[jira] [Commented] (JAMES-3449) Cannot open keystore "password has been cleared"
[
https://issues.apache.org/jira/browse/JAMES-3449?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17233204#comment-17233204
]
Benoit Tellier commented on JAMES-3449:
---
AbstractConfigurableAsyncServer seems to be the guilty piece of code..
{code:java}
private void buildSSLContext() throws Exception {
if (useStartTLS || useSSL) {
FileInputStream fis = null;
try {
KeyStore ks = KeyStore.getInstance("JKS");
fis = new FileInputStream(fileSystem.getFile(keystore));
ks.load(fis, secret.toCharArray());
// Set up key manager factory to use our key store
KeyManagerFactory kmf =
KeyManagerFactory.getInstance(x509Algorithm);
kmf.init(ks, secret.toCharArray());
// Initialize the SSLContext to work with our key managers.
SSLContext context = SSLContext.getInstance("TLS");
context.init(kmf.getKeyManagers(), null, null);
if (useStartTLS) {
encryption = Encryption.createStartTls(context,
enabledCipherSuites);
} else {
encryption = Encryption.createTls(context,
enabledCipherSuites);
}
} finally {
if (fis != null) {
fis.close();
}
}
}
}
{code}
> Cannot open keystore "password has been cleared"
>
>
> Key: JAMES-3449
> URL: https://issues.apache.org/jira/browse/JAMES-3449
> Project: James Server
> Issue Type: Improvement
> Components: IMAPServer
>Affects Versions: 3.5.0
> Environment: Debian:
> openjdk version "13.0.2" 2020-01-14
> OpenJDK Runtime Environment (build 13.0.2+8)
> OpenJDK 64-Bit Server VM (build 13.0.2+8, mixed mode, sharing)
>Reporter: Juan F Arjona
>Priority: Minor
>
> Hi,
> I am trying to run James, but it always fails when I set up a certificate in
> the certificate store for the imap server:
> {{...}}
> {{}}
> {{file://conf/certificates}}
> {{ changeit}}
> {{ org.bouncycastle.jce.provider.BouncyCastleProvider}}
> {{ }}
> {{...}}
> The password is correct:
> {{$ keytool -list -keystore certificates -storepass changeit}}
> {{Keystore type: PKCS12}}
> {{Keystore provider: SUN}}{{Your keystore contains 1 entry}}{{james, Nov 16,
> 2020, PrivateKeyEntry,}}
> {{Certificate fingerprint (SHA-256):
> xx:xx:E1:E0:87:19:3E:80:C8:2D:76:5A:2D:8D:80:98:71:27:F0:93:xx:}}
>
> And the exception I am getting:
> $ cat wrapper.log
> WrapperSimpleApp: Encountered an error running main:
> org.springframework.beans.factory.BeanCreationException: Error creating bean
> with name 'imapserver': Invocation of init method failed; nested exception is
> java.io.IOException: keystore password was incorrect
> INFO | jvm 1 | 2020/11/16 23:05:51 |
> org.springframework.beans.factory.BeanCreationException: Error creating bean
> with name 'imapserver': Invocation of init method failed; nested exception is
> java.io.IOException: keystore password was incorrect
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor.postProcessBeforeInitialization(InitDestroyAnnotationBeanPostProcessor.java:133)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsBeforeInitialization(AbstractAutowireCapableBeanFactory.java:396)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1507)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:191)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
>
[jira] [Commented] (JAMES-3449) Cannot open keystore "password has been cleared"
[
https://issues.apache.org/jira/browse/JAMES-3449?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17233203#comment-17233203
]
Benoit Tellier commented on JAMES-3449:
---
Thanks for the feedback.
Contributions on this topic would be highly appreciated.
