zookeeper-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Enrico Olivelli (Jira)" <j...@apache.org>
Subject [jira] [Updated] (ZOOKEEPER-2429) IbmX509 KeyManager and TrustManager algorithm not supported
Date Fri, 06 Sep 2019 15:43:13 GMT

     [ https://issues.apache.org/jira/browse/ZOOKEEPER-2429?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Enrico Olivelli updated ZOOKEEPER-2429:
---------------------------------------
    Fix Version/s: 3.5.7

> IbmX509 KeyManager and TrustManager algorithm not supported
> -----------------------------------------------------------
>
>                 Key: ZOOKEEPER-2429
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2429
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: security, server
>    Affects Versions: 3.5.0
>            Reporter: Saurabh Jain
>            Assignee: Saurabh jain
>            Priority: Minor
>             Fix For: 3.6.0, 3.5.6, 3.5.7
>
>
> When connecting from a zookeeper client running in IBM WebSphere Application Server version
8.5.5, with SSL configured in ZooKeeper, the below mentioned exception is observed.
> org.jboss.netty.channel.ChannelPipelineException: Failed to initialize a pipeline.
>       at org.jboss.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:208)
>       at org.jboss.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:182)
>       at org.apache.zookeeper.ClientCnxnSocketNetty.connect(ClientCnxnSocketNetty.java:112)
>       at org.apache.zookeeper.ClientCnxn$SendThread.startConnect(ClientCnxn.java:1130)
>       at org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1158)
> Caused by: org.apache.zookeeper.common.X509Exception$SSLContextException: Failed to create
KeyManager
>       at org.apache.zookeeper.common.X509Util.createSSLContext(X509Util.java:75)
>       at org.apache.zookeeper.ClientCnxnSocketNetty$ZKClientPipelineFactory.initSSL(ClientCnxnSocketNetty.java:358)
>       at org.apache.zookeeper.ClientCnxnSocketNetty$ZKClientPipelineFactory.getPipeline(ClientCnxnSocketNetty.java:348)
>       at org.jboss.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:206)
>       ... 4 more
> Caused by: org.apache.zookeeper.common.X509Exception$KeyManagerException: java.security.NoSuchAlgorithmException:
SunX509 KeyManagerFactory not available
>       at org.apache.zookeeper.common.X509Util.createKeyManager(X509Util.java:129)
>       at org.apache.zookeeper.common.X509Util.createSSLContext(X509Util.java:73)
>       ... 7 more
> Caused by: java.security.NoSuchAlgorithmException: SunX509 KeyManagerFactory not available
>       at sun.security.jca.GetInstance.getInstance(GetInstance.java:172)
>       at javax.net.ssl.KeyManagerFactory.getInstance(KeyManagerFactory.java:9)
>       at org.apache.zookeeper.common.X509Util.createKeyManager(X509Util.java:118)
> Reason : IBM websphere uses its own jre and supports only IbmX509 keymanager algorithm
which is causing an exception when trying to get an key manager instance using SunX509 which
is not supported.
> Currently KeyManager algorithm name  (SunX509) is hardcoded in the class X509Util.java.
> Possible fix: Instead of having algorithm name hardcoded to SunX509 we can fall back
to the default algorithm supported by the underlying jre.
> Instead of having this -
> KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
> TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
> can we have ?
> KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
> TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

Mime
View raw message