Translated message

A translation of this page exists in English.

サーバーの起動時または JBoss EAP vault へのアクセス時に無効な秘密鍵形式を取得する

Solution Verified - Updated -

Issue

  • EAP および vault.sh スクリプトは、以下の例外をスローします。

    java.lang.Exception: WFLYSEC0045: Exception encountered:
        at org.jboss.as.security.vault.VaultSession.initSecurityVault(VaultSession.java:192)
        at org.jboss.as.security.vault.VaultSession.startVaultSession(VaultSession.java:210)
        at org.jboss.as.security.vault.VaultTool.execute(VaultTool.java:193)
        at org.jboss.as.security.vault.VaultTool.main(VaultTool.java:83)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.jboss.modules.Module.run(Module.java:335)
        at org.jboss.modules.Main.main(Main.java:505)
    Caused by: org.jboss.security.vault.SecurityVaultException: java.lang.RuntimeException: PBOX00140: Unable to get keystore (/path/to/vault/vault.keystore)
        at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:210)
        at org.jboss.as.security.vault.VaultSession.initSecurityVault(VaultSession.java:189)
        ... 9 more
    Caused by: java.lang.RuntimeException: PBOX00140: Unable to get keystore (/path/to/vault/vault.keystore)
        at org.picketbox.plugins.vault.PicketBoxSecurityVault.getKeyStore(PicketBoxSecurityVault.java:691)
        at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:205)
        ... 10 more
    Caused by: java.io.IOException: Invalid secret key format
        at com.sun.crypto.provider.JceKeyStore.engineLoad(JceKeyStore.java:856)
        at java.security.KeyStore.load(KeyStore.java:1445)
        at org.picketbox.util.KeyStoreUtil.getKeyStore(KeyStoreUtil.java:201)
        at org.picketbox.util.KeyStoreUtil.getKeyStore(KeyStoreUtil.java:151)
        at org.picketbox.plugins.vault.PicketBoxSecurityVault.getKeyStore(PicketBoxSecurityVault.java:688)
        ... 11 more
    
  • Vault を作成しようとすると、ObjectInputFilter REJECTED のエラーがスローされます。

        WFLYSEC0056: Initializing Vault
        May 01, 2018 11:13:49 AM java.io.ObjectInputStream filterCheck
        INFO: ObjectInputFilter REJECTED: null, array length: -1, nRefs: 1, depth: 1, bytes: 70, ex: n/a
        WFLYSEC0059: Exception encountered:WFLYSEC0045: Exception encountered:
  • EAP 6.2.x (または EAP 6.0.x/6.1.x 以前) では、以下の NullPointerException というスタックトレースが発生しています。

    Caused by: org.jboss.security.vault.SecurityVaultException: java.lang.NullPointerException
           at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:192)
           at org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:82) [jboss-as-security-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
           ... 11 more
     Caused by: java.lang.NullPointerException
           at org.picketbox.plugins.vault.PicketBoxSecurityVault.checkAndConvertKeyStoreToJCEKS(PicketBoxSecurityVault.java:527)
           at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:189)
           ... 12 more
    
  • JBoss は vault ファイルを見つけることができないため、Zulu OpenJDK の使用を開始しません。Vault ファイルの場所は変更されませんでした。

  • EAP 7.2 への移行後に以下の「Invalid secret key format」エラーが発生します。

07:49:04,737 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-3) MSC000001: Failed to start service org.wildfly.security.credential-store.cred_store: org.jboss.msc.service.StartException in service org.wildfly.security.credential-store.cred_store: WFLYELY00004: Dienst kann nicht gestartet werden.
        at org.wildfly.extension.elytron.CredentialStoreService.start(CredentialStoreService.java:132)
        at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1738) [jboss-msc-1.4.5.Final-redhat-00001.jar:1.4.5.Final-redhat-00001]
        at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1700) [jboss-msc-1.4.5.Final-redhat-00001.jar:1.4.5.Final-redhat-00001]
        at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1558) [jboss-msc-1.4.5.Final-redhat-00001.jar:1.4.5.Final-redhat-00001]
        at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) [jboss-threads-2.3.2.Final-redhat-1.jar:2.3.2.Final-redhat-1]
        at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) [jboss-threads-2.3.2.Final-redhat-1.jar:2.3.2.Final-redhat-1]
        at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) [jboss-threads-2.3.2.Final-redhat-1.jar:2.3.2.Final-redhat-1]
        at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1364) [jboss-threads-2.3.2.Final-redhat-1.jar:2.3.2.Final-redhat-1]
        at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_191-1-redhat]
Caused by: org.wildfly.security.credential.store.CredentialStoreException: ELY09514: Unable to initialize credential store
        at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.load(KeyStoreCredentialStore.java:871) [wildfly-elytron-1.6.1.Final-redhat-00001.jar:1.6.1.Final-redhat-00001]
        at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.initialize(KeyStoreCredentialStore.java:213) [wildfly-elytron-1.6.1.Final-redhat-00001.jar:1.6.1.Final-redhat-00001]
        at org.wildfly.security.credential.store.CredentialStore.initialize(CredentialStore.java:160) [wildfly-elytron-1.6.1.Final-redhat-00001.jar:1.6.1.Final-redhat-00001]
        at org.wildfly.extension.elytron.CredentialStoreService.start(CredentialStoreService.java:123)
        ... 8 more
Caused by: java.io.IOException: Invalid secret key format
        at com.sun.crypto.provider.JceKeyStore.engineLoad(JceKeyStore.java:856)
        at java.security.KeyStore.load(KeyStore.java:1445) [rt.jar:1.8.0_191-1-redhat]
        at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.load(KeyStoreCredentialStore.java:859) [wildfly-elytron-1.6.1.Final-redhat-00001.jar:1.6.1.Final-redhat-00001]
        ... 11 more

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 6
    • 7
  • Red Hat JBoss Data Grid
    • 7.1.2
  • 以下を含む非公開の JDK-8189997 を追加した JDK
    • JDK 1.8.0_171+ (OpenJDK または Oracle JDK)
    • JDK 1.7.0_181+ (OpenJDK または Oracle JDK)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content