Wildfly 8 - REST SSL Probleme mit FireFox - SSL_ERROR_BAD_MAC_READ

wildfly8
jax-rs
ssl
firefox

#1

Hallo,

ich bin gerade dabei mir eine REST-Schnittstelle aufzubauen, welche über HTTPS und JSONP Daten für eine Web-Anwendung liefern soll. Die Schnittstelle steht soweit, aber ich habe große Probleme den FireFox anzubinden. Ich erhalte immer den Fehlercode “SSL_ERROR_BAD_MAC_READ”. Im IE und in anderen Java-Anwendungen geht die Verbindung ohne Probleme.

Mein WildFly liefert mir folgende Fehlermeldung, mit der ich allerdings nicht viel anfangen kann.

2018-01-26 13:18:24,958 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /TestViewer/api/getTestList.json: org.jboss.resteasy.spi.UnhandledException: Response is committed, can't handle exception
	at org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:148) [resteasy-jaxrs-3.0.10.Final.jar:]
	at org.jboss.resteasy.core.SynchronousDispatcher.writeResponse(SynchronousDispatcher.java:432) [resteasy-jaxrs-3.0.10.Final.jar:]
	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:376) [resteasy-jaxrs-3.0.10.Final.jar:]
	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179) [resteasy-jaxrs-3.0.10.Final.jar:]
	at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220) [resteasy-jaxrs-3.0.10.Final.jar:]
	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) [resteasy-jaxrs-3.0.10.Final.jar:]
	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) [resteasy-jaxrs-3.0.10.Final.jar:]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
	at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:63) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:197) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_45]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_45]
	at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_45]
Caused by: java.lang.ArrayIndexOutOfBoundsException
	at java.lang.System.arraycopy(Native Method) [rt.jar:1.8.0_45]
	at org.bouncycastle.crypto.modes.GCMBlockCipher.doFinal(Unknown Source)
	at org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher$AEADGenericBlockCipher.doFinal(Unknown Source)
	at org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher.engineDoFinal(Unknown Source)
	at javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:830) [jce.jar:1.8.0_20]
	at javax.crypto.CipherSpi.engineDoFinal(CipherSpi.java:730) [jce.jar:1.8.0_20]
	at javax.crypto.Cipher.doFinal(Cipher.java:2460) [jce.jar:1.8.0_20]
	at sun.security.ssl.CipherBox.encrypt(CipherBox.java:396) [jsse.jar:1.8.0_45]
	at sun.security.ssl.EngineOutputRecord.write(EngineOutputRecord.java:300) [jsse.jar:1.8.0_45]
	at sun.security.ssl.EngineOutputRecord.write(EngineOutputRecord.java:225) [jsse.jar:1.8.0_45]
	at sun.security.ssl.EngineWriter.writeRecord(EngineWriter.java:186) [jsse.jar:1.8.0_45]
	at sun.security.ssl.SSLEngineImpl.writeRecord(SSLEngineImpl.java:1300) [jsse.jar:1.8.0_45]
	at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1271) [jsse.jar:1.8.0_45]
	at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1186) [jsse.jar:1.8.0_45]
	at org.xnio.ssl.JsseSslConduitEngine.engineWrap(JsseSslConduitEngine.java:336)
	at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:241)
	at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:113)
	at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:77)
	at io.undertow.server.protocol.http.HttpResponseConduit.processWrite(HttpResponseConduit.java:244) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.server.protocol.http.HttpResponseConduit.write(HttpResponseConduit.java:596) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.conduits.ChunkedStreamSinkConduit.doWrite(ChunkedStreamSinkConduit.java:162) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.conduits.ChunkedStreamSinkConduit.write(ChunkedStreamSinkConduit.java:126) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.conduits.ChunkedStreamSinkConduit.write(ChunkedStreamSinkConduit.java:209) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at org.xnio.conduits.ConduitStreamSinkChannel.write(ConduitStreamSinkChannel.java:158)
	at io.undertow.channels.DetachableStreamSinkChannel.write(DetachableStreamSinkChannel.java:178) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.server.HttpServerExchange$WriteDispatchChannel.write(HttpServerExchange.java:1815) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at org.xnio.channels.Channels.writeBlocking(Channels.java:152)
	at io.undertow.servlet.spec.ServletOutputStreamImpl.write(ServletOutputStreamImpl.java:184) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.servlet.spec.ServletOutputStreamImpl.write(ServletOutputStreamImpl.java:128) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at org.jboss.resteasy.plugins.server.servlet.HttpServletResponseWrapper$DeferredOutputStream.write(HttpServletResponseWrapper.java:40) [resteasy-jaxrs-3.0.10.Final.jar:]
	at org.jboss.resteasy.util.CommitHeaderOutputStream.write(CommitHeaderOutputStream.java:64) [resteasy-jaxrs-3.0.10.Final.jar:]
	at de.communication.rest.LogFilter.write(LogFilter.java:27) [classes:]
	at de.communication.rest.LogFilter$Proxy$_$$_WeldClientProxy.write(Unknown Source) [classes:]
	at org.jboss.resteasy.core.interception.WriterInterceptorRegistry$WriterInterceptorFacade.aroundWriteTo(WriterInterceptorRegistry.java:169) [resteasy-jaxrs-3.0.10.Final.jar:]
	at org.jboss.resteasy.core.interception.AbstractWriterInterceptorContext.proceed(AbstractWriterInterceptorContext.java:122) [resteasy-jaxrs-3.0.10.Final.jar:]
	at org.jboss.resteasy.security.doseta.DigitalSigningInterceptor.aroundWriteTo(DigitalSigningInterceptor.java:143) [resteasy-crypto-3.0.10.Final.jar:]
	at org.jboss.resteasy.core.interception.AbstractWriterInterceptorContext.proceed(AbstractWriterInterceptorContext.java:122) [resteasy-jaxrs-3.0.10.Final.jar:]
	at org.jboss.resteasy.plugins.interceptors.encoding.GZIPEncodingInterceptor.aroundWriteTo(GZIPEncodingInterceptor.java:100) [resteasy-jaxrs-3.0.10.Final.jar:]
	at org.jboss.resteasy.core.interception.AbstractWriterInterceptorContext.proceed(AbstractWriterInterceptorContext.java:122) [resteasy-jaxrs-3.0.10.Final.jar:]
	at org.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:99) [resteasy-jaxrs-3.0.10.Final.jar:]
	at org.jboss.resteasy.core.SynchronousDispatcher.writeResponse(SynchronousDispatcher.java:427) [resteasy-jaxrs-3.0.10.Final.jar:]
	... 32 more

