[ https://issues.apache.org/jira/browse/AMQ-5100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15115177#comment-15115177 ]
Tristan Leask edited comment on AMQ-5100 at 1/25/16 2:15 PM: ------------------------------------------------------------- Ok, I am trying to do this as well, and came across the same error. I got passed this error by editing the SSLContext definition like so... <sslContext keyStore="NONE" keyStoreType="PKCS11" keyStorePassword="***" trustStore="NONE" trustStoreType="PKCS11" trustStorePassword="***"/> Even though you get past this error, you then come across a "Transport Connector could not be registered in JMX" due to the random number generator and FIPS Mode... {code} INFO | jvm 1 | 2016/01/25 12:57:11 | org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.apache.activemq.xbean.XBeanBrokerService#0' defined in class path resource [activemq.xml]: Invocation of init method failed; nested exception is java.io.IOException: Transport Connector could not be registered in JMX: FIPS mode: SecureRandom must be from provider SunPKCS11-NSSfips INFO | jvm 1 | 2016/01/25 12:57:11 | at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1420) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:192) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:585) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:895) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:425) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.apache.xbean.spring.context.ResourceXmlApplicationContext.<init>(ResourceXmlApplicationContext.java:64) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.apache.xbean.spring.context.ResourceXmlApplicationContext.<init>(ResourceXmlApplicationContext.java:52) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.apache.activemq.xbean.XBeanBrokerFactory$1.<init>(XBeanBrokerFactory.java:108) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.apache.activemq.xbean.XBeanBrokerFactory.createApplicationContext(XBeanBrokerFactory.java:108) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.apache.activemq.xbean.XBeanBrokerFactory.createBroker(XBeanBrokerFactory.java:72) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:71) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:54) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.apache.activemq.console.command.StartCommand.startBroker(StartCommand.java:115) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.apache.activemq.console.command.StartCommand.runTask(StartCommand.java:74) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:57) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.apache.activemq.console.command.ShellCommand.runTask(ShellCommand.java:148) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:57) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.apache.activemq.console.command.ShellCommand.main(ShellCommand.java:90) INFO | jvm 1 | 2016/01/25 12:57:11 | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) INFO | jvm 1 | 2016/01/25 12:57:11 | at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) INFO | jvm 1 | 2016/01/25 12:57:11 | at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) INFO | jvm 1 | 2016/01/25 12:57:11 | at java.lang.reflect.Method.invoke(Unknown Source) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.apache.activemq.console.Main.runTaskClass(Main.java:257) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.apache.activemq.console.Main.main(Main.java:111) INFO | jvm 1 | 2016/01/25 12:57:11 | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) INFO | jvm 1 | 2016/01/25 12:57:11 | at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) INFO | jvm 1 | 2016/01/25 12:57:11 | at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) INFO | jvm 1 | 2016/01/25 12:57:11 | at java.lang.reflect.Method.invoke(Unknown Source) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:240) INFO | jvm 1 | 2016/01/25 12:57:11 | at java.lang.Thread.run(Unknown Source) {code} was (Author: leaski): Ok, I am trying to do this as well, and came across the same error. I got passed this error by editing the SSLContext definition like so... <sslContext keyStore="c:/nss/cert/key3.db" keyStoreType="PKCS11" keyStorePassword="***" trustStore="c:/nss/cert/cert8.db" trustStoreType="PKCS11" trustStorePassword="***"/> Even though you get past this error, you then come across a "Transport Connector could not be registered in JMX" due to the random number generator and FIPS Mode... {code} INFO | jvm 1 | 2016/01/25 12:57:11 | org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.apache.activemq.xbean.XBeanBrokerService#0' defined in class path resource [activemq.xml]: Invocation of init method failed; nested exception is java.io.IOException: Transport Connector could not be registered in JMX: FIPS mode: SecureRandom must be from provider SunPKCS11-NSSfips INFO | jvm 1 | 2016/01/25 12:57:11 | at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1420) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:192) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:585) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:895) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:425) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.apache.xbean.spring.context.ResourceXmlApplicationContext.