Uploaded image for project: 'Red Hat Data Grid'
  1. Red Hat Data Grid
  2. JDG-5410

Client cert fails with tls.key and tls.crt

    XMLWordPrintable

Details

    Description

      If a user specifies client cert and uses a keystore with the tls.key and tls.crt keys, then the server fails to start with the following exception:

      0:45:13,831 FATAL (main) [org.infinispan.SERVER] ISPN080028: Infinispan Server failed to start org.infinispan.commons.CacheConfigurationException: java.lang.IllegalArgumentException: ISPN080046: Unknown credential store 'credentials'
	at org.infinispan.manager.DefaultCacheManager.<init>(DefaultCacheManager.java:402)
	at org.infinispan.server.Server.run(Server.java:382)
	at org.infinispan.server.Bootstrap.runInternal(Bootstrap.java:165)
	at org.infinispan.server.tool.Main.run(Main.java:98)
	at org.infinispan.server.Bootstrap.main(Bootstrap.java:50)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.infinispan.server.loader.Loader.run(Loader.java:106)
	at org.infinispan.server.loader.Loader.main(Loader.java:51)
Caused by: java.lang.IllegalArgumentException: ISPN080046: Unknown credential store 'credentials'
	at org.infinispan.server.configuration.security.CredentialStoresConfiguration.getCredential(CredentialStoresConfiguration.java:52)
	at org.infinispan.server.configuration.security.CredentialStoresConfiguration.getCredential(CredentialStoresConfiguration.java:37)
	at org.infinispan.server.configuration.security.CredentialStoresConfigurationBuilder$CredentialSupplier.get(CredentialStoresConfigurationBuilder.java:72)
	at org.infinispan.server.configuration.security.CredentialStoresConfigurationBuilder$CredentialSupplier.get(CredentialStoresConfigurationBuilder.java:60)
	at org.infinispan.server.configuration.security.TrustStoreConfiguration.trustStore(TrustStoreConfiguration.java:53)
	at org.infinispan.server.configuration.security.TrustStoreConfiguration.build(TrustStoreConfiguration.java:64)
	at org.infinispan.server.configuration.security.SSLConfiguration.build(SSLConfiguration.java:40)
	at org.infinispan.server.configuration.security.RealmConfiguration.init(RealmConfiguration.java:111)
	at org.infinispan.server.configuration.security.RealmsConfiguration.init(RealmsConfiguration.java:33)
	at org.infinispan.server.configuration.security.SecurityConfiguration.<init>(SecurityConfiguration.java:17)
	at org.infinispan.server.configuration.security.SecurityConfigurationBuilder.create(SecurityConfigurationBuilder.java:37)
	at org.infinispan.server.configuration.ServerConfigurationBuilder.create(ServerConfigurationBuilder.java:70)
	at org.infinispan.server.configuration.ServerConfigurationBuilder.create(ServerConfigurationBuilder.java:21)
	at org.infinispan.configuration.global.GlobalConfigurationBuilder.build(GlobalConfigurationBuilder.java:267)
	at org.infinispan.configuration.ConfigurationManager.<init>(ConfigurationManager.java:39)
	at org.infinispan.manager.DefaultCacheManager.<init>(DefaultCacheManager.java:375)
	... 10 more

10:45:13,834 FATAL (main) [org.infinispan.SERVER] ISPN080028: Infinispan Server failed to start java.util.concurrent.ExecutionException: org.infinispan.commons.CacheConfigurationException: java.lang.IllegalArgumentException: ISPN080046: Unknown credential store 'credentials'
	at java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:395)
	at java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:1999)
	at org.infinispan.server.Bootstrap.runInternal(Bootstrap.java:165)
	at org.infinispan.server.tool.Main.run(Main.java:98)
	at org.infinispan.server.Bootstrap.main(Bootstrap.java:50)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.infinispan.server.loader.Loader.run(Loader.java:106)
	at org.infinispan.server.loader.Loader.main(Loader.java:51)
Caused by: org.infinispan.commons.CacheConfigurationException: java.lang.IllegalArgumentException: ISPN080046: Unknown credential store 'credentials'
	at org.infinispan.manager.DefaultCacheManager.<init>(DefaultCacheManager.java:402)
	at org.infinispan.server.Server.run(Server.java:382)
	... 9 more
	Suppressed: java.lang.NullPointerException
		at org.infinispan.server.SecurityActions.lambda$stopCacheManager$2(SecurityActions.java:77)
		at org.infinispan.security.Security.doPrivileged(Security.java:56)
		at org.infinispan.server.SecurityActions.doPrivileged(SecurityActions.java:40)
		at org.infinispan.server.SecurityActions.stopCacheManager(SecurityActions.java:84)
		at org.infinispan.server.Server.localShutdown(Server.java:560)
		at org.infinispan.server.Server.lambda$run$4(Server.java:472)
		at java.base/java.util.concurrent.CompletableFuture.uniWhenComplete(CompletableFuture.java:859)
		at java.base/java.util.concurrent.CompletableFuture.uniWhenCompleteStage(CompletableFuture.java:883)
		at java.base/java.util.concurrent.CompletableFuture.whenComplete(CompletableFuture.java:2251)
		at org.infinispan.server.Server.run(Server.java:472)
		... 9 more
Caused by: java.lang.IllegalArgumentException: ISPN080046: Unknown credential store 'credentials'
	at org.infinispan.server.configuration.security.CredentialStoresConfiguration.getCredential(CredentialStoresConfiguration.java:52)
	at org.infinispan.server.configuration.security.CredentialStoresConfiguration.getCredential(CredentialStoresConfiguration.java:37)
	at org.infinispan.server.configuration.security.CredentialStoresConfigurationBuilder$CredentialSupplier.get(CredentialStoresConfigurationBuilder.java:72)
	at org.infinispan.server.configuration.security.CredentialStoresConfigurationBuilder$CredentialSupplier.get(CredentialStoresConfigurationBuilder.java:60)
	at org.infinispan.server.configuration.security.TrustStoreConfiguration.trustStore(TrustStoreConfiguration.java:53)
	at org.infinispan.server.configuration.security.TrustStoreConfiguration.build(TrustStoreConfiguration.java:64)
	at org.infinispan.server.configuration.security.SSLConfiguration.build(SSLConfiguration.java:40)
	at org.infinispan.server.configuration.security.RealmConfiguration.init(RealmConfiguration.java:111)
	at org.infinispan.server.configuration.security.RealmsConfiguration.init(RealmsConfiguration.java:33)
	at org.infinispan.server.configuration.security.SecurityConfiguration.<init>(SecurityConfiguration.java:17)
	at org.infinispan.server.configuration.security.SecurityConfigurationBuilder.create(SecurityConfigurationBuilder.java:37)
	at org.infinispan.server.configuration.ServerConfigurationBuilder.create(ServerConfigurationBuilder.java:70)
	at org.infinispan.server.configuration.ServerConfigurationBuilder.create(ServerConfigurationBuilder.java:21)
	at org.infinispan.configuration.global.GlobalConfigurationBuilder.build(GlobalConfigurationBuilder.java:267)
	at org.infinispan.configuration.ConfigurationManager.<init>(ConfigurationManager.java:39)
	at org.infinispan.manager.DefaultCacheManager.<init>(DefaultCacheManager.java:375)
	... 10 more

      This is because the Infinispan configuration template only creates the credential-store if a keystore password has been defined. The template logic needs to be updated to handle both cases.

      Attachments

        Activity

          People

            remerson@redhat.com Ryan Emerson
            remerson@redhat.com Ryan Emerson
            Pavel Drobek Pavel Drobek
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: