OpenJDK 上密钥库的 Vault 初始化问题
Vault initialization issue with keystore on OpenJDK
当我们从 OracleJDK 切换到 OpenJDK 时,我们面临以下问题:
[Host Controller] 09:25:41,568 INFO [org.jboss.as] (MSC service
thread 1-6) JBAS015899: WildFly 8.2.1.Final "Tweek" starting [Host
Controller] 09:25:42,674 ERROR
[org.jboss.as.controller.management-operation] (Controller Boot
Thread) JBAS014612: Operation ("add") failed - address: ([ [Host
Controller] ("host" => "master"), [Host Controller]
("core-service" => "vault") [Host Controller] ]):
java.lang.RuntimeException: JBAS015804: Error initializing vault --
org.jboss.as.server.services.security.VaultReaderException:
JBAS013313: Vault Reader Exception: [Host Controller] at
org.jboss.as.server.services.security.VaultAddHandler.performRuntime(VaultAddHandler.java:82)
[wildfly-server-8.2.1.Final.jar:8.2.1.Final] [Host Controller] at
org.jboss.as.controller.AbstractAddStepHandler.execute(AbstractAddStepHandler.java:75)
[wildfly-controller-8.2.1.Final.jar:8.2.1.Final] [Host Controller] at
org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:660)
[wildfly-controller-8.2.1.Final.jar:8.2.1.Final] [Host Controller] at
org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:501)
[wildfly-controller-8.2.1.Final.jar:8.2.1.Final] [Host Controller] at
org.jboss.as.controller.AbstractOperationContext.completeStepInternal(AbstractOperationContext.java:298)
[wildfly-controller-8.2.1.Final.jar:8.2.1.Final] [Host Controller] at
org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:293)
[wildfly-controller-8.2.1.Final.jar:8.2.1.Final] [Host Controller] at
org.jboss.as.controller.ModelControllerImpl.boot(ModelControllerImpl.java:324)
[wildfly-controller-8.2.1.Final.jar:8.2.1.Final] [Host Controller] at
org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:297)
[wildfly-controller-8.2.1.Final.jar:8.2.1.Final] [Host Controller] at
org.jboss.as.host.controller.DomainModelControllerService.boot(DomainModelControllerService.java:441)
[wildfly-host-controller-8.2.1.Final.jar:8.2.1.Final] [Host
Controller] at
org.jboss.as.controller.AbstractControllerService.run(AbstractControllerService.java:259)
[wildfly-controller-8.2.1.Final.jar:8.2.1.Final] [Host Controller] at
java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_191] [Host
Controller] Caused by:
org.jboss.as.server.services.security.VaultReaderException:
JBAS013313: Vault Reader Exception: [Host Controller] at
org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:84)
[wildfly-security-8.2.1.Final.jar:8.2.1.Final] [Host Controller] at
org.jboss.as.server.services.security.VaultAddHandler.performRuntime(VaultAddHandler.java:80)
[wildfly-server-8.2.1.Final.jar:8.2.1.Final] [Host Controller] ... 10
more [Host Controller] Caused by:
org.jboss.security.vault.SecurityVaultException:
java.lang.RuntimeException: PBOX000140: Unable to get keystore
(/usr/jboss-8.2.0.Final/domain/vault/keystore.jceks) [Host Controller]
at
org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:210)
[Host Controller] at
org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:82)
[wildfly-security-8.2.1.Final.jar:8.2.1.Final] [Host Controller] ...
11 more [Host Controller] Caused by: java.lang.RuntimeException:
PBOX000140: Unable to get keystore
(/usr/jboss-8.2.0.Final/domain/vault/keystore.jceks) [Host Controller]
at
org.picketbox.plugins.vault.PicketBoxSecurityVault.getKeyStore(PicketBoxSecurityVault.java:688)
[Host Controller] at
org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:205)
[Host Controller] ... 12 more [Host Controller] Caused by:
java.io.IOException: Invalid secret key format [Host Controller] at
com.sun.crypto.provider.JceKeyStore.engineLoad(JceKeyStore.java:856)
[sunjce_provider.jar:1.8.0_191] [Host Controller] at
java.security.KeyStore.load(KeyStore.java:1445) [rt.jar:1.8.0_191]
[Host Controller] at
org.picketbox.util.KeyStoreUtil.getKeyStore(KeyStoreUtil.java:201)
[Host Controller] at
org.picketbox.util.KeyStoreUtil.getKeyStore(KeyStoreUtil.java:151)
[Host Controller] at
org.picketbox.plugins.vault.PicketBoxSecurityVault.getKeyStore(PicketBoxSecurityVault.java:685)
[Host Controller] ... 13 more [Host Controller] [Host Controller]
09:25:42,682 FATAL [org.jboss.as.host.controller] (Controller Boot
Thread) JBAS010933: Host Controller boot has failed in an
unrecoverable manner; exiting. See previous messages for details.
在 OracleJDK 中同样有效。使用与 OracleJDK 相同的密钥库文件。两个JDK版本都是8.
jdk1.8.0_121
java-1.8.0-openjdk-1.8.0.191.b12-0.el7_5.x86_64
任何人都可以指出 OpenJDK 有什么问题吗?
