Redis ticket registry 7.0.0-RC8 - SSL support bug?
38 views
Skip to first unread message
Mike Rokitka
Oct 18, 2023, 12:35:47 AM10/18/23
to CAS Community
There appears to be a possible bug in the Redis ticket registry regarding SSL usage. I believe this issue has been referenced in a few other posts, eg. https://groups.google.com/g/jasig-cas-user/c/lql-282-_lc
The RedisConnectionFactory bean provided via RedisTicketRegistryConfiguration uses the CasSSLContext, which in most cases will be the system() default context (following the logic in CasCoreHttpConfiguration.CasCoreHttpTlsConfiguration) to provide the SSL options for the lettuce pool config: RedisObjectFactory.newRedisConnectionFactory -> getRedisPoolClientConfig. Specifically, the keyManager and trustManager properties. The keyManagerFactory that is provided by the system
CasSSLContext is never initialized via the init() method.
This results in the follow stack trace at runtime:
Caused by: java.lang.IllegalStateException: KeyManagerFactoryImpl is not initialized
at sun.security.ssl.KeyManagerFactoryImpl.engineGetKeyManagers(KeyManagerFactoryImpl.java:51) ~[?:?]
at javax.net.ssl.KeyManagerFactory.getKeyManagers(KeyManagerFactory.java:303) ~[?:?]
at io.netty.handler.ssl.JdkSslClientContext.newSSLContext(JdkSslClientContext.java:294) ~[netty-handler-4.1.99.Final.jar:4.1.99.Final]
at io.netty.handler.ssl.JdkSslClientContext.<init>(JdkSslClientContext.java:272) ~[netty-handler-4.1.99.Final.jar:4.1.99.Final]
at io.netty.handler.ssl.SslContext.newClientContextInternal(SslContext.java:829) ~[netty-handler-4.1.99.Final.jar:4.1.99.Final]
at io.netty.handler.ssl.SslContextBuilder.build(SslContextBuilder.java:615) ~[netty-handler-4.1.99.Final.jar:4.1.99.Final]
at io.lettuce.core.SslConnectionBuilder$SslChannelInitializer.initializeSSLEngine(SslConnectionBuilder.java:174) ~[lettuce-core-6.2.6.RELEASE.jar:6.2.6.RELEASE]
at io.lettuce.core.SslConnectionBuilder$SslChannelInitializer.initChannel(SslConnectionBuilder.java:147) ~[lettuce-core-6.2.6.RELEASE.jar:6.2.6.RELEASE]
at sun.security.ssl.KeyManagerFactoryImpl.engineGetKeyManagers(KeyManagerFactoryImpl.java:51) ~[?:?]
at javax.net.ssl.KeyManagerFactory.getKeyManagers(KeyManagerFactory.java:303) ~[?:?]
at io.netty.handler.ssl.JdkSslClientContext.newSSLContext(JdkSslClientContext.java:294) ~[netty-handler-4.1.99.Final.jar:4.1.99.Final]
at io.netty.handler.ssl.JdkSslClientContext.<init>(JdkSslClientContext.java:272) ~[netty-handler-4.1.99.Final.jar:4.1.99.Final]
at io.netty.handler.ssl.SslContext.newClientContextInternal(SslContext.java:829) ~[netty-handler-4.1.99.Final.jar:4.1.99.Final]
at io.netty.handler.ssl.SslContextBuilder.build(SslContextBuilder.java:615) ~[netty-handler-4.1.99.Final.jar:4.1.99.Final]
at io.lettuce.core.SslConnectionBuilder$SslChannelInitializer.initializeSSLEngine(SslConnectionBuilder.java:174) ~[lettuce-core-6.2.6.RELEASE.jar:6.2.6.RELEASE]
at io.lettuce.core.SslConnectionBuilder$SslChannelInitializer.initChannel(SslConnectionBuilder.java:147) ~[lettuce-core-6.2.6.RELEASE.jar:6.2.6.RELEASE]
Reply all
Reply to author
Forward
0 new messages