Skip to main content

keystore containing entry with pasword different from master password?

1 reply [Last post]
cigorin
Offline
Joined: 2009-01-04

Hi,

I'm trying to put entry into glassfish keystore.jks, which have password different from keystore one. I've tried to generate entry via keytool -genkeypair as well as to import it from external PKCS12 keystore file via -importkeystore. If entry password is same as keystore one everything works perfectly. When it differs or is changed by -keypasswd following exception occurs

[#|2009-03-20T12:31:45.125+0100|WARNING|sun-appserver9.1|javax.enterprise.system.stream.err|_ThreadID=10;_ThreadName=main;_RequestID=1f19c3e4-d96a-402e-ad36-5f21db1a4b0e;|java.lang.reflect.InvocationTargetException

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

at java.lang.reflect.Method.invoke(Method.java:597)

at com.sun.enterprise.server.PELaunch.main(PELaunch.java:412)

Caused by: java.lang.ExceptionInInitializerError

at com.sun.enterprise.security.SecurityLifecycle.onInitialization(SecurityLifecycle.java:101)

at com.sun.enterprise.server.ApplicationServer.onInitialization(ApplicationServer.java:262)

at com.sun.enterprise.server.ondemand.OnDemandServer.onInitialization(OnDemandServer.java:101)

at com.sun.enterprise.server.PEMain.run(PEMain.java:401)

at com.sun.enterprise.server.PEMain.main(PEMain.java:338)

... 5 more

Caused by: java.lang.IllegalStateException: java.security.UnrecoverableKeyException: Cannot recover key

at com.sun.enterprise.security.SSLUtils.(SSLUtils.java:128)

... 10 more

Caused by: java.security.UnrecoverableKeyException: Cannot recover key

at sun.security.provider.KeyProtector.recover(KeyProtector.java:311)

at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:121)

at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:38)

at java.security.KeyStore.getKey(KeyStore.java:763)

at com.sun.net.ssl.internal.ssl.SunX509KeyManagerImpl.(SunX509KeyManagerImpl.java:113)

at com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:48)

at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:239)

at com.sun.enterprise.security.SSLUtils.initKeyManagers(SSLUtils.java:320)

at com.sun.enterprise.security.SSLUtils.(SSLUtils.java:106)

... 10 more

|#]

From Kumar's blog http://weblogs.java.net/blog/kumarjayanti/archive/2007/11/ssl_and_crl_ch... it seems there are some limitations, which prevents to have glassfish entries with their own passwords in single keystore. Do someone know more details of it? I also wonder why glassfish tries to access non system entries in keystore during startup ...

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
cigorin
Offline
Joined: 2009-01-04

It seems to be only glassfish issue and not JSSE. Because if I place entry into separate file from glassfish keystore.jks. Application is able to operate over new keystore without any problems despite entries passwords are different from keystore master pass...