Uploaded image for project: 'ActiveMQ Classic'
  1. ActiveMQ Classic
  2. AMQ-6970

SSL config-params are not propagated inside rar correctly

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 5.15.4
    • 5.15.5, 5.16.0
    • RAR
    • None
    • Patch Available
    • Patch

    Description

      When trying to configure the SSL config-properties (such as key store), they are not propagated throughout the rar correctly and an error to connect to the server occurs.

      The stack trace below shows an attempt to run the rar deployed in a Wildfly server instance (notice that the error is the same you would see if you failed to configure the config-properties)

      16:57:22,081 WARN  [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (default task-1) IJ000604: Throwable while attempting to get a new connection: null: javax.resource.ResourceException: Could not create connection.
          at org.apache.activemq.ra.ActiveMQManagedConnectionFactory.createManagedConnection(ActiveMQManagedConnectionFactory.java:210)
          at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreConcurrentLinkedDequeManagedConnectionPool.createConnectionEventListener(SemaphoreConcurrentLinkedDequeManagedConnectionPool.java:1326)
          at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreConcurrentLinkedDequeManagedConnectionPool.getConnection(SemaphoreConcurrentLinkedDequeManagedConnectionPool.java:499)
          at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getSimpleConnection(AbstractPool.java:632)
          at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getConnection(AbstractPool.java:604)
          at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.getManagedConnection(AbstractConnectionManager.java:624)
          at org.jboss.jca.core.connectionmanager.tx.TxConnectionManagerImpl.getManagedConnection(TxConnectionManagerImpl.java:430)
          at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.allocateConnection(AbstractConnectionManager.java:789)
          at org.apache.activemq.ra.ActiveMQConnectionFactory.createConnection(ActiveMQConnectionFactory.java:95)
          at org.apache.activemq.ra.ActiveMQConnectionFactory.createConnection(ActiveMQConnectionFactory.java:67)
          at org.jboss.as.quickstarts.servlet.HelloWorldMDBServletClient.doGet(HelloWorldMDBServletClient.java:98)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
          at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
          at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
          at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:67)
          at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
          at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
          at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
          at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
          at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
          at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
          at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
          at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
          at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
          at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
          at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
          at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
          at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
          at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
          at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
          at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
          at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
          at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
          at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
          at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
          at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
          at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
          at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
          at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
          at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
          at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
          at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
          at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
          at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
          at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
          at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
          at io.undertow.server.Connectors.executeRootHandler(Connectors.java:360)
          at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
          at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
          at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
          at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
          at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1349)
          at java.lang.Thread.run(Thread.java:748)
      Caused by: javax.jms.JMSException: Could not connect to broker URL: ssl://localhost:61617. Reason: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
          at org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:36)
          at org.apache.activemq.ActiveMQConnectionFactory.createActiveMQConnection(ActiveMQConnectionFactory.java:374)
          at org.apache.activemq.ActiveMQConnectionFactory.createConnection(ActiveMQConnectionFactory.java:252)
          at org.apache.activemq.ra.ActiveMQConnectionSupport.makeConnection(ActiveMQConnectionSupport.java:89)
          at org.apache.activemq.ra.ActiveMQConnectionSupport.makeConnection(ActiveMQConnectionSupport.java:70)
          at org.apache.activemq.ra.ActiveMQManagedConnectionFactory.createManagedConnection(ActiveMQManagedConnectionFactory.java:208)
          ... 53 more
      Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
          at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
          at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
          at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
          at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
          at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
          at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
          at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
          at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
          at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
          at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
          at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:938)
          at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
          at org.apache.activemq.transport.tcp.TcpBufferedInputStream.fill(TcpBufferedInputStream.java:50)
          at org.apache.activemq.transport.tcp.TcpTransport$2.fill(TcpTransport.java:634)
          at org.apache.activemq.transport.tcp.TcpBufferedInputStream.read(TcpBufferedInputStream.java:59)
          at org.apache.activemq.transport.tcp.TcpTransport$2.read(TcpTransport.java:619)
          at java.io.DataInputStream.readInt(DataInputStream.java:387)
          at org.apache.activemq.openwire.OpenWireFormat.unmarshal(OpenWireFormat.java:268)
          at org.apache.activemq.transport.tcp.TcpTransport.readCommand(TcpTransport.java:240)
          at org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:232)
          at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:215)
          ... 1 more
      Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
          at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
          at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
          at sun.security.validator.Validator.validate(Validator.java:260)
          at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
          at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
          at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
          at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
          ... 17 more
      Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
          at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
          at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
          at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
          at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
          ... 23 more

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            cshannon Christopher L. Shannon
            flavia.rainone Flavia Rainone
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment