Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dynamic SSL not working with Encrypted Password #5429

Closed
akAsara opened this issue May 13, 2021 · 0 comments
Closed

Dynamic SSL not working with Encrypted Password #5429

akAsara opened this issue May 13, 2021 · 0 comments
Labels
IceBox Older issues that are not being actively worked on but may be revisited in the future.

Comments

@akAsara
Copy link

akAsara commented May 13, 2021

Description:

After encrypt the password of the Keystore which is configured in the SSLProfile using the cipher tool, it returns the below error when starting the MI server. When giving the password as a plain text value, server starts without any issue.

[2021-04-29 06:58:01,349] ERROR {org.apache.synapse.transport.nhttp.config.ClientConnFactoryBuilder} - HTTPS Error opening Keystore : repository/resources/security/wso2carbon.jks java.io.IOException: Keystore was tampered with, or password was incorrect
	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780)
	at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
	at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
	at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
	at java.security.KeyStore.load(KeyStore.java:1445)
	at org.apache.synapse.transport.nhttp.config.ClientConnFactoryBuilder.createSSLContext(ClientConnFactoryBuilder.java:432)
	at org.apache.synapse.transport.nhttp.config.ClientConnFactoryBuilder.getCustomSSLContexts(ClientConnFactoryBuilder.java:264)
	at org.apache.synapse.transport.nhttp.config.ClientConnFactoryBuilder.parseSSL(ClientConnFactoryBuilder.java:196)
	at org.apache.synapse.transport.passthru.PassThroughHttpSSLSender.initConnFactoryBuilder(PassThroughHttpSSLSender.java:45)
	at org.apache.synapse.transport.passthru.PassThroughHttpSender.init(PassThroughHttpSender.java:167)
	at org.apache.synapse.transport.passthru.PassThroughHttpSSLSender.init(PassThroughHttpSSLSender.java:33)
	at org.apache.axis2.context.ConfigurationContextFactory.initTransportSenders(ConfigurationContextFactory.java:300)
	at org.apache.axis2.context.ConfigurationContextFactory.init(ConfigurationContextFactory.java:231)
	at org.apache.axis2.context.ConfigurationContextFactory.createConfigurationContext(ConfigurationContextFactory.java:93)
	at org.wso2.micro.core.CarbonConfigurationContextFactory.createNewConfigurationContext(CarbonConfigurationContextFactory.java:66)
	at org.wso2.micro.integrator.core.internal.CoreServerInitializer.initializeCarbon(CoreServerInitializer.java:208)
	at org.wso2.micro.integrator.core.internal.CoreServerInitializer.initMIServer(CoreServerInitializer.java:125)
	at org.wso2.micro.integrator.core.internal.Activator.start(Activator.java:82)
	at org.eclipse.osgi.internal.framework.BundleContextImpl$3.run(BundleContextImpl.java:842)
	at org.eclipse.osgi.internal.framework.BundleContextImpl$3.run(BundleContextImpl.java:1)
	at java.security.AccessController.doPrivileged(Native Method)
	at org.eclipse.osgi.internal.framework.BundleContextImpl.startActivator(BundleContextImpl.java:834)
	at org.eclipse.osgi.internal.framework.BundleContextImpl.start(BundleContextImpl.java:791)
	at org.eclipse.osgi.internal.framework.EquinoxBundle.startWorker0(EquinoxBundle.java:1013)
	at org.eclipse.osgi.internal.framework.EquinoxBundle$EquinoxModule.startWorker(EquinoxBundle.java:365)
	at org.eclipse.osgi.container.Module.doStart(Module.java:598)
	at org.eclipse.osgi.container.Module.start(Module.java:462)
	at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel$1.run(ModuleContainer.java:1820)
	at org.eclipse.osgi.internal.framework.EquinoxContainerAdaptor$2$1.execute(EquinoxContainerAdaptor.java:150)
	at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.incStartLevel(ModuleContainer.java:1813)
	at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.incStartLevel(ModuleContainer.java:1770)
	at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.doContainerStartLevel(ModuleContainer.java:1735)
	at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.dispatchEvent(ModuleContainer.java:1661)
	at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.dispatchEvent(ModuleContainer.java:1)
	at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:234)
	at org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:345)
Caused by: java.security.UnrecoverableKeyException: Password verification failed
	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778)
	... 35 more

