Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: JWS 5.0_RHEL DR1
Affects Version/s: None
Component/s: tomcat-vault
Labels:
None

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

JWS 5.0_RHEL_GA
Workaround Description:
Hide

Ignore the suggested keytool command and create a JCEKS storetype instead:

$ keytool -genseckey -alias vault -storetype jceks -keyalg AES -keysize 128 -keystore /tomcat/conf/.keystore
Show
Ignore the suggested keytool command and create a JCEKS storetype instead: $ keytool -genseckey -alias vault -storetype jceks -keyalg AES -keysize 128 -keystore /tomcat/conf/.keystore
Git Pull Request:
https://github.com/picketbox/tomcat-vault/pull/12
Steps to Reproduce:
Hide

1) Install tomcat and tomcat-vault

2) Run vault without creating a keystore first

$ bin/vault.sh --keystore /tomcat/conf/.keystore --keystore-password vault22 --alias vault --vault-block vb --attribute password --sec-attr test --enc-dir /tomcat/conf --iteration 44 --salt 12345678 .... Problem occured: java.lang.Exception: Keystore [/tomcat/conf/.keystore] doesn't exist. keystore could be created: keytool -genkey -alias vault -keyalg RSA -keysize 1024 -keystore /tomcat/conf/.keystore at org.apache.tomcat.vault.VaultSession.validateKeystoreURL(VaultSession.java:99) ....

3) Use the provided command to create a keystore

$ keytool -genkey -alias vault -keyalg RSA -keysize 1024 -keystore /tomcat/conf/.keystore

4) Try to use vault again

Problem occured: java.lang.Exception: Exception encountered:java.lang.RuntimeException: PBOX000137: Security Vault does not contain SecretKey entry under alias (vault) at org.apache.tomcat.vault.VaultSession.initSecurityVault(VaultSession.java:176) at org.apache.tomcat.vault.VaultSession.startVaultSession(VaultSession.java:192) at org.apache.tomcat.vault.VaultTool.execute(VaultTool.java:187) at org.apache.tomcat.vault.VaultTool.main(VaultTool.java:80) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.jboss.modules.Module.run(Module.java:312) at org.jboss.modules.Main.main(Main.java:460) Caused by: org.apache.tomcat.vault.security.vault.SecurityVaultException: java.lang.RuntimeException: PBOX000137: Security Vault does not contain SecretKey entry under alias (vault) at org.apache.tomcat.vault.security.vault.PicketBoxSecurityVault.readVaultContent(PicketBoxSecurityVault.java:493) at org.apache.tomcat.vault.security.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:220) at org.apache.tomcat.vault.VaultSession.initSecurityVault(VaultSession.java:173) ... 9 more Caused by: java.lang.RuntimeException: PBOX000137: Security Vault does not contain SecretKey entry under alias (vault) at org.apache.tomcat.vault.security.vault.PicketBoxSecurityVault.readVersionedVaultContent(PicketBoxSecurityVault.java:615) at org.apache.tomcat.vault.security.vault.PicketBoxSecurityVault.readVaultContent(PicketBoxSecurityVault.java:486) ... 11 more
Show
1) Install tomcat and tomcat-vault 2) Run vault without creating a keystore first $ bin/vault.sh --keystore /tomcat/conf/.keystore --keystore-password vault22 --alias vault --vault-block vb --attribute password --sec-attr test --enc-dir /tomcat/conf --iteration 44 --salt 12345678 .... Problem occured: java.lang.Exception: Keystore [/tomcat/conf/.keystore] doesn't exist. keystore could be created: keytool -genkey -alias vault -keyalg RSA -keysize 1024 -keystore /tomcat/conf/.keystore at org.apache.tomcat.vault.VaultSession.validateKeystoreURL(VaultSession.java:99) .... 3) Use the provided command to create a keystore $ keytool -genkey -alias vault -keyalg RSA -keysize 1024 -keystore /tomcat/conf/.keystore 4) Try to use vault again Problem occured: java.lang.Exception: Exception encountered:java.lang.RuntimeException: PBOX000137: Security Vault does not contain SecretKey entry under alias (vault) at org.apache.tomcat.vault.VaultSession.initSecurityVault(VaultSession.java:176) at org.apache.tomcat.vault.VaultSession.startVaultSession(VaultSession.java:192) at org.apache.tomcat.vault.VaultTool.execute(VaultTool.java:187) at org.apache.tomcat.vault.VaultTool.main(VaultTool.java:80) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.jboss.modules.Module.run(Module.java:312) at org.jboss.modules.Main.main(Main.java:460) Caused by: org.apache.tomcat.vault.security.vault.SecurityVaultException: java.lang.RuntimeException: PBOX000137: Security Vault does not contain SecretKey entry under alias (vault) at org.apache.tomcat.vault.security.vault.PicketBoxSecurityVault.readVaultContent(PicketBoxSecurityVault.java:493) at org.apache.tomcat.vault.security.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:220) at org.apache.tomcat.vault.VaultSession.initSecurityVault(VaultSession.java:173) ... 9 more Caused by: java.lang.RuntimeException: PBOX000137: Security Vault does not contain SecretKey entry under alias (vault) at org.apache.tomcat.vault.security.vault.PicketBoxSecurityVault.readVersionedVaultContent(PicketBoxSecurityVault.java:615) at org.apache.tomcat.vault.security.vault.PicketBoxSecurityVault.readVaultContent(PicketBoxSecurityVault.java:486) ... 11 more

SFDC Cases Links:
SFDC Cases Counter:

I found that tomcat-vault gives you bad information when getting started. It tells you to create a keystore in the wrong format when it isn't present See Steps to Reproduce for more information.

relates to

JWS-751 tomcat-vault creates a keystore that it can't use

Closed

Assignee:: Coty Sutherland

Reporter:: Coty Sutherland

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2017/06/29 2:36 PM

Updated:: 2018/02/16 11:40 AM

Resolved:: 2017/07/07 12:15 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates