Previous versions of JBoss EAP 6 included a bug which caused JBossJSSESecurityDomain.java to attempt to use the keystore/truststore provider to get instances of the trust manager. This behavior was incorrect as the "trust-manager-factory-provider" setting cannot be used in the JSSE section of a security domain. Using this setting (even if properly configured) would result in an exception during start up. This bug has been resolved in this release and the "trust-manager-factory-provider" setting can now be used to set the `trustManagerFactoryProvider`.
Description of problem:
There is a bug in JBossJSSESecurityDomain.java where it attempts to use the keystore/truststore provider to get instances of the trust manager.
The code reads:
if (trustManagerFactoryProvider != null)
trustManagerFactory = TrustManagerFactory.getInstance(algorithm, trustStoreProvider);
else
trustManagerFactory = TrustManagerFactory.getInstance(algorithm);
I think it should read:
if (trustManagerFactoryProvider != null)
trustManagerFactory = TrustManagerFactory.getInstance(algorithm, trustManagerFactoryProvider);
else
trustManagerFactory = TrustManagerFactory.getInstance(algorithm);
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
Setup a security-domain that defines a JSSE keystore/truststore:
+ <!--
+ <jsse keystore-url="/home/dehort/dev/java/jboss-eap-6.1.1/standalone/configuration/server.keystore"
+ keystore-password="123456"
+ key-manager-factory-algorithm="SunX509"
+ key-manager-factory-provider="SunJSSE"/>
+ -->
+ <jsse truststore-url="/home/dehort/dev/java/jboss-eap-6.1.1/standalone/configuration/server.keystore"
+ truststore-password="123456"
+ trust-manager-factory-algorithm="SunX509"
+ trust-manager-factory-provider="SunJSSE"/>
Actual results:
Expected results:
Additional info:
As per bz 1097167, this has been set back to known issue.
I removed the doc text so here it is, ready to be reinstated:
Previous versions of JBoss EAP 6 included a bug which caused JBossJSSESecurityDomain.java to attempt to use the keystore/truststore provider to get instances of the trust manager. This behavior was incorrect as the "trust-manager-factory-provider" setting cannot be used in the JSSE section of a security domain. Using this setting (even if properly configured) would result in an exception during start up. This bug has been resolved in this release and the "trust-manager-factory-provider" setting can now be used to set the `trustManagerFactoryProvider`.
Description of problem: There is a bug in JBossJSSESecurityDomain.java where it attempts to use the keystore/truststore provider to get instances of the trust manager. The code reads: if (trustManagerFactoryProvider != null) trustManagerFactory = TrustManagerFactory.getInstance(algorithm, trustStoreProvider); else trustManagerFactory = TrustManagerFactory.getInstance(algorithm); I think it should read: if (trustManagerFactoryProvider != null) trustManagerFactory = TrustManagerFactory.getInstance(algorithm, trustManagerFactoryProvider); else trustManagerFactory = TrustManagerFactory.getInstance(algorithm); Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: Setup a security-domain that defines a JSSE keystore/truststore: + <!-- + <jsse keystore-url="/home/dehort/dev/java/jboss-eap-6.1.1/standalone/configuration/server.keystore" + keystore-password="123456" + key-manager-factory-algorithm="SunX509" + key-manager-factory-provider="SunJSSE"/> + --> + <jsse truststore-url="/home/dehort/dev/java/jboss-eap-6.1.1/standalone/configuration/server.keystore" + truststore-password="123456" + trust-manager-factory-algorithm="SunX509" + trust-manager-factory-provider="SunJSSE"/> Actual results: Expected results: Additional info: