4 Replies Latest reply on Dec 14, 2012 8:55 AM by lzcmail

    Exception encountered:PB00019: Processing Failed:Unable to get Keystore

    lzcmail

      I tried "Utilising masked passwords via the vault" on jboss7.1.1:

      https://community.jboss.org/wiki/AS7UtilisingMaskedPasswordsViaTheVault

       

      I got error message:

      Dec 12, 2012 10:56:48 AM org.jboss.security.vault.SecurityVaultFactory get

      INFO: Getting Security Vault with implementation of org.picketbox.plugins.vault.PicketBoxSecurityVault

      Obtained Vault

      Initializing Vault

      Exception encountered:PB00019: Processing Failed:Unable to get Keystore:

       

      I know it is a bug:

      https://issues.jboss.org/browse/JBPAPP6-1492?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

       

      It seems it is fixed in EAP 6.1.  Is there any fix on Jboss7.1.1? Thanks.

        • 1. Re: Exception encountered:PB00019: Processing Failed:Unable to get Keystore
          ctomc

          Hi,

           

          as your probably read on issue you linked.

          this issue only occurs on windows

          and problem is only wrong reporting of error.

           

          it usualy happens when it cannot open keystore file, if it is stored in path that has space in it.

           

          --

          tomaz

          • 2. Re: Exception encountered:PB00019: Processing Failed:Unable to get Keystore
            lzcmail

            Thanks tomaz. I tried this on redhat linux. Here is the detail:

             

            $ ./vault.sh

            WARNING JBOSS_HOME may be pointing to a different installation - unpredictable results may occur.

             

            =========================================================================

             

              JBoss Vault

             

              JBOSS_HOME: /usr/local/jboss

             

              JAVA: /etc/alternatives/java_sdk_1.6.0/bin/java

             

              VAULT Classpath: /usr/local/jboss/modules/org/picketbox/main/*:/usr/local/jboss/modules/org/jboss/logging/main/*:/usr/local/jboss/modules/org/jboss/common-core/main/*:/usr/local/jboss/modules/org/jboss/as/security/main/*

            =========================================================================

             

            **********************************

            ****  JBoss Vault ********

            **********************************

            Please enter a Digit::   0: Start Interactive Session  1: Remove Interactive Session  2: Exit

            0

            Starting an interactive session

            Enter directory to store encrypted files (end with either / or \ based on Unix or Windows:/usr/local/jboss/vault/

            Enter Keystore URL:/usr/local/jboss/vault.keystore

            Enter Keystore password:

            Enter Keystore password again:

            Values match

            Enter 8 character salt:12345678

            Enter iteration count as a number (Eg: 44):25

                           

            Please make note of the following:

            ********************************************

            Masked Password:MASK-DjeJRxMmsyt

            salt:12345678

            Iteration Count:25

            ********************************************

                           

            Enter Keystore Alias:vault

            Dec 12, 2012 11:33:23 AM org.jboss.security.vault.SecurityVaultFactory get

            INFO: Getting Security Vault with implementation of org.picketbox.plugins.vault.PicketBoxSecurityVault

            Obtained Vault

            Initializing Vault

            Exception encountered:PB00019: Processing Failed:Unable to get Keystore:

            • 3. Re: Exception encountered:PB00019: Processing Failed:Unable to get Keystore
              raoulpetitpied

              @jboss adict

               

               

              I faced the same problem this morning and, in my  situation, the explaintation was : the storepass must be equal to the keypass.

              I beleive this behavior is caused by a bug in org.picketbox.plugins.vault.PicketBoxSecurityVault.init(Map<String, Object> options).

               

               

              NB :

              I'm using picketbox 4.0.9, which contains the following code :

               

              package org.picketbox.plugins.vault;

              ...

              class PicketBoxSecurityVault  ... {

                 ...

                 public void init(Map<String, Object> options) throws SecurityVaultException

                 {

                      ...

                       keystore = KeyStoreUtil.getKeyStore(keystoreURL, keystorePass.toCharArray());

                       keypair = KeyStoreUtil.getPrivateKey(keystore, alias, keystorePass.toCharArray());

                      ...

                 }

              ...

               

              As you can see, this code loads the store (e.g. 'getKeyStore()') and the key (e.g. 'getPrivateKey()') with the same password (e.g. 'keystorePass') ...

              That's the reason why, when using keytool to create the keystore ans the alias, you have to use a storepass equal to the keypass.

              Sample :

               

                 keytool -genkey -alias vault -keystore /tmp/server.ks -storepass storepass -keypass storepass -keyalg RSA -keysize 4096 -dname "CN=vault,O=my corp,L=Paris,ST=France,C=FR"

              • 4. Re: Exception encountered:PB00019: Processing Failed:Unable to get Keystore
                lzcmail

                guillaume

                That is nice finding, but how can jboss team run it correctly? Did they use different code?