[jira] [Commented] (AMQ-6970) SSL config-params are not propagated inside rar correctly

ASF subversion and git services (JIRA) Fri, 27 Jul 2018 04:29:55 -0700


    [ 
https://issues.apache.org/jira/browse/AMQ-6970?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16559594#comment-16559594
 ]


ASF subversion and git services commented on AMQ-6970:
------------------------------------------------------

Commit 887db9e2f2736b8869df8f987d7a6918b65d01c9 in activemq's branch 
refs/heads/activemq-5.15.x from Christopher L. Shannon (cshannon)
[ https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=887db9e ]

AMQ-6970 - Adding SSL params for RAR

Fixing missing ssl parameters when configuring rar. Also fixing
configuration logic of inproper null checks inside
ActiveMQManagedConnectionFactory

Thank you to Flavia Rainone for the patch

(cherry picked from commit e39db5693496d48f0d704f9f14f8e2c9b6a153cf)


> SSL config-params are not propagated inside rar correctly
> ---------------------------------------------------------
>
>                 Key: AMQ-6970
>                 URL: https://issues.apache.org/jira/browse/AMQ-6970
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: RAR
>    Affects Versions: 5.15.4
>            Reporter: Flavia Rainone
>            Assignee: Christopher L. Shannon
>            Priority: Major
>             Fix For: 5.16.0, 5.15.5
>
>         Attachments: patchFile.txt
>
>
> When trying to configure the SSL config-properties (such as key store), they 
> are not propagated throughout the rar correctly and an error to connect to 
> the server occurs.
> The stack trace below shows an attempt to run the rar deployed in a Wildfly 
> server instance (notice that the error is the same you would see if you 
> failed to configure the config-properties)
> 16:57:22,081 WARN  
> [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (default task-1) 
> IJ000604: Throwable while attempting to get a new connection: null: 
> javax.resource.ResourceException: Could not create connection.
>      at 
> org.apache.activemq.ra.ActiveMQManagedConnectionFactory.createManagedConnection(ActiveMQManagedConnectionFactory.java:210)
>      at 
> org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreConcurrentLinkedDequeManagedConnectionPool.createConnectionEventListener(SemaphoreConcurrentLinkedDequeManagedConnectionPool.java:1326)
>      at 
> org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreConcurrentLinkedDequeManagedConnectionPool.getConnection(SemaphoreConcurrentLinkedDequeManagedConnectionPool.java:499)
>      at 
> org.jboss.jca.core.connectionmanager.pool.AbstractPool.getSimpleConnection(AbstractPool.java:632)
>      at 
> org.jboss.jca.core.connectionmanager.pool.AbstractPool.getConnection(AbstractPool.java:604)
>      at 
> org.jboss.jca.core.connectionmanager.AbstractConnectionManager.getManagedConnection(AbstractConnectionManager.java:624)
>      at 
> org.jboss.jca.core.connectionmanager.tx.TxConnectionManagerImpl.getManagedConnection(TxConnectionManagerImpl.java:430)
>      at 
> org.jboss.jca.core.connectionmanager.AbstractConnectionManager.allocateConnection(AbstractConnectionManager.java:789)
>      at 
> org.apache.activemq.ra.ActiveMQConnectionFactory.createConnection(ActiveMQConnectionFactory.java:95)
>      at 
> org.apache.activemq.ra.ActiveMQConnectionFactory.createConnection(ActiveMQConnectionFactory.java:67)
>      at 
> org.jboss.as.quickstarts.servlet.HelloWorldMDBServletClient.doGet(HelloWorldMDBServletClient.java:98)
>      at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
>      at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>      at 
> io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
>      at 
> io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
>      at 
> io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:67)
>      at 
> io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
>      at 
> org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>      at 
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>      at 
> io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
>      at 
> io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
>      at 
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>      at 
> io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>      at 
> io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>      at 
> io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
>      at 
> io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>      at 
> io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>      at 
> io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
>      at 
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>      at 
> org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>      at 
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>      at 
> org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
>      at 
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>      at 
> io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
>      at 
> io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
>      at 
> io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
>      at 
> io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
>      at 
> io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
>      at 
> io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
>      at 
> org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
>      at 
> org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
>      at 
> org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
>      at 
> org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
>      at 
> org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
>      at 
> io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
>      at 
> io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
>      at 
> io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
>      at io.undertow.server.Connectors.executeRootHandler(Connectors.java:360)
>      at 
> io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
>      at 
> org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
>      at 
> org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
>      at 
> org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
>      at 
> org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1349)
>      at java.lang.Thread.run(Thread.java:748)
>  Caused by: javax.jms.JMSException: Could not connect to broker URL: 
> ssl://localhost:61617. Reason: javax.net.ssl.SSLHandshakeException: 
> sun.security.validator.ValidatorException: PKIX path building failed: 
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
> valid certification path to requested target
>      at 
> org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:36)
>      at 
> org.apache.activemq.ActiveMQConnectionFactory.createActiveMQConnection(ActiveMQConnectionFactory.java:374)
>      at 
> org.apache.activemq.ActiveMQConnectionFactory.createConnection(ActiveMQConnectionFactory.java:252)
>      at 
> org.apache.activemq.ra.ActiveMQConnectionSupport.makeConnection(ActiveMQConnectionSupport.java:89)
>      at 
> org.apache.activemq.ra.ActiveMQConnectionSupport.makeConnection(ActiveMQConnectionSupport.java:70)
>      at 
> org.apache.activemq.ra.ActiveMQManagedConnectionFactory.createManagedConnection(ActiveMQManagedConnectionFactory.java:208)
>      ... 53 more
>  Caused by: javax.net.ssl.SSLHandshakeException: 
> sun.security.validator.ValidatorException: PKIX path building failed: 
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
> valid certification path to requested target
>      at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>      at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
>      at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
>      at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
>      at 
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
>      at 
> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
>      at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
>      at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
>      at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
>      at 
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
>      at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:938)
>      at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
>      at 
> org.apache.activemq.transport.tcp.TcpBufferedInputStream.fill(TcpBufferedInputStream.java:50)
>      at 
> org.apache.activemq.transport.tcp.TcpTransport$2.fill(TcpTransport.java:634)
>      at 
> org.apache.activemq.transport.tcp.TcpBufferedInputStream.read(TcpBufferedInputStream.java:59)
>      at 
> org.apache.activemq.transport.tcp.TcpTransport$2.read(TcpTransport.java:619)
>      at java.io.DataInputStream.readInt(DataInputStream.java:387)
>      at 
> org.apache.activemq.openwire.OpenWireFormat.unmarshal(OpenWireFormat.java:268)
>      at 
> org.apache.activemq.transport.tcp.TcpTransport.readCommand(TcpTransport.java:240)
>      at 
> org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:232)
>      at 
> org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:215)
>      ... 1 more
>  Caused by: sun.security.validator.ValidatorException: PKIX path building 
> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to 
> find valid certification path to requested target
>      at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
>      at 
> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
>      at sun.security.validator.Validator.validate(Validator.java:260)
>      at 
> sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
>      at 
> sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
>      at 
> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
>      at 
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
>      ... 17 more
>  Caused by: sun.security.provider.certpath.SunCertPathBuilderException: 
> unable to find valid certification path to requested target
>      at 
> sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
>      at 
> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
>      at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
>      at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
>      ... 23 more



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (AMQ-6970) SSL config-params are not propagated inside rar correctly

Reply via email to