<init>(ResourceXmlApplicationContext.java:64) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.apache.xbean.spring.context.ResourceXmlApplicationContext.<init>(ResourceXmlApplicationContext.java:52) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.apache.activemq.xbean.XBeanBrokerFactory$1.<init>(XBeanBrokerFactory.java:108) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.apache.activemq.xbean.XBeanBrokerFactory.createApplicationContext(XBeanBrokerFactory.java:108) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.apache.activemq.xbean.XBeanBrokerFactory.createBroker(XBeanBrokerFactory.java:72) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:71) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:54) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.apache.activemq.console.command.StartCommand.startBroker(StartCommand.java:115) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.apache.activemq.console.command.StartCommand.runTask(StartCommand.java:74) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:57) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.apache.activemq.console.command.ShellCommand.runTask(ShellCommand.java:148) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:57) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.apache.activemq.console.command.ShellCommand.main(ShellCommand.java:90) INFO | jvm 1 | 2016/01/25 12:57:11 | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) INFO | jvm 1 | 2016/01/25 12:57:11 | at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) INFO | jvm 1 | 2016/01/25 12:57:11 | at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) INFO | jvm 1 | 2016/01/25 12:57:11 | at java.lang.reflect.Method.invoke(Unknown Source) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.apache.activemq.console.Main.runTaskClass(Main.java:257) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.apache.activemq.console.Main.main(Main.java:111) INFO | jvm 1 | 2016/01/25 12:57:11 | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) INFO | jvm 1 | 2016/01/25 12:57:11 | at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) INFO | jvm 1 | 2016/01/25 12:57:11 | at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) INFO | jvm 1 | 2016/01/25 12:57:11 | at java.lang.reflect.Method.invoke(Unknown Source) INFO | jvm 1 | 2016/01/25 12:57:11 | at org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:240) INFO | jvm 1 | 2016/01/25 12:57:11 | at java.lang.Thread.run(Unknown Source) {code} > PKCS11 (NSS-FIPS) support in A-MQ/ActiveMQ > ------------------------------------------ > > Key: AMQ-5100 > URL: https://issues.apache.org/jira/browse/AMQ-5100 > Project: ActiveMQ > Issue Type: Bug > Components: Broker > Reporter: Jesse Sightler > > I have attempted to configure PKCS11/NSS support in ActiveMQ, however, I am > receiving the following exception: > Caused by: java.io.FileNotFoundException: class path resource [NONE] cannot > be opened because it does not exist > at > org.springframework.core.io.ClassPathResource.getInputStream(ClassPathResource.java:157) > at > org.apache.activemq.spring.SpringSslContext.createKeyManagerKeyStore(SpringSslContext.java:119) > at > org.apache.activemq.spring.SpringSslContext.createKeyManagers(SpringSslContext.java:88) > at > org.apache.activemq.spring.SpringSslContext.afterPropertiesSet(SpringSslContext.java:65) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:622) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1581) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1522) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1452) > ... 40 more > My configured sslContext for the broker looks like this: > <sslContext> > <sslContext > keyStore="NONE" keyStoreType="PKCS11" > keyStorePassword="password" > trustStore="/etc/activemqssl/truststore.jks" > trustStorePassword="password" > /> > </sslContext> > AFAIK, setting keyStore to "NONE" is the generally accepted way to do with > with PKCS11. The code should generate a warning at most for this, but instead > I receive the above exception and a failure to load the keystore. > The activemq code looks like this (in > org.apache.activemq.spring.SpringSslContext): > private KeyStore createKeyManagerKeyStore() throws Exception { > if( keyStore ==null ) { > return null; > } > KeyStore ks = KeyStore.getInstance(keyStoreType); > InputStream is=Utils.resourceFromString(keyStore).getInputStream(); > try { > ks.load(is, keyStorePassword==null? null : > keyStorePassword.toCharArray()); > } finally { > is.close(); > } > return ks; > } > It looks like this should just be setting "is" to null, generating a warning, > and then calling ks.load with the null inputstream (the nss library will load > the nss files based upon the nss.cfg file). -- This message was sent by Atlassian JIRA (v6.3.4#6332)