[jboss-jira] [JBoss JIRA] (ELY-1308) Alias from dependent credential store is not avalaible on server start

[Jan Kalina (JIRA)]

     [ https://issues.jboss.org/browse/ELY-1308?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jan Kalina updated ELY-1308:
----------------------------
    Description: 
BouncyCastle external CredentialStore fail to store secret:
{code}
KeyStoreCredentialStore: flushing failed: java.lang.NullPointerException
	at org.bouncycastle.jcajce.provider.BaseCipher.engineGetParameters(Unknown Source)
	at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1020)
	at javax.crypto.Cipher.init(Cipher.java:1245)
	at javax.crypto.Cipher.init(Cipher.java:1186)
	at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore$ExternalStorage.saveSecretKey(KeyStoreCredentialStore.java:1299)
	at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore$ExternalStorage.store(KeyStoreCredentialStore.java:1283)
	at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.flush(KeyStoreCredentialStore.java:779)
	at org.wildfly.security.credential.store.CredentialStore.flush(CredentialStore.java:364)
	at org.wildfly.extension.elytron.CredentialStoreResourceDefinition.storeSecret(CredentialStoreResourceDefinition.java:517)
{code}

  was:
Testing BouncyCastle external store. Intermittently (25% in lab, 0% locally) it happens alias from dependent credential store is not avalaible on server start.

{code}
15:17:33,317 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC000001: Failed to start service org.wildfly.security.credential-store.fips-credential-store: org.jboss.msc.service.StartException in service org.wildfly.security.credential-store.fips-credential-store: WFLYELY00004: Unable to start the service.
	at org.wildfly.extension.elytron.CredentialStoreService.start(CredentialStoreService.java:134)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: org.wildfly.security.credential.store.CredentialStoreException: ELY09514: Unable to initialize credential store
	at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.getKeyStoreInstance(KeyStoreCredentialStore.java:921)
	at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.setupExternalStorage(KeyStoreCredentialStore.java:930)
	at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.load(KeyStoreCredentialStore.java:821)
	at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.initialize(KeyStoreCredentialStore.java:213)
	at org.wildfly.security.credential.store.CredentialStore.initialize(CredentialStore.java:159)
	at org.wildfly.extension.elytron.CredentialStoreService.start(CredentialStoreService.java:126)
	... 5 more
Caused by: java.security.KeyStoreException: BCFKS not found
	at java.security.KeyStore.getInstance(KeyStore.java:851)
	at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.getKeyStoreInstance(KeyStoreCredentialStore.java:919)
	... 10 more
Caused by: java.security.NoSuchAlgorithmException: BCFKS KeyStore not available
	at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
	at java.security.Security.getImpl(Security.java:695)
	at java.security.KeyStore.getInstance(KeyStore.java:848)
	... 11 more
{code}

Could that be problem of "late" required service start?

Although, I don't see similar problem with default JKES credential store, neither PKCS11 external credential store. PKCS11 store is however special case, because is loaded once per jvm.

Could that be problem of external credential store with file based keystore?


[1] https://jenkins.hosts.mwqe.eng.bos.redhat.com/hudson/view/EAP7/view/EAP7-Security/view/EAP-7.x-FIPS-mode/job/eap-7x-security-fips-matrix/163/testReport/




> Alias from dependent credential store is not avalaible on server start
> ----------------------------------------------------------------------
>
>                 Key: ELY-1308
>                 URL: https://issues.jboss.org/browse/ELY-1308
>             Project: WildFly Elytron
>          Issue Type: Bug
>          Components: Credential Store
>    Affects Versions: 1.1.0.CR2
>            Reporter: Jan Kalina
>            Assignee: Jan Kalina
>            Priority: Critical
>
> BouncyCastle external CredentialStore fail to store secret:
> {code}
> KeyStoreCredentialStore: flushing failed: java.lang.NullPointerException
> 	at org.bouncycastle.jcajce.provider.BaseCipher.engineGetParameters(Unknown Source)
> 	at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1020)
> 	at javax.crypto.Cipher.init(Cipher.java:1245)
> 	at javax.crypto.Cipher.init(Cipher.java:1186)
> 	at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore$ExternalStorage.saveSecretKey(KeyStoreCredentialStore.java:1299)
> 	at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore$ExternalStorage.store(KeyStoreCredentialStore.java:1283)
> 	at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.flush(KeyStoreCredentialStore.java:779)
> 	at org.wildfly.security.credential.store.CredentialStore.flush(CredentialStore.java:364)
> 	at org.wildfly.extension.elytron.CredentialStoreResourceDefinition.storeSecret(CredentialStoreResourceDefinition.java:517)
> {code}



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)