You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Freeman Fang (JIRA)" <ji...@apache.org> on 2018/10/22 08:24:00 UTC
[jira] [Comment Edited] (CXF-7876) several tests failed with
OpenJDK 11
[ https://issues.apache.org/jira/browse/CXF-7876?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16658739#comment-16658739 ]
Freeman Fang edited comment on CXF-7876 at 10/22/18 8:23 AM:
-------------------------------------------------------------
Some update.
I put a method to setup TLS, the code is like
{code}
public static void setupTLS(DoubleItPortType port)
throws FileNotFoundException, IOException, GeneralSecurityException {
String keyStoreLoc =
"/keys/clientstore.jks";
HTTPConduit httpConduit = (HTTPConduit) ClientProxy.getClient(port).getConduit();
TLSClientParameters tlsCP = httpConduit.getTlsClientParameters();
String keyPassword = "ckpass";
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(SAMLRenewTest.class.getResourceAsStream(keyStoreLoc), "cspass".toCharArray());
KeyManager[] myKeyManagers = getKeyManagers(keyStore, keyPassword);
KeyManager[] myKeyManagers1 = tlsCP.getKeyManagers();
tlsCP.setKeyManagers(myKeyManagers);//success
//tlsCP.setKeyManagers(myKeyManagers1);//fail
}
{code}
So here tlsCP.setKeyManagers matters.
We can't use the original KeyManager[] of http conduit, must use the new one loaded from keystore again.
However, I don't see any difference between myKeyManagers and myKeyManagers1
the private key and public key from both are exactly identical
Both public keys are
{code}
[[
[
Version: V3
Subject: EMAILADDRESS=client@client.com, CN=www.client.com, OU=IT Department, O=Sample Client -- NOT FOR PRODUCTION, L=Niagara Falls, ST=New York, C=US
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
params: null
modulus: 22979944141735590299530777135738199886062122197886110375896611227946815723628036065334919482774464248346093352112491034239928873076252381866332224931946201060390165253275342851557798323337127782262100839721957439068980690643454373841976515630240584227659258561183356714882099720006202384737971192873116006711099950585755822064041773930784298874480852699686024664613362614315283905757078372116035645549355693585907454954549483948921643276383884690035320720667085730253572669087521945343868586301084460091093070755848229299850395947142161173078698848677690835587706687226622343867489377217067434763643573310414967775483
public exponent: 65537
Validity: [From: Sat Nov 07 01:29:26 CST 2015,
To: Tue Nov 04 01:29:26 CST 2025]
Issuer: EMAILADDRESS=client@client.com, CN=www.client.com, OU=IT Department, O=Sample Client -- NOT FOR PRODUCTION, L=Niagara Falls, ST=New York, C=US
SerialNumber: [ 38062225]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 8F D9 0E BE C1 0C 8A B7 A6 9D 54 FD 7C 80 AE 89 ..........T.....
0010: 83 14 4B 50 ..KP
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 1E BD 12 98 6B D9 F8 07 E8 99 34 1A 3E 06 21 98 ....k.....4.>.!.
0010: 0B C4 28 46 51 1B C2 8E A8 6E F7 3E 8F DB E5 9A ..(FQ....n.>....
0020: 69 66 1B 31 65 9A 8D 25 95 19 1E 38 DF B1 19 4F if.1e..%...8...O
0030: BD B5 C6 17 3D 05 72 A3 85 32 BB 5D 68 24 04 62 ....=.r..2.]h$.b
0040: 89 9A C8 B1 6A 9C 51 93 54 AD 7B BD 29 81 EA 8E ....j.Q.T...)...
0050: 4E 00 FA B8 60 00 E0 B8 19 58 6E EC 96 65 19 2A N...`....Xn..e.*
0060: 94 95 EF 5D A2 68 8F E1 CE FD A0 B3 35 07 E7 C8 ...].h......5...
0070: 9E B8 91 4D 0D B4 84 E4 07 F8 86 8C AA 1A 58 6A ...M..........Xj
0080: 3E A1 1C A2 15 DE 08 05 0B 09 BB 61 B1 4C 4D 77 >..........a.LMw
0090: BB 7E 1F 81 8F 1F 34 D7 23 C4 39 EF 59 84 E1 22 ......4.#.9.Y.."
00A0: 75 CD BF 26 25 65 CA AC 1E 10 09 97 FF BE 9D 53 u..&%e.........S
00B0: 25 D0 2F DF A7 EB B8 56 26 AE 60 AE 26 5A 94 C3 %./....V&.`.&Z..