应用此处的解决方案后问题已解决:https://developer.jboss.org/thread/277727。
保管库(和凭据存储)基于 JCEKS,更新 171 中的 JCEKS 格式发生了变化。
请将此依赖行 <module name="sun.jdk"/> 添加到 modules/system/layers/base/org/picketbox/main
或者迁移到已经包含此依赖项的 wildlfy 11
当我们从 OracleJDK 切换到 OpenJDK 时,我们面临以下问题:
[Host Controller] 09:25:41,568 INFO [org.jboss.as] (MSC service thread 1-6) JBAS015899: WildFly 8.2.1.Final "Tweek" starting [Host Controller] 09:25:42,674 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) JBAS014612: Operation ("add") failed - address: ([ [Host Controller] ("host" => "master"), [Host Controller]
("core-service" => "vault") [Host Controller] ]): java.lang.RuntimeException: JBAS015804: Error initializing vault -- org.jboss.as.server.services.security.VaultReaderException: JBAS013313: Vault Reader Exception: [Host Controller] at org.jboss.as.server.services.security.VaultAddHandler.performRuntime(VaultAddHandler.java:82) [wildfly-server-8.2.1.Final.jar:8.2.1.Final] [Host Controller] at org.jboss.as.controller.AbstractAddStepHandler.execute(AbstractAddStepHandler.java:75) [wildfly-controller-8.2.1.Final.jar:8.2.1.Final] [Host Controller] at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:660) [wildfly-controller-8.2.1.Final.jar:8.2.1.Final] [Host Controller] at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:501) [wildfly-controller-8.2.1.Final.jar:8.2.1.Final] [Host Controller] at org.jboss.as.controller.AbstractOperationContext.completeStepInternal(AbstractOperationContext.java:298) [wildfly-controller-8.2.1.Final.jar:8.2.1.Final] [Host Controller] at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:293) [wildfly-controller-8.2.1.Final.jar:8.2.1.Final] [Host Controller] at org.jboss.as.controller.ModelControllerImpl.boot(ModelControllerImpl.java:324) [wildfly-controller-8.2.1.Final.jar:8.2.1.Final] [Host Controller] at org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:297) [wildfly-controller-8.2.1.Final.jar:8.2.1.Final] [Host Controller] at org.jboss.as.host.controller.DomainModelControllerService.boot(DomainModelControllerService.java:441) [wildfly-host-controller-8.2.1.Final.jar:8.2.1.Final] [Host Controller] at org.jboss.as.controller.AbstractControllerService.run(AbstractControllerService.java:259) [wildfly-controller-8.2.1.Final.jar:8.2.1.Final] [Host Controller] at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_191] [Host Controller] Caused by: org.jboss.as.server.services.security.VaultReaderException: JBAS013313: Vault Reader Exception: [Host Controller] at org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:84) [wildfly-security-8.2.1.Final.jar:8.2.1.Final] [Host Controller] at org.jboss.as.server.services.security.VaultAddHandler.performRuntime(VaultAddHandler.java:80) [wildfly-server-8.2.1.Final.jar:8.2.1.Final] [Host Controller] ... 10 more [Host Controller] Caused by: org.jboss.security.vault.SecurityVaultException: java.lang.RuntimeException: PBOX000140: Unable to get keystore (/usr/jboss-8.2.0.Final/domain/vault/keystore.jceks) [Host Controller] at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:210) [Host Controller] at org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:82) [wildfly-security-8.2.1.Final.jar:8.2.1.Final] [Host Controller] ... 11 more [Host Controller] Caused by: java.lang.RuntimeException: PBOX000140: Unable to get keystore (/usr/jboss-8.2.0.Final/domain/vault/keystore.jceks) [Host Controller] at org.picketbox.plugins.vault.PicketBoxSecurityVault.getKeyStore(PicketBoxSecurityVault.java:688) [Host Controller] at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:205) [Host Controller] ... 12 more [Host Controller] Caused by: java.io.IOException: Invalid secret key format [Host Controller] at com.sun.crypto.provider.JceKeyStore.engineLoad(JceKeyStore.java:856) [sunjce_provider.jar:1.8.0_191] [Host Controller] at java.security.KeyStore.load(KeyStore.java:1445) [rt.jar:1.8.0_191] [Host Controller] at org.picketbox.util.KeyStoreUtil.getKeyStore(KeyStoreUtil.java:201) [Host Controller] at org.picketbox.util.KeyStoreUtil.getKeyStore(KeyStoreUtil.java:151) [Host Controller] at org.picketbox.plugins.vault.PicketBoxSecurityVault.getKeyStore(PicketBoxSecurityVault.java:685)[Host Controller] ... 13 more [Host Controller] [Host Controller] 09:25:42,682 FATAL [org.jboss.as.host.controller] (Controller Boot Thread) JBAS010933: Host Controller boot has failed in an unrecoverable manner; exiting. See previous messages for details.
在 OracleJDK 中同样有效。使用与 OracleJDK 相同的密钥库文件。两个JDK版本都是8.
jdk1.8.0_121
java-1.8.0-openjdk-1.8.0.191.b12-0.el7_5.x86_64
任何人都可以指出 OpenJDK 有什么问题吗?
应用此处的解决方案后问题已解决:https://developer.jboss.org/thread/277727。
保管库(和凭据存储)基于 JCEKS,更新 171 中的 JCEKS 格式发生了变化。
请将此依赖行 <module name="sun.jdk"/> 添加到 modules/system/layers/base/org/picketbox/main
或者迁移到已经包含此依赖项的 wildlfy 11