Mich verwirrt sehr stark die Zeile Caused by: java.lang.ArrayIndexOutOfBoundsException denn das Array wird im Quellcode über eine ArrayList verwaltet und ist definitiv erzeugt.

Wenn jemand von euch mit diesem Fehler was anfangen kann, wäre es nett, wenn ihr mit einen kleine Tipp geben könntest, was ich hier beachten oder verändern muss.

Danke!
Grüße Hans


#2

Die ArrayIndexOutOfBoundsException kommt nicht aus deiner ArrayList, sondern aus GCMBlockCipher.doFinal, und dort wird sehr wohl mit Arrays hantiert: http://grepcode.com/file/repo1.maven.org/maven2/org.bouncycastle/bcprov-ext-jdk14/1.51/org/bouncycastle/crypto/modes/GCMBlockCipher.java


#3

Hat möglicherweise was damit zu tun: https://issues.jboss.org/browse/WFLY-3331

Welche Wildlfy-Version nutzt du denn?
Kannst du die aktuellste Java-8-Version nutzen?


#4

Ich bin in Sachen Java auf das angewiesen, was mir gestellt wird.

@Landei
Dank deines Hinweises, habe ein wenig umgedacht und geprüft, ob es hier mit den Cipher-Suiten probleme gibt. Dabei bin ich auf andere Foren-Einträge gestoßen, die auch mit bestimmten Cipher-Suiten probleme haben. Dort war die Lösung, das der HTTPS-Listener angepasst wurde. Nach der Beschreibung, habe eine Liste von Cipher-Suiten hinterlegt und seit dem treten dies Probleme nicht mehr auf. Welche Cipher-Suite hier Probleme gemacht hat, habe ich aber nicht explizit bestimmt.

<https-listener name="default-ssl" socket-binding="https" security-realm="SslRealm" enabled-cipher-suites="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"/>