00C0: 58 69 90 B5 7C 0F 8D 32 D3 D9 BA 22 BC 7B 23 1B Xi.....2..."..#.
00D0: 2B 82 A1 C2 E6 BB D2 5B A2 CB 41 68 D0 1E FF 08 +......[..Ah....
00E0: C1 91 71 0D 05 DE 32 3E 3B 75 40 24 3B B1 00 01 ..q...2>;u@$;...
00F0: B1 51 3F DF 3C CA C0 DD 7C FE 69 F9 78 A3 D8 48 .Q?.<.....i.x..H
]]
{code}
and both private keys are
{code}
SunRsaSign RSA private CRT key, 2048 bits
params: null
modulus: 22979944141735590299530777135738199886062122197886110375896611227946815723628036065334919482774464248346093352112491034239928873076252381866332224931946201060390165253275342851557798323337127782262100839721957439068980690643454373841976515630240584227659258561183356714882099720006202384737971192873116006711099950585755822064041773930784298874480852699686024664613362614315283905757078372116035645549355693585907454954549483948921643276383884690035320720667085730253572669087521945343868586301084460091093070755848229299850395947142161173078698848677690835587706687226622343867489377217067434763643573310414967775483
private exponent: 20019484120851607375397259407477253830581668443262730759745504393676785585620627906590657078436993786640704546218328014844965425323337252090824603663038228837785008391755839064449714473848512650876182695928795001696818340046040923755036196093702121181835874518092109316561310426385616048251060123073953420009248468471892473797436110486283144262959814684005600825771839050733587505044356903240740977372931100006048094499708079330221270357931115611797563419258725014457086227982326645014749655656544155141476328063006261550749118736823288385079798158139232473907261211007237968978417214486325768209450964729578846755313
{code}
This is really weird, I can't tell why one works while another doesn't. two keyManager here are same from my point of view.
Especially the error only happen when using OpenJDK JAVA11.
[~coheigea] any idea here?
Thanks!
Freeman
was (Author: ffang):
Some update.
I put a method to setup TLS, the code is like
{code}
public static void setupTLS(DoubleItPortType port)
throws FileNotFoundException, IOException, GeneralSecurityException {
String keyStoreLoc =
"/keys/clientstore.jks";
HTTPConduit httpConduit = (HTTPConduit) ClientProxy.getClient(port).getConduit();
TLSClientParameters tlsCP = httpConduit.getTlsClientParameters();
String keyPassword = "ckpass";
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(SAMLRenewTest.class.getResourceAsStream(keyStoreLoc), "cspass".toCharArray());
KeyManager[] myKeyManagers = getKeyManagers(keyStore, keyPassword);
KeyManager[] myKeyManagers1 = tlsCP.getKeyManagers();
tlsCP.setKeyManagers(myKeyManagers);//success
//tlsCP.setKeyManagers(myKeyManagers1);//fail
}
{code}
So here tlsCP.setKeyManagers matters.
We can't use the original KeyManager[] of http conduit, must use the new one loaded from keystore again.
However, I don't see any difference between myKeyManagers and myKeyManagers1
the private key and public key from both are exactly identical
public key is
{code}
[[
[
Version: V3
Subject: EMAILADDRESS=client@client.com, CN=www.client.com, OU=IT Department, O=Sample Client -- NOT FOR PRODUCTION, L=Niagara Falls, ST=New York, C=US
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
params: null
modulus: 22979944141735590299530777135738199886062122197886110375896611227946815723628036065334919482774464248346093352112491034239928873076252381866332224931946201060390165253275342851557798323337127782262100839721957439068980690643454373841976515630240584227659258561183356714882099720006202384737971192873116006711099950585755822064041773930784298874480852699686024664613362614315283905757078372116035645549355693585907454954549483948921643276383884690035320720667085730253572669087521945343868586301084460091093070755848229299850395947142161173078698848677690835587706687226622343867489377217067434763643573310414967775483
public exponent: 65537
Validity: [From: Sat Nov 07 01:29:26 CST 2015,
To: Tue Nov 04 01:29:26 CST 2025]
Issuer: EMAILADDRESS=client@client.com, CN=www.client.com, OU=IT Department, O=Sample Client -- NOT FOR PRODUCTION, L=Niagara Falls, ST=New York, C=US
SerialNumber: [ 38062225]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 8F D9 0E BE C1 0C 8A B7 A6 9D 54 FD 7C 80 AE 89 ..........T.....
0010: 83 14 4B 50 ..KP
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 1E BD 12 98 6B D9 F8 07 E8 99 34 1A 3E 06 21 98 ....k.....4.>.!.
