[jboss-jira] [JBoss JIRA] (WFCORE-2879) UnrecoverableKeyException: Cannot recover key when using Credential Reference

Jan Kalina (JIRA) issues at jboss.org
Mon May 29 07:03:00 EDT 2017 

     [ https://issues.jboss.org/browse/WFCORE-2879?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jan Kalina reassigned WFCORE-2879:
----------------------------------

    Assignee: Jan Kalina  (was: Darran Lofthouse)


> UnrecoverableKeyException: Cannot recover key when using Credential Reference
> -----------------------------------------------------------------------------
>
>                 Key: WFCORE-2879
>                 URL: https://issues.jboss.org/browse/WFCORE-2879
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Security
>            Reporter: Martin Choma
>            Assignee: Jan Kalina
>            Priority: Blocker
>
> Unable to configure ssl using credential reference.
>  
> {code:server.log}
> 08:00:24,687 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.core.management.security.realm.ManagementWebRealmCr.key-manager: org.jboss.msc.service.StartException in service org.wildfly.core.management.security.realm.ManagementWebRealmCr.key-manager: WFLYDM0018: Unable to start service
> 	at org.jboss.as.domain.management.security.AbstractKeyManagerService.start(AbstractKeyManagerService.java:91)
> 	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)
> 	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> 	at java.lang.Thread.run(Thread.java:745)
> Caused by: java.security.UnrecoverableKeyException: Cannot recover key
> 	at sun.security.provider.KeyProtector.recover(KeyProtector.java:328)
> 	at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:146)
> 	at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:56)
> 	at sun.security.provider.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:96)
> 	at sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetKey(JavaKeyStore.java:70)
> 	at java.security.KeyStore.getKey(KeyStore.java:1023)
> 	at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:133)
> 	at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:70)
> 	at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256)
> 	at org.jboss.as.domain.management.security.AbstractKeyManagerService.createKeyManagers(AbstractKeyManagerService.java:136)
> 	at org.jboss.as.domain.management.security.AbstractKeyManagerService.start(AbstractKeyManagerService.java:89)
> 	... 5 more
> 08:00:24,692 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-7) WFLYUT0006: Undertow HTTPS listener https listening on 127.0.0.1:8443
> 08:00:24,696 INFO  [org.jboss.ws.common.management] (MSC service thread 1-4) JBWS022052: Starting JBossWS 5.1.8.Final-redhat-1 (Apache CXF 3.1.11.redhat-1) 
> 08:00:24,702 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
>     ("core-service" => "management"),
>     ("security-realm" => "ManagementWebRealmCr")
> ]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.core.management.security.realm.ManagementWebRealmCr.key-manager" => "WFLYDM0018: Unable to start service
>     Caused by: java.security.UnrecoverableKeyException: Cannot recover key"}}
> {code}
> When I use {{key-password}} instead of {{key-password-credential-reference}} I am able to make it work.
> {code}
> /core-service=management/security-realm=ManagementWebRealmCr/server-identity=ssl:add(keystore-path=server.keystore, keystore-relative-to=jboss.server.config.dir,keystore-password-credential-reference={clear-text=123456}, key-password=123456)
> {code}
> Note, I also get UnrecoverableKeyException: Cannot recover key when I don't specify key-password nor key-password-credential-reference. 
> {code}
> /core-service=management/security-realm=ManagementWebRealmCr/server-identity=ssl:add(keystore-path=server.keystore, keystore-relative-to=jboss.server.config.dir,keystore-password-credential-reference={clear-text=123456})
> {code}
> In legacy if {{key-password}} is ommitted {{keystore-password}} is used instead.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list