X509 support is a key security feature for banks and financial institutions that should be addressed asap
please recreate the JIRA issue in zookeeper project at https://issues.apache.orgplease cc patrick and myself on the issueplease keep a local copy of the bug on your local harddrive Thanks! Martin ______________________________________________ > From: [email protected] > Date: Fri, 13 May 2016 21:46:42 -0700 > Subject: Re: [jira] [Updated] (ZOOKEEPER-2428) IbmX509 KeyManager and > TrustManager algorithm not supported > To: [email protected] > > Hi Saurabh. I don't see that jira either, although I do see the email to > our list when you created it. I don't see any email about it being > deleted/moved/etc... > > The Apache infra team has been dealing with a massive JIRA spam attack over > the past few days (not the first time). I'm not sure but it could be that > some of the counter-measures and/or cleanup implemented by the infra team > to address the spam may have caused your jira to go missing. Did you create > your JIRA user account recently? Regardless, I recommend you recreate your > jira - sorry for the trouble! > > Regards, > > Patrick > > On Fri, May 13, 2016 at 5:12 PM, saurabh jain <[email protected]> wrote: > > > Hello everyone, > > > > Two days back i created a jira for an issue which we are facing in our > > application while using zookeeper. > > > > Jira no is - 2428 ,https://issues.apache.org/jira/browse/ZOOKEEPER-2428 > > > > But right now when i am trying to see this jira , it is saying it doesn't > > exist. > > > > Is it removed or moved somewhere else ? > > > > Please advise. > > > > Thanks, > > Saurabh > > > > ---------- Forwarded message ---------- > > From: Timothy Fanelli (JIRA) <[email protected]> > > Date: Wed, May 11, 2016 at 3:35 PM > > Subject: [jira] [Updated] (ZOOKEEPER-2428) IbmX509 KeyManager and > > TrustManager algorithm not supported > > To: [email protected] > > > > > > > > [ > > > > https://issues.apache.org/jira/browse/ZOOKEEPER-2428?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel > > ] > > > > Timothy Fanelli updated ZOOKEEPER-2428: > > --------------------------------------- > > Description: > > When connecting from a zookeeper client running in IBM WebSphere > > Application Server version 8.5.5, with SSL configured in ZooKeeper, the > > below mentioned exception is observed. > > > > org.jboss.netty.channel.ChannelPipelineException: Failed to initialize a > > pipeline. > > at > > org.jboss.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:208) > > at > > org.jboss.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:182) > > at > > > > org.apache.zookeeper.ClientCnxnSocketNetty.connect(ClientCnxnSocketNetty.java:112) > > at > > > > org.apache.zookeeper.ClientCnxn$SendThread.startConnect(ClientCnxn.java:1130) > > at > > org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1158) > > Caused by: org.apache.zookeeper.common.X509Exception$SSLContextException: > > Failed to create KeyManager > > at > > org.apache.zookeeper.common.X509Util.createSSLContext(X509Util.java:75) > > at > > > > org.apache.zookeeper.ClientCnxnSocketNetty$ZKClientPipelineFactory.initSSL(ClientCnxnSocketNetty.java:358) > > at > > > > org.apache.zookeeper.ClientCnxnSocketNetty$ZKClientPipelineFactory.getPipeline(ClientCnxnSocketNetty.java:348) > > at > > org.jboss.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:206) > > ... 4 more > > Caused by: org.apache.zookeeper.common.X509Exception$KeyManagerException: > > java.security.NoSuchAlgorithmException: SunX509 KeyManagerFactory not > > available > > at > > org.apache.zookeeper.common.X509Util.createKeyManager(X509Util.java:129) > > at > > org.apache.zookeeper.common.X509Util.createSSLContext(X509Util.java:73) > > ... 7 more > > Caused by: java.security.NoSuchAlgorithmException: SunX509 > > KeyManagerFactory not available > > at sun.security.jca.GetInstance.getInstance(GetInstance.java:172) > > at > > javax.net.ssl.KeyManagerFactory.getInstance(KeyManagerFactory.java:9) > > at > > org.apache.zookeeper.common.X509Util.createKeyManager(X509Util.java:118) > > > > Reason : IBM websphere uses its own jre and supports only IbmX509 > > keymanager algorithm which is causing an exception when trying to get an > > key manager instance using SunX509 which is not supported. > > Currently KeyManager algorithm name (SunX509) is hardcoded in the class > > X509Util.java. > > > > Possible fix: Instead of having algorithm name hardcoded to SunX509 we can > > fall back to the default algorithm supported by the underlying jre. > > > > Instead of having this - > > KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); > > TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); > > > > can we have ? > > KeyManagerFactory kmf = > > KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); > > > > TrustManagerFactory tmf = > > TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); > > > > was: > > When connecting from a zookeeper client running on websphere version 8.5.5 > > in SSL mode below mentioned exception is observed. > > > > org.jboss.netty.channel.ChannelPipelineException: Failed to initialize a > > pipeline. > > at > > org.jboss.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:208) > > at > > org.jboss.