0010: 0B C4 28 46 51 1B C2 8E A8 6E F7 3E 8F DB E5 9A ..(FQ....n.>....
0020: 69 66 1B 31 65 9A 8D 25 95 19 1E 38 DF B1 19 4F if.1e..%...8...O
0030: BD B5 C6 17 3D 05 72 A3 85 32 BB 5D 68 24 04 62 ....=.r..2.]h$.b
0040: 89 9A C8 B1 6A 9C 51 93 54 AD 7B BD 29 81 EA 8E ....j.Q.T...)...
0050: 4E 00 FA B8 60 00 E0 B8 19 58 6E EC 96 65 19 2A N...`....Xn..e.*
0060: 94 95 EF 5D A2 68 8F E1 CE FD A0 B3 35 07 E7 C8 ...].h......5...
0070: 9E B8 91 4D 0D B4 84 E4 07 F8 86 8C AA 1A 58 6A ...M..........Xj
0080: 3E A1 1C A2 15 DE 08 05 0B 09 BB 61 B1 4C 4D 77 >..........a.LMw
0090: BB 7E 1F 81 8F 1F 34 D7 23 C4 39 EF 59 84 E1 22 ......4.#.9.Y.."
00A0: 75 CD BF 26 25 65 CA AC 1E 10 09 97 FF BE 9D 53 u..&%e.........S
00B0: 25 D0 2F DF A7 EB B8 56 26 AE 60 AE 26 5A 94 C3 %./....V&.`.&Z..
00C0: 58 69 90 B5 7C 0F 8D 32 D3 D9 BA 22 BC 7B 23 1B Xi.....2..."..#.
00D0: 2B 82 A1 C2 E6 BB D2 5B A2 CB 41 68 D0 1E FF 08 +......[..Ah....
00E0: C1 91 71 0D 05 DE 32 3E 3B 75 40 24 3B B1 00 01 ..q...2>;u@$;...
00F0: B1 51 3F DF 3C CA C0 DD 7C FE 69 F9 78 A3 D8 48 .Q?.<.....i.x..H
]]
{code}
and the private key is
{code}
SunRsaSign RSA private CRT key, 2048 bits
params: null
modulus: 22979944141735590299530777135738199886062122197886110375896611227946815723628036065334919482774464248346093352112491034239928873076252381866332224931946201060390165253275342851557798323337127782262100839721957439068980690643454373841976515630240584227659258561183356714882099720006202384737971192873116006711099950585755822064041773930784298874480852699686024664613362614315283905757078372116035645549355693585907454954549483948921643276383884690035320720667085730253572669087521945343868586301084460091093070755848229299850395947142161173078698848677690835587706687226622343867489377217067434763643573310414967775483
private exponent: 20019484120851607375397259407477253830581668443262730759745504393676785585620627906590657078436993786640704546218328014844965425323337252090824603663038228837785008391755839064449714473848512650876182695928795001696818340046040923755036196093702121181835874518092109316561310426385616048251060123073953420009248468471892473797436110486283144262959814684005600825771839050733587505044356903240740977372931100006048094499708079330221270357931115611797563419258725014457086227982326645014749655656544155141476328063006261550749118736823288385079798158139232473907261211007237968978417214486325768209450964729578846755313
{code}
This is really weird, I can't tell why one works while another doesn't. two keyManager here are same from my point of view.
Especially the error only happen when using OpenJDK JAVA11.
[~coheigea] any idea here?
Thanks!
Freeman
> several tests failed with OpenJDK 11
> ------------------------------------
>
> Key: CXF-7876
> URL: https://issues.apache.org/jira/browse/CXF-7876
> Project: CXF
> Issue Type: Task
> Reporter: Freeman Fang
> Assignee: Freeman Fang
> Priority: Major
> Fix For: 3.3.0
>
>
> Though they are ok with Oracle one.
> They are
> {code}
> rt/bindings/xml/src/test/java/org/apache/cxf/binding/xml/interceptor/XMLMessageInInterceptorTest.java
> rt/bindings/xml/src/test/java/org/apache/cxf/binding/xml/interceptor/XMLMessageOutInterceptorTest.java
> rt/transports/http-netty/netty-client/src/test/java/org/apache/cxf/transport/http/netty/client/integration/SSLNettyClientTest.java
> rt/transports/http-netty/netty-server/src/test/java/org/apache/cxf/transport/http/netty/server/integration/SSLNettyServerTest.java
> rt/transports/http-netty/netty-server/src/test/java/org/apache/cxf/transport/http/netty/server/integration/SSLNettySpringServerTest.java
> services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderLifetimeTest.java
> services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/SAMLRenewTest.java
> systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)