> Cannot open keystore "password has been cleared"
>
>
> Key: JAMES-3449
> URL: https://issues.apache.org/jira/browse/JAMES-3449
> Project: James Server
> Issue Type: Improvement
> Components: IMAPServer
>Affects Versions: 3.5.0
> Environment: Debian:
> openjdk version "13.0.2" 2020-01-14
> OpenJDK Runtime Environment (build 13.0.2+8)
> OpenJDK 64-Bit Server VM (build 13.0.2+8, mixed mode, sharing)
>Reporter: Juan F Arjona
>Priority: Minor
>
> Hi,
> I am trying to run James, but it always fails when I set up a certificate in
> the certificate store for the imap server:
> {{...}}
> {{}}
> {{file://conf/certificates}}
> {{ changeit}}
> {{ org.bouncycastle.jce.provider.BouncyCastleProvider}}
> {{ }}
> {{...}}
> The password is correct:
> {{$ keytool -list -keystore certificates -storepass changeit}}
> {{Keystore type: PKCS12}}
> {{Keystore provider: SUN}}{{Your keystore contains 1 entry}}{{james, Nov 16,
> 2020, PrivateKeyEntry,}}
> {{Certificate fingerprint (SHA-256):
> xx:xx:E1:E0:87:19:3E:80:C8:2D:76:5A:2D:8D:80:98:71:27:F0:93:xx:}}
>
> And the exception I am getting:
> $ cat wrapper.log
> WrapperSimpleApp: Encountered an error running main:
> org.springframework.beans.factory.BeanCreationException: Error creating bean
> with name 'imapserver': Invocation of init method failed; nested exception is
> java.io.IOException: keystore password was incorrect
> INFO | jvm 1 | 2020/11/16 23:05:51 |
> org.springframework.beans.factory.BeanCreationException: Error creating bean
> with name 'imapserver': Invocation of init method failed; nested exception is
> java.io.IOException: keystore password was incorrect
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor.postProcessBeforeInitialization(InitDestroyAnnotationBeanPostProcessor.java:133)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsBeforeInitialization(AbstractAutowireCapableBeanFactory.java:396)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1507)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:191)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:638)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:942)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:482)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.context.support.ClassPathXmlApplicationContext.(ClassPathXmlApplicationContext.java:139)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.context.support.ClassPathXmlApplicationContext.(ClassPathXmlApplicationContext.java:93)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.apache.james.container.spring.context.JamesServerApplicationContext.(JamesServerApplicationContext.java:40)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.apache.james.app.spring.JamesAppSpringMain.init(JamesAppSpringMain.java:56)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.apache.james.app.spring.JamesAppSpringMain.main(JamesAppSpringMain.java:42)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
>
[jira] [Commented] (JAMES-3449) Cannot open keystore "password has been cleared"
[
https://issues.apache.org/jira/browse/JAMES-3449?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17233153#comment-17233153
]
Juan F Arjona commented on JAMES-3449:
--
OK - the issue was the format of the keystore (I had PKCS12 and it should be
JKS)
The JKS format is obsolete, the keystore format should be configurable in the
tls keystore parameters.
Thanks.
> Cannot open keystore "password has been cleared"
>
>
> Key: JAMES-3449
> URL: https://issues.apache.org/jira/browse/JAMES-3449
> Project: James Server
> Issue Type: Bug
> Components: IMAPServer
>Affects Versions: 3.5.0
> Environment: Debian:
> openjdk version "13.0.2" 2020-01-14
> OpenJDK Runtime Environment (build 13.0.2+8)
> OpenJDK 64-Bit Server VM (build 13.0.2+8, mixed mode, sharing)
>Reporter: Juan F Arjona
>Priority: Major
>
> Hi,
> I am trying to run James, but it always fails when I set up a certificate in
> the certificate store for the imap server:
> {{...}}
> {{}}
> {{file://conf/certificates}}
> {{ changeit}}
> {{ org.bouncycastle.jce.provider.BouncyCastleProvider}}
> {{ }}
> {{...}}
> The password is correct:
> {{$ keytool -list -keystore certificates -storepass changeit}}
> {{Keystore type: PKCS12}}
> {{Keystore provider: SUN}}{{Your keystore contains 1 entry}}{{james, Nov 16,
> 2020, PrivateKeyEntry,}}
> {{Certificate fingerprint (SHA-256):
> xx:xx:E1:E0:87:19:3E:80:C8:2D:76:5A:2D:8D:80:98:71:27:F0:93:xx:}}
>
> And the exception I am getting:
> $ cat wrapper.log
> WrapperSimpleApp: Encountered an error running main:
> org.springframework.beans.factory.BeanCreationException: Error creating bean
> with name 'imapserver': Invocation of init method failed; nested exception is
> java.io.IOException: keystore password was incorrect
> INFO | jvm 1 | 2020/11/16 23:05:51 |
> org.springframework.beans.factory.BeanCreationException: Error creating bean
> with name 'imapserver': Invocation of init method failed; nested exception is
> java.io.IOException: keystore password was incorrect
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor.postProcessBeforeInitialization(InitDestroyAnnotationBeanPostProcessor.java:133)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsBeforeInitialization(AbstractAutowireCapableBeanFactory.java:396)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1507)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:191)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:638)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:942)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:482)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.context.support.ClassPathXmlApplicationContext.(ClassPathXmlApplicationContext.java:139)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.springframework.context.support.ClassPathXmlApplicationContext.(ClassPathXmlApplicationContext.java:93)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.apache.james.container.spring.context.JamesServerApplicationContext.(JamesServerApplicationContext.java:40)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
> org.apache.james.app.spring.JamesAppSpringMain.init(JamesAppSpringMain.java:56)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at
>
