> keyStorePassword.toCharArray());
> } finally {
> is.close();
> }
> return ks;
> }
> It looks like this should just be setting "is" to null, generating a warning,
> and then calling ks.load with the null inputstream (the nss library will load
> the nss files based upon the nss.cfg file).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
