[jboss-jira] [JBoss JIRA] (ELY-1308) Alias from dependent credential store is not avalaible on server start
Jan Kalina (JIRA)
issues at jboss.org
Tue Jul 25 09:44:00 EDT 2017
[ https://issues.jboss.org/browse/ELY-1308?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jan Kalina moved JBEAP-12335 to ELY-1308:
-----------------------------------------
Project: WildFly Elytron (was: JBoss Enterprise Application Platform)
Key: ELY-1308 (was: JBEAP-12335)
Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1)
Component/s: Credential Store
(was: Security)
Affects Version/s: 1.1.0.CR2
(was: 7.1.0.ER1)
> Alias from dependent credential store is not avalaible on server start
> ----------------------------------------------------------------------
>
> Key: ELY-1308
> URL: https://issues.jboss.org/browse/ELY-1308
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Credential Store
> Affects Versions: 1.1.0.CR2
> Reporter: Jan Kalina
> Assignee: Jan Kalina
> Priority: Critical
>
> Testing BouncyCastle external store. Intermittently (25% in lab, 0% locally) it happens alias from dependent credential store is not avalaible on server start.
> {code}
> 15:17:33,317 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC000001: Failed to start service org.wildfly.security.credential-store.fips-credential-store: org.jboss.msc.service.StartException in service org.wildfly.security.credential-store.fips-credential-store: WFLYELY00004: Unable to start the service.
> at org.wildfly.extension.elytron.CredentialStoreService.start(CredentialStoreService.java:134)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: org.wildfly.security.credential.store.CredentialStoreException: ELY09514: Unable to initialize credential store
> at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.getKeyStoreInstance(KeyStoreCredentialStore.java:921)
> at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.setupExternalStorage(KeyStoreCredentialStore.java:930)
> at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.load(KeyStoreCredentialStore.java:821)
> at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.initialize(KeyStoreCredentialStore.java:213)
> at org.wildfly.security.credential.store.CredentialStore.initialize(CredentialStore.java:159)
> at org.wildfly.extension.elytron.CredentialStoreService.start(CredentialStoreService.java:126)
> ... 5 more
> Caused by: java.security.KeyStoreException: BCFKS not found
> at java.security.KeyStore.getInstance(KeyStore.java:851)
> at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.getKeyStoreInstance(KeyStoreCredentialStore.java:919)
> ... 10 more
> Caused by: java.security.NoSuchAlgorithmException: BCFKS KeyStore not available
> at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
> at java.security.Security.getImpl(Security.java:695)
> at java.security.KeyStore.getInstance(KeyStore.java:848)
> ... 11 more
> {code}
> Could that be problem of "late" required service start?
> Although, I don't see similar problem with default JKES credential store, neither PKCS11 external credential store. PKCS11 store is however special case, because is loaded once per jvm.
> Could that be problem of external credential store with file based keystore?
> [1] https://jenkins.hosts.mwqe.eng.bos.redhat.com/hudson/view/EAP7/view/EAP7-Security/view/EAP-7.x-FIPS-mode/job/eap-7x-security-fips-matrix/163/testReport/
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list