[jira] [Commented] (JAMES-3449) Cannot open keystore "password has been cleared"

Mon, 16 Nov 2020 18:24:23 -0800 


    [ 
https://issues.apache.org/jira/browse/JAMES-3449?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17233204#comment-17233204
 ] 

Benoit Tellier commented on JAMES-3449:
---------------------------------------

AbstractConfigurableAsyncServer seems to be the guilty piece of code..


{code:java}
    private void buildSSLContext() throws Exception {
        if (useStartTLS || useSSL) {
            FileInputStream fis = null;
            try {
                KeyStore ks = KeyStore.getInstance("JKS");
                fis = new FileInputStream(fileSystem.getFile(keystore));
                ks.load(fis, secret.toCharArray());

                // Set up key manager factory to use our key store
                KeyManagerFactory kmf = 
KeyManagerFactory.getInstance(x509Algorithm);
                kmf.init(ks, secret.toCharArray());

                // Initialize the SSLContext to work with our key managers.
                SSLContext context = SSLContext.getInstance("TLS");
                context.init(kmf.getKeyManagers(), null, null);
                if (useStartTLS) {
                    encryption = Encryption.createStartTls(context, 
enabledCipherSuites);
                } else {
                    encryption = Encryption.createTls(context, 
enabledCipherSuites);
                }
            } finally {
                if (fis != null) {
                    fis.close();
                }
            }
        }
    }
{code}


> Cannot open keystore "password has been cleared"
> ------------------------------------------------
>
>                 Key: JAMES-3449
>                 URL: https://issues.apache.org/jira/browse/JAMES-3449
>             Project: James Server
>          Issue Type: Improvement
>          Components: IMAPServer
>    Affects Versions: 3.5.0
>         Environment: Debian:
> openjdk version "13.0.2" 2020-01-14
> OpenJDK Runtime Environment (build 13.0.2+8)
> OpenJDK 64-Bit Server VM (build 13.0.2+8, mixed mode, sharing)
>            Reporter: Juan F Arjona
>            Priority: Minor
>
> Hi,
> I am trying to run James, but it always fails when I set up a certificate in 
> the certificate store for the imap server:
> {{...}}
> {{<tls socketTLS="true" startTLS="false">}}
> {{<keystore>file://conf/certificates</keystore>}}
> {{ <secret>changeit</secret>}}
> {{ <provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>}}
> {{ </tls>}}
> {{...}}
> The password is correct:
> {{$ keytool -list -keystore certificates -storepass changeit}}
> {{Keystore type: PKCS12}}
> {{Keystore provider: SUN}}{{Your keystore contains 1 entry}}{{james, Nov 16, 
> 2020, PrivateKeyEntry,}}
> {{Certificate fingerprint (SHA-256): 
> xx:xx:E1:E0:87:19:3E:80:C8:2D:76:5A:2D:8D:80:98:71:27:F0:93:xx:....}}
>  
> And the exception I am getting:
> $ cat wrapper.log
> WrapperSimpleApp: Encountered an error running main: 
> org.springframework.beans.factory.BeanCreationException: Error creating bean 
> with name 'imapserver': Invocation of init method failed; nested exception is 
> java.io.IOException: keystore password was incorrect
> INFO | jvm 1 | 2020/11/16 23:05:51 | 
> org.springframework.beans.factory.BeanCreationException: Error creating bean 
> with name 'imapserver': Invocation of init method failed; nested exception is 
> java.io.IOException: keystore password was incorrect
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor.postProcessBeforeInitialization(InitDestroyAnnotationBeanPostProcessor.java:133)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsBeforeInitialization(AbstractAutowireCapableBeanFactory.java:396)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1507)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:191)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:638)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:942)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:482)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:139)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:93)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> org.apache.james.container.spring.context.JamesServerApplicationContext.<init>(JamesServerApplicationContext.java:40)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> org.apache.james.app.spring.JamesAppSpringMain.init(JamesAppSpringMain.java:56)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> org.apache.james.app.spring.JamesAppSpringMain.main(JamesAppSpringMain.java:42)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> java.base/java.lang.reflect.Method.invoke(Method.java:567)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:240)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> java.base/java.lang.Thread.run(Thread.java:830)
> INFO | jvm 1 | 2020/11/16 23:05:51 | Caused by: java.io.IOException: keystore 
> password was incorrect
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2118)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:243)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> java.base/java.security.KeyStore.load(KeyStore.java:1472)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> org.apache.james.protocols.lib.netty.AbstractConfigurableAsyncServer.buildSSLContext(AbstractConfigurableAsyncServer.java:396)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> org.apache.james.protocols.lib.netty.AbstractConfigurableAsyncServer.init(AbstractConfigurableAsyncServer.java:264)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> org.apache.james.protocols.lib.netty.AbstractServerFactory.init(AbstractServerFactory.java:58)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> java.base/java.lang.reflect.Method.invoke(Method.java:567)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor$LifecycleElement.invoke(InitDestroyAnnotationBeanPostProcessor.java:344)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor$LifecycleMetadata.invokeInitMethods(InitDestroyAnnotationBeanPostProcessor.java:295)
> INFO | jvm 1 | 2020/11/16 23:05:51 | at 
> org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor.postProcessBeforeInitialization(InitDestroyAnnotationBeanPostProcessor.java:130)
> INFO | jvm 1 | 2020/11/16 23:05:51 | ... 22 more
> INFO | jvm 1 | 2020/11/16 23:05:51 | Caused by: 
> java.security.UnrecoverableKeyException: failed to decrypt safe contents 
> entry: java.lang.IllegalStateException: password has been cleared
> INFO | jvm 1 | 2020/11/16 23:05:51 | ... 35 more
>  
> Thanks,
>  
> Juan
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org

Reply via email to