サーバーの起動時または JBoss EAP vault へのアクセス時に無効な秘密鍵形式を取得する
Issue
-
EAP および
vault.sh
スクリプトは、以下の例外をスローします。java.lang.Exception: WFLYSEC0045: Exception encountered: at org.jboss.as.security.vault.VaultSession.initSecurityVault(VaultSession.java:192) at org.jboss.as.security.vault.VaultSession.startVaultSession(VaultSession.java:210) at org.jboss.as.security.vault.VaultTool.execute(VaultTool.java:193) at org.jboss.as.security.vault.VaultTool.main(VaultTool.java:83) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.modules.Module.run(Module.java:335) at org.jboss.modules.Main.main(Main.java:505) Caused by: org.jboss.security.vault.SecurityVaultException: java.lang.RuntimeException: PBOX00140: Unable to get keystore (/path/to/vault/vault.keystore) at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:210) at org.jboss.as.security.vault.VaultSession.initSecurityVault(VaultSession.java:189) ... 9 more Caused by: java.lang.RuntimeException: PBOX00140: Unable to get keystore (/path/to/vault/vault.keystore) at org.picketbox.plugins.vault.PicketBoxSecurityVault.getKeyStore(PicketBoxSecurityVault.java:691) at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:205) ... 10 more Caused by: java.io.IOException: Invalid secret key format at com.sun.crypto.provider.JceKeyStore.engineLoad(JceKeyStore.java:856) at java.security.KeyStore.load(KeyStore.java:1445) at org.picketbox.util.KeyStoreUtil.getKeyStore(KeyStoreUtil.java:201) at org.picketbox.util.KeyStoreUtil.getKeyStore(KeyStoreUtil.java:151) at org.picketbox.plugins.vault.PicketBoxSecurityVault.getKeyStore(PicketBoxSecurityVault.java:688) ... 11 more
-
Vault
を作成しようとすると、ObjectInputFilter REJECTED
のエラーがスローされます。
WFLYSEC0056: Initializing Vault
May 01, 2018 11:13:49 AM java.io.ObjectInputStream filterCheck
INFO: ObjectInputFilter REJECTED: null, array length: -1, nRefs: 1, depth: 1, bytes: 70, ex: n/a
WFLYSEC0059: Exception encountered:WFLYSEC0045: Exception encountered:
-
EAP 6.2.x (または EAP 6.0.x/6.1.x 以前) では、以下の
NullPointerException
というスタックトレースが発生しています。Caused by: org.jboss.security.vault.SecurityVaultException: java.lang.NullPointerException at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:192) at org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:82) [jboss-as-security-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14] ... 11 more Caused by: java.lang.NullPointerException at org.picketbox.plugins.vault.PicketBoxSecurityVault.checkAndConvertKeyStoreToJCEKS(PicketBoxSecurityVault.java:527) at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:189) ... 12 more
-
JBoss は vault ファイルを見つけることができないため、Zulu OpenJDK の使用を開始しません。
Vault
ファイルの場所は変更されませんでした。 -
EAP 7.2 への移行後に以下の「Invalid secret key format」エラーが発生します。
07:49:04,737 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-3) MSC000001: Failed to start service org.wildfly.security.credential-store.cred_store: org.jboss.msc.service.StartException in service org.wildfly.security.credential-store.cred_store: WFLYELY00004: Dienst kann nicht gestartet werden.
at org.wildfly.extension.elytron.CredentialStoreService.start(CredentialStoreService.java:132)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1738) [jboss-msc-1.4.5.Final-redhat-00001.jar:1.4.5.Final-redhat-00001]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1700) [jboss-msc-1.4.5.Final-redhat-00001.jar:1.4.5.Final-redhat-00001]
at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1558) [jboss-msc-1.4.5.Final-redhat-00001.jar:1.4.5.Final-redhat-00001]
at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) [jboss-threads-2.3.2.Final-redhat-1.jar:2.3.2.Final-redhat-1]
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) [jboss-threads-2.3.2.Final-redhat-1.jar:2.3.2.Final-redhat-1]
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) [jboss-threads-2.3.2.Final-redhat-1.jar:2.3.2.Final-redhat-1]
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1364) [jboss-threads-2.3.2.Final-redhat-1.jar:2.3.2.Final-redhat-1]
at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_191-1-redhat]
Caused by: org.wildfly.security.credential.store.CredentialStoreException: ELY09514: Unable to initialize credential store
at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.load(KeyStoreCredentialStore.java:871) [wildfly-elytron-1.6.1.Final-redhat-00001.jar:1.6.1.Final-redhat-00001]
at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.initialize(KeyStoreCredentialStore.java:213) [wildfly-elytron-1.6.1.Final-redhat-00001.jar:1.6.1.Final-redhat-00001]
at org.wildfly.security.credential.store.CredentialStore.initialize(CredentialStore.java:160) [wildfly-elytron-1.6.1.Final-redhat-00001.jar:1.6.1.Final-redhat-00001]
at org.wildfly.extension.elytron.CredentialStoreService.start(CredentialStoreService.java:123)
... 8 more
Caused by: java.io.IOException: Invalid secret key format
at com.sun.crypto.provider.JceKeyStore.engineLoad(JceKeyStore.java:856)
at java.security.KeyStore.load(KeyStore.java:1445) [rt.jar:1.8.0_191-1-redhat]
at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.load(KeyStoreCredentialStore.java:859) [wildfly-elytron-1.6.1.Final-redhat-00001.jar:1.6.1.Final-redhat-00001]
... 11 more
Environment
- Red Hat JBoss Enterprise Application Platform (EAP)
- 6
- 7
- Red Hat JBoss Data Grid
- 7.1.2
- 以下を含む非公開の JDK-8189997 を追加した JDK
- JDK 1.8.0_171+ (OpenJDK または Oracle JDK)
- JDK 1.7.0_181+ (OpenJDK または Oracle JDK)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.