[2021-04-29 06:58:01,352] FATAL {org.wso2.micro.integrator.core.internal.CoreServerInitializer} - WSO2 Carbon initialization Failed org.apache.synapse.transport.exceptions.InvalidConfigurationException: Error occurred while creating SSL context for the servers *
	at org.apache.synapse.transport.nhttp.config.ClientConnFactoryBuilder.getCustomSSLContexts(ClientConnFactoryBuilder.java:268)
	at org.apache.synapse.transport.nhttp.config.ClientConnFactoryBuilder.parseSSL(ClientConnFactoryBuilder.java:196)
	at org.apache.synapse.transport.passthru.PassThroughHttpSSLSender.initConnFactoryBuilder(PassThroughHttpSSLSender.java:45)
	at org.apache.synapse.transport.passthru.PassThroughHttpSender.init(PassThroughHttpSender.java:167)
	at org.apache.synapse.transport.passthru.PassThroughHttpSSLSender.init(PassThroughHttpSSLSender.java:33)
	at org.apache.axis2.context.ConfigurationContextFactory.initTransportSenders(ConfigurationContextFactory.java:300)
	at org.apache.axis2.context.ConfigurationContextFactory.init(ConfigurationContextFactory.java:231)
	at org.apache.axis2.context.ConfigurationContextFactory.createConfigurationContext(ConfigurationContextFactory.java:93)
	at org.wso2.micro.core.CarbonConfigurationContextFactory.createNewConfigurationContext(CarbonConfigurationContextFactory.java:66)
	at org.wso2.micro.integrator.core.internal.CoreServerInitializer.initializeCarbon(CoreServerInitializer.java:208)
	at org.wso2.micro.integrator.core.internal.CoreServerInitializer.initMIServer(CoreServerInitializer.java:125)
	at org.wso2.micro.integrator.core.internal.Activator.start(Activator.java:82)
	at org.eclipse.osgi.internal.framework.BundleContextImpl$3.run(BundleContextImpl.java:842)
	at org.eclipse.osgi.internal.framework.BundleContextImpl$3.run(BundleContextImpl.java:1)
	at java.security.AccessController.doPrivileged(Native Method)
	at org.eclipse.osgi.internal.framework.BundleContextImpl.startActivator(BundleContextImpl.java:834)
	at org.eclipse.osgi.internal.framework.BundleContextImpl.start(BundleContextImpl.java:791)
	at org.eclipse.osgi.internal.framework.EquinoxBundle.startWorker0(EquinoxBundle.java:1013)
	at org.eclipse.osgi.internal.framework.EquinoxBundle$EquinoxModule.startWorker(EquinoxBundle.java:365)
	at org.eclipse.osgi.container.Module.doStart(Module.java:598)
	at org.eclipse.osgi.container.Module.start(Module.java:462)
	at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel$1.run(ModuleContainer.java:1820)
	at org.eclipse.osgi.internal.framework.EquinoxContainerAdaptor$2$1.execute(EquinoxContainerAdaptor.java:150)
	at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.incStartLevel(ModuleContainer.java:1813)
	at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.incStartLevel(ModuleContainer.java:1770)
	at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.doContainerStartLevel(ModuleContainer.java:1735)
	at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.dispatchEvent(ModuleContainer.java:1661)
	at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.dispatchEvent(ModuleContainer.java:1)
	at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:234)
	at org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:345)
Caused by: org.apache.axis2.AxisFault: Error opening Keystore : repository/resources/security/wso2carbon.jks
	at org.apache.synapse.transport.nhttp.config.ClientConnFactoryBuilder.createSSLContext(ClientConnFactoryBuilder.java:443)
	at org.apache.synapse.transport.nhttp.config.ClientConnFactoryBuilder.getCustomSSLContexts(ClientConnFactoryBuilder.java:264)
	... 29 more
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780)
	at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
	at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
	at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
	at java.security.KeyStore.load(KeyStore.java:1445)
	at org.apache.synapse.transport.nhttp.config.ClientConnFactoryBuilder.createSSLContext(ClientConnFactoryBuilder.java:432)
	... 30 more
Caused by: java.security.UnrecoverableKeyException: Password verification failed
	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778)
	... 35 more

Affected Product Version:
WSO2MI:1.2.0
@anupama-pathirage anupama-pathirage added the IceBox Older issues that are not being actively worked on but may be revisited in the future. label Oct 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
IceBox Older issues that are not being actively worked on but may be revisited in the future.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@anupama-pathirage @akAsara