Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-27693

[GSS](7.4.z) Credential Store failing with IBM JDK 1.8

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • 7.4.21.GA
    • None
    • Security
    • None
    • False
    • None
    • False
    • Workaround Exists
    • Hide

      The issue started since IBM JDK 8.0.8.25, please use the previous IBM JDK version 8.0.8.21 as workaround.

      Show
      The issue started since IBM JDK 8.0.8.25 , please use the previous IBM JDK version 8.0.8.21 as workaround.

      This customer created a credential store using the elytron-tool command, but when they are checking the alias added to the credential store the following exception happens:

      Exception encountered executing the command:
      org.wildfly.security.credential.store.CredentialStoreException: ELY09514: Unable to initialize credential store
      at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.load(KeyStoreCredentialStore.java:883)
      at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.initialize(KeyStoreCredentialStore.java:223)
      at org.wildfly.security.credential.store.CredentialStore.initialize(CredentialStore.java:160)
      at org.wildfly.security.tool.CredentialStoreCommand.execute(CredentialStoreCommand.java:414)
      at org.wildfly.security.tool.ElytronTool.main(ElytronTool.java:84)
      at org.jboss.modules.Module.run(Module.java:353)
      at org.jboss.modules.Module.run(Module.java:321)
      at org.jboss.modules.Main.main(Main.java:620)
      Caused by: java.io.IOException: com.ibm.crypto.provider.SealedObjectForKeyProtector
      at com.ibm.crypto.provider.JceKeyStore.engineLoad(Unknown Source)
      at java.security.KeyStore.load(KeyStore.java:1460)
      at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.load(KeyStoreCredentialStore.java:871)
      ... 7 more

       

      [ENVIRONMENT]

      • RHEL 9.4
      • EAP 7.4.17
      • IBM JDK 1.8

       

      $ java -version
      java version "1.8.0_411"
      Java(TM) SE Runtime Environment (build 8.0.8.26 - pxa6480sr8fp26-20240529_01(SR8 FP26))
      IBM J9 VM (build 2.9, JRE 1.8.0 Linux amd64-64-Bit Compressed References 20240521_71397 (JIT enabled, AOT enabled)
      OpenJ9 - 2a35f43
      OMR - f3321fd
      IBM - a05ee94)
      JCL - 20240322_01 based on Oracle jdk8u411-b09
      

       

      [STEPS TO REPRODUCE]

      1. RPM downloaded from IBM
          [https://www.ibm.com/support/pages/java-sdk-downloads-version-80|https://www.ibm.com/support/pages/java-sdk-downloads-version-80|https://www.ibm.com/support/pages/java-sdk-downloads-version-80]

      2. Install IBM JDK 1.8

          $ chmod a+x ibm-java-x86_64-sdk-8.0-8.26.x86_64.rpm
          $ sudo rpm -i ibm-java-x86_64-sdk-8.0-8.26.x86_64.rpm

      3. Add the JAVA_HOME to the .bashrc

          $ source .bashrc

      4. Create an EAP server base dir for the test (optional)

          $ cp -rf standalone/ ibmjdk

      5. Start up EAP

          $ bin/standalone.sh -Djboss.server.base.dir=ibmjdk

      6. Create the credential store

          $ bin/elytron-tool.sh credential-store --create --location "/opt/jboss/eap7417/ibmjdk/configuration/csStoreIBM.jceks" --password redhat01
      Credential Store has been successfully created

      7. Add an alias to the credential store

          $ bin/elytron-tool.sh credential-store --create --location "/opt/jboss/eap7417/ibmjdk/configuration/csStoreIBM.jceks" --password redhat01 --add myalias --secret supersecret
      Alias "myalias" has been successfully stored

      8. Check the alias added

          $ bin/elytron-tool.sh credential-store --create --location "/opt/jboss/eap7417/ibmjdk/configuration/csStoreIBM.jceks" --password redhat01 --exists myalias
      Exception encountered executing the command:
      ELY09514: Unable to initialize credential store

      9. Getting more verbose log

          $ bin/elytron-tool.sh credential-store --create --location "/opt/jboss/eap7417/ibmjdk/configuration/csStoreIBM.jceks" --password redhat01 --exists myalias --debug

      Exception encountered executing the command:
      org.wildfly.security.credential.store.CredentialStoreException: ELY09514: Unable to initialize credential store
      at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.load(KeyStoreCredentialStore.java:883)
      at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.initialize(KeyStoreCredentialStore.java:223)
      at org.wildfly.security.credential.store.CredentialStore.initialize(CredentialStore.java:160)
      at org.wildfly.security.tool.CredentialStoreCommand.execute(CredentialStoreCommand.java:414)
      at org.wildfly.security.tool.ElytronTool.main(ElytronTool.java:84)
      at org.jboss.modules.Module.run(Module.java:353)
      at org.jboss.modules.Module.run(Module.java:321)
      at org.jboss.modules.Main.main(Main.java:620)
      Caused by: java.io.IOException: com.ibm.crypto.provider.SealedObjectForKeyProtector
      at com.ibm.crypto.provider.JceKeyStore.engineLoad(Unknown Source)
      at java.security.KeyStore.load(KeyStore.java:1460)
      at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.load(KeyStoreCredentialStore.java:871)
      ... 7 more
      

       

      Workaround:

      The issue started since IBM JDK 8.0.8.25, please use the previous IBM JDK version 8.0.8.21 as workaround.

            rhn-support-ivassile Ilia Vassilev
            fgonzale@redhat.com Fernando Gonzalez Castellanos
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated: