Warning message

This translation is outdated. For the most up-to-date information, please refer to the English version.

サーバーの起動時または JBoss EAP vault へのアクセス時に無効な秘密鍵形式を取得する

Solution Verified - Updated -

Issue

  • EAP および vault.sh スクリプトは、以下の例外をスローします。

    java.lang.Exception: WFLYSEC0045: Exception encountered:
        at org.jboss.as.security.vault.VaultSession.initSecurityVault(VaultSession.java:192)
        at org.jboss.as.security.vault.VaultSession.startVaultSession(VaultSession.java:210)
        at org.jboss.as.security.vault.VaultTool.execute(VaultTool.java:193)
        at org.jboss.as.security.vault.VaultTool.main(VaultTool.java:83)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.jboss.modules.Module.run(Module.java:335)
        at org.jboss.modules.Main.main(Main.java:505)
    Caused by: org.jboss.security.vault.SecurityVaultException: java.lang.RuntimeException: PBOX00140: Unable to get keystore (/path/to/vault/vault.keystore)
        at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:210)
        at org.jboss.as.security.vault.VaultSession.initSecurityVault(VaultSession.java:189)
        ... 9 more
    Caused by: java.lang.RuntimeException: PBOX00140: Unable to get keystore (/path/to/vault/vault.keystore)
        at org.picketbox.plugins.vault.PicketBoxSecurityVault.getKeyStore(PicketBoxSecurityVault.java:691)
        at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:205)
        ... 10 more
    Caused by: java.io.IOException: Invalid secret key format
        at com.sun.crypto.provider.JceKeyStore.engineLoad(JceKeyStore.java:856)
        at java.security.KeyStore.load(KeyStore.java:1445)
        at org.picketbox.util.KeyStoreUtil.getKeyStore(KeyStoreUtil.java:201)
        at org.picketbox.util.KeyStoreUtil.getKeyStore(KeyStoreUtil.java:151)
        at org.picketbox.plugins.vault.PicketBoxSecurityVault.getKeyStore(PicketBoxSecurityVault.java:688)
        ... 11 more
    
  • Vault を作成しようとすると、ObjectInputFilter REJECTED のエラーがスローされます。

        WFLYSEC0056: Initializing Vault
        May 01, 2018 11:13:49 AM java.io.ObjectInputStream filterCheck
        INFO: ObjectInputFilter REJECTED: null, array length: -1, nRefs: 1, depth: 1, bytes: 70, ex: n/a
        WFLYSEC0059: Exception encountered:WFLYSEC0045: Exception encountered:
  • EAP 6.2.x (または EAP 6.0.x/6.1.x 以前) では、以下の NullPointerException というスタックトレースが発生しています。

    Caused by: org.jboss.security.vault.SecurityVaultException: java.lang.NullPointerException
           at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:192)
           at org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:82) [jboss-as-security-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
           ... 11 more
     Caused by: java.lang.NullPointerException
           at org.picketbox.plugins.vault.PicketBoxSecurityVault.checkAndConvertKeyStoreToJCEKS(PicketBoxSecurityVault.java:527)
           at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:189)
           ... 12 more
    
  • JBoss は vault ファイルを見つけることができないため、Zulu OpenJDK の使用を開始しません。Vault ファイルの場所は変更されませんでした。

  • EAP 7.2 への移行後に以下の「Invalid secret key format」エラーが発生します。

07:49:04,737 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-3) MSC000001: Failed to start service org.wildfly.security.credential-store.cred_store: org.jboss.msc.service.StartException in service org.wildfly.security.credential-store.cred_store: WFLYELY00004: Dienst kann nicht gestartet werden.
        at org.wildfly.extension.elytron.CredentialStoreService.start(CredentialStoreService.java:132)
        at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1738) [jboss-msc-1.4.5.Final-redhat-00001.jar:1.4.5.Final-redhat-00001]
        at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1700) [jboss-msc-1.4.5.Final-redhat-00001.jar:1.4.5.Final-redhat-00001]
        at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1558) [jboss-msc-1.4.5.Final-redhat-00001.jar:1.4.5.Final-redhat-00001]
        at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) [jboss-threads-2.3.2.Final-redhat-1.jar:2.3.2.Final-redhat-1]
        at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) [jboss-threads-2.3.2.Final-redhat-1.jar:2.3.2.Final-redhat-1]
        at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) [jboss-threads-2.3.2.Final-redhat-1.jar:2.3.2.Final-redhat-1]
        at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1364) [jboss-threads-2.3.2.Final-redhat-1.jar:2.3.2.Final-redhat-1]
        at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_191-1-redhat]
Caused by: org.wildfly.security.credential.store.CredentialStoreException: ELY09514: Unable to initialize credential store
        at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.load(KeyStoreCredentialStore.java:871) [wildfly-elytron-1.6.1.Final-redhat-00001.jar:1.6.1.Final-redhat-00001]
        at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.initialize(KeyStoreCredentialStore.java:213) [wildfly-elytron-1.6.1.Final-redhat-00001.jar:1.6.1.Final-redhat-00001]
        at org.wildfly.security.credential.store.CredentialStore.initialize(CredentialStore.java:160) [wildfly-elytron-1.6.1.Final-redhat-00001.jar:1.6.1.Final-redhat-00001]
        at org.wildfly.extension.elytron.CredentialStoreService.start(CredentialStoreService.java:123)
        ... 8 more
Caused by: java.io.IOException: Invalid secret key format
        at com.sun.crypto.provider.JceKeyStore.engineLoad(JceKeyStore.java:856)
        at java.security.KeyStore.load(KeyStore.java:1445) [rt.jar:1.8.0_191-1-redhat]
        at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.load(KeyStoreCredentialStore.java:859) [wildfly-elytron-1.6.1.Final-redhat-00001.jar:1.6.1.Final-redhat-00001]
        ... 11 more

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 6
    • 7
  • Red Hat JBoss Data Grid
    • 7.1.2
  • 以下を含む非公開の JDK-8189997 を追加した JDK
    • JDK 1.8.0_171+ (OpenJDK または Oracle JDK)
    • JDK 1.7.0_181+ (OpenJDK または Oracle JDK)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In