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:182) > > at > > > > org.apache.zookeeper.ClientCnxnSocketNetty.connect(ClientCnxnSocketNetty.java:112) > > at > > > > org.apache.zookeeper.ClientCnxn$SendThread.startConnect(ClientCnxn.java:1130) > > at > > org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1158) > > Caused by: org.apache.zookeeper.common.X509Exception$SSLContextException: > > Failed to create KeyManager > > at > > org.apache.zookeeper.common.X509Util.createSSLContext(X509Util.java:75) > > at > > > > org.apache.zookeeper.ClientCnxnSocketNetty$ZKClientPipelineFactory.initSSL(ClientCnxnSocketNetty.java:358) > > at > > > > org.apache.zookeeper.ClientCnxnSocketNetty$ZKClientPipelineFactory.getPipeline(ClientCnxnSocketNetty.java:348) > > at > > org.jboss.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:206) > > ... 4 more > > Caused by: org.apache.zookeeper.common.X509Exception$KeyManagerException: > > java.security.NoSuchAlgorithmException: SunX509 KeyManagerFactory not > > available > > at > > org.apache.zookeeper.common.X509Util.createKeyManager(X509Util.java:129) > > at > > org.apache.zookeeper.common.X509Util.createSSLContext(X509Util.java:73) > > ... 7 more > > Caused by: java.security.NoSuchAlgorithmException: SunX509 > > KeyManagerFactory not available > > at sun.security.jca.GetInstance.getInstance(GetInstance.java:172) > > at > > javax.net.ssl.KeyManagerFactory.getInstance(KeyManagerFactory.java:9) > > at > > org.apache.zookeeper.common.X509Util.createKeyManager(X509Util.java:118) > > > > Reason : IBM websphere uses its own jre and supports only IbmX509 > > keymanager algorithm which is causing an exception when trying to get an > > key manager instance using SunX509 which is not supported. > > Currently KeyManager algorithm name (SunX509) is hardcoded in the class > > X509Util.java. > > > > Possible fix: Instead of having algorithm name hardcoded to SunX509 we can > > fall back to the default algorithm supported by the underlying jre. > > > > Instead of having this - > > KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); > > TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); > > > > can we have ? > > KeyManagerFactory kmf = > > KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); > > > > TrustManagerFactory tmf = > > TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); > > > > > > > IbmX509 KeyManager and TrustManager algorithm not supported > > > ----------------------------------------------------------- > > > > > > Key: ZOOKEEPER-2428 > > > URL: > > https://issues.apache.org/jira/browse/ZOOKEEPER-2428 > > > Project: ZooKeeper > > > Issue Type: Bug > > > Components: security > > > Affects Versions: 3.5.1 > > > Reporter: Saurabh Jain > > > Priority: Minor > > > > > > When connecting from a zookeeper client running in IBM WebSphere > > Application Server version 8.5.5, with SSL configured in ZooKeeper, the > > below mentioned exception is observed. > > > org.jboss.netty.channel.ChannelPipelineException: Failed to initialize a > > pipeline. > > > at > > org.jboss.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:208) > > > at > > org.jboss.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:182) > > > at > > > > org.apache.zookeeper.ClientCnxnSocketNetty.connect(ClientCnxnSocketNetty.java:112) > > > at > > > > org.apache.zookeeper.ClientCnxn$SendThread.startConnect(ClientCnxn.java:1130) > > > at > > org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1158) > > > Caused by: org.apache.zookeeper.common.X509Exception$SSLContextException: > > Failed to create KeyManager > > > at > > org.apache.zookeeper.common.X509Util.createSSLContext(X509Util.java:75) > > > at > > > > org.apache.zookeeper.ClientCnxnSocketNetty$ZKClientPipelineFactory.initSSL(ClientCnxnSocketNetty.java:358) > > > at > > > > org.apache.zookeeper.ClientCnxnSocketNetty$ZKClientPipelineFactory.getPipeline(ClientCnxnSocketNetty.java:348) > > > at > > org.jboss.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:206) > > > ... 4 more > > > Caused by: org.apache.zookeeper.common.X509Exception$KeyManagerException: > > java.security.NoSuchAlgorithmException: SunX509 KeyManagerFactory not > > available > > > at > > org.apache.zookeeper.common.X509Util.createKeyManager(X509Util.java:129) > > > at > > org.apache.zookeeper.common.X509Util.createSSLContext(X509Util.java:73) > > > ... 7 more > > > Caused by: java.security.NoSuchAlgorithmException: SunX509 > > KeyManagerFactory not available > > > at sun.security.jca.GetInstance.getInstance(GetInstance.java:172) > > > at > > javax.net.ssl.KeyManagerFactory.getInstance(KeyManagerFactory.java:9) > > > at > > org.apache.zookeeper.common.X509Util.createKeyManager(X509Util.java:118) > > > Reason : IBM websphere uses its own jre and supports only IbmX509 > > keymanager algorithm which is causing an exception when trying to get an > > key manager instance using SunX509 which is not supported. > > > Currently KeyManager algorithm name (SunX509) is hardcoded in the class > > X509Util.java. > > > Possible fix: Instead of having algorithm name hardcoded to SunX509 we > > can fall back to the default algorithm supported by the underlying jre. > > > Instead of having this - > > > KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); > > > TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); > > > can we have ? > > > KeyManagerFactory kmf = > > KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); > > > TrustManagerFactory tmf = > > TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); > > > > > > > > -- > > This message was sent by Atlassian JIRA > > (v6.3.4#6332) > >
