Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.1.0.ER1
Affects Version/s: 7.0.0.ER7
Component/s: Security
Labels:
- fips
- providers
- ssl

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.1.0.GA

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Administrator can't configure PKCS11 keystore in 2 realms. When he tries EAP doesn't start. It can cause problems in case there is such need, because of one realm used in one subsystem have to be set in different way than realm used in another subsystem.

09:58:03,331 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-8) MSC000001: Failed to start service jboss.server.controller.management.security_realm.FIPSManagementRealm2.key-manager: org.jboss.msc.service.StartException in service jboss.server.controller.management.security_realm.FIPSManagementRealm2.key-manager: Failed to start service
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1904)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.security.ProviderException: java.security.KeyStoreException: invalid KeyStore state: found 2 private keys sharing CKA_ID 0xf5e418eec534a3d05757b86500595eb919698f2d
	at sun.security.pkcs11.P11KeyStore.engineGetKey(P11KeyStore.java:330)
	at java.security.KeyStore.getKey(KeyStore.java:1023)
	at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:133)
	at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:70)
	at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256)
	at org.jboss.as.domain.management.security.AbstractKeyManagerService.createKeyManagers(AbstractKeyManagerService.java:121)
	at org.jboss.as.domain.management.security.AbstractKeyManagerService.start(AbstractKeyManagerService.java:83)
	at org.jboss.as.domain.management.security.ProviderKeyManagerService.start(ProviderKeyManagerService.java:71)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)
	... 3 more
Caused by: java.security.KeyStoreException: invalid KeyStore state: found 2 private keys sharing CKA_ID 0xf5e418eec534a3d05757b86500595eb919698f2d
	at sun.security.pkcs11.P11KeyStore.getTokenObject(P11KeyStore.java:2235)
	at sun.security.pkcs11.P11KeyStore.engineGetKey(P11KeyStore.java:310)
	... 12 more

REPRODUCER
1.

/core-service=management/security-realm=FIPSManagementRealm:add
/core-service=management/security-realm=FIPSManagementRealm/server-identity=ssl:add(keystore-provider=PKCS11, keystore-password=pass123+)

/core-service=management/security-realm=FIPSManagementRealm2:add
/core-service=management/security-realm=FIPSManagementRealm2/server-identity=ssl:add(keystore-provider=PKCS11, keystore-password=pass123+)

reload 

shutdown --restart=true

2.
There is error in log "KeyStoreException: invalid KeyStore state: found 2 private keys sharing CKA_ID"

blocks

JBEAP-4120 FIPS mode issues

Resolved

Assignee:: Unassigned

Reporter:: Martin Choma

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2016/04/01 4:13 AM

Updated:: 2021/10/24 6:41 AM

Resolved:: 2017/07/04 4:16 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates