This customer created a credential store using the elytron-tool command, but when they are checking the alias added to the credential store the following exception happens:
Exception encountered executing the command: org.wildfly.security.credential.store.CredentialStoreException: ELY09514: Unable to initialize credential store at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.load(KeyStoreCredentialStore.java:883) at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.initialize(KeyStoreCredentialStore.java:223) at org.wildfly.security.credential.store.CredentialStore.initialize(CredentialStore.java:160) at org.wildfly.security.tool.CredentialStoreCommand.execute(CredentialStoreCommand.java:414) at org.wildfly.security.tool.ElytronTool.main(ElytronTool.java:84) at org.jboss.modules.Module.run(Module.java:353) at org.jboss.modules.Module.run(Module.java:321) at org.jboss.modules.Main.main(Main.java:620) Caused by: java.io.IOException: com.ibm.crypto.provider.SealedObjectForKeyProtector at com.ibm.crypto.provider.JceKeyStore.engineLoad(Unknown Source) at java.security.KeyStore.load(KeyStore.java:1460) at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.load(KeyStoreCredentialStore.java:871) ... 7 more
[ENVIRONMENT]
- RHEL 9.4
- EAP 7.4.17
- IBM JDK 1.8
$ java -version java version "1.8.0_411" Java(TM) SE Runtime Environment (build 8.0.8.26 - pxa6480sr8fp26-20240529_01(SR8 FP26)) IBM J9 VM (build 2.9, JRE 1.8.0 Linux amd64-64-Bit Compressed References 20240521_71397 (JIT enabled, AOT enabled) OpenJ9 - 2a35f43 OMR - f3321fd IBM - a05ee94) JCL - 20240322_01 based on Oracle jdk8u411-b09
[STEPS TO REPRODUCE]
1. RPM downloaded from IBM
[https://www.ibm.com/support/pages/java-sdk-downloads-version-80|https://www.ibm.com/support/pages/java-sdk-downloads-version-80|https://www.ibm.com/support/pages/java-sdk-downloads-version-80]
2. Install IBM JDK 1.8
$ chmod a+x ibm-java-x86_64-sdk-8.0-8.26.x86_64.rpm
$ sudo rpm -i ibm-java-x86_64-sdk-8.0-8.26.x86_64.rpm
3. Add the JAVA_HOME to the .bashrc
$ source .bashrc
4. Create an EAP server base dir for the test (optional)
$ cp -rf standalone/ ibmjdk
5. Start up EAP
$ bin/standalone.sh -Djboss.server.base.dir=ibmjdk
6. Create the credential store
$ bin/elytron-tool.sh credential-store --create --location "/opt/jboss/eap7417/ibmjdk/configuration/csStoreIBM.jceks" --password redhat01
Credential Store has been successfully created
7. Add an alias to the credential store
$ bin/elytron-tool.sh credential-store --create --location "/opt/jboss/eap7417/ibmjdk/configuration/csStoreIBM.jceks" --password redhat01 --add myalias --secret supersecret
Alias "myalias" has been successfully stored
8. Check the alias added
$ bin/elytron-tool.sh credential-store --create --location "/opt/jboss/eap7417/ibmjdk/configuration/csStoreIBM.jceks" --password redhat01 --exists myalias
Exception encountered executing the command:
ELY09514: Unable to initialize credential store
9. Getting more verbose log
$ bin/elytron-tool.sh credential-store --create --location "/opt/jboss/eap7417/ibmjdk/configuration/csStoreIBM.jceks" --password redhat01 --exists myalias --debug
Exception encountered executing the command: org.wildfly.security.credential.store.CredentialStoreException: ELY09514: Unable to initialize credential store at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.load(KeyStoreCredentialStore.java:883) at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.initialize(KeyStoreCredentialStore.java:223) at org.wildfly.security.credential.store.CredentialStore.initialize(CredentialStore.java:160) at org.wildfly.security.tool.CredentialStoreCommand.execute(CredentialStoreCommand.java:414) at org.wildfly.security.tool.ElytronTool.main(ElytronTool.java:84) at org.jboss.modules.Module.run(Module.java:353) at org.jboss.modules.Module.run(Module.java:321) at org.jboss.modules.Main.main(Main.java:620) Caused by: java.io.IOException: com.ibm.crypto.provider.SealedObjectForKeyProtector at com.ibm.crypto.provider.JceKeyStore.engineLoad(Unknown Source) at java.security.KeyStore.load(KeyStore.java:1460) at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.load(KeyStoreCredentialStore.java:871) ... 7 more
Workaround:
The issue started since IBM JDK 8.0.8.25, please use the previous IBM JDK version 8.0.8.21 as workaround.