Uploaded image for project: 'Network Controller'
  1. Network Controller
  2. SDNC-1372

keystore password is incorrect in SDNC image

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • High
    • Resolution: Done
    • Guilin Release
    • Guilin Release
    • sdnc-oam

    Description

      karaf.log shows the following error when SDNC starts:

       
      2020-09-30T12:41:20,680 | ERROR | features-3-thread-1 | HttpServiceStarted | 408 - org.ops4j.pax.web.pax-web-runtime - 7.2.10 | - | Could not start the servlet context for context path []
      java.io.IOException: keystore password was incorrect
      at sun.security.pkcs12.PKCS12KeyStore.engineLoad(Unknown Source) ~[?:?]
      at sun.security.util.KeyStoreDelegator.engineLoad(Unknown Source) ~[?:?]
      at java.security.KeyStore.load(Unknown Source) ~[?:?]
      at org.eclipse.jetty.util.security.CertificateUtils.getKeyStore(CertificateUtils.java:54) ~[?:?]
      at org.eclipse.jetty.util.ssl.SslContextFactory.loadKeyStore(SslContextFactory.java:1194) ~[?:?]
      at org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:334) ~[?:?]
      at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:256) ~[?:?]
      at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) ~[?:?]
      at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:167) ~[?:?]
      at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:119) ~[?:?]
      at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:94) ~[?:?]
      .
      .
      .
      at java.util.concurrent.FutureTask.run(Unknown Source) [?:?]
      at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:?]
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:?]
      at java.lang.Thread.run(Unknown Source) [?:?]
      Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
      ... 53 more

       

      Probably, this commit has caused the problem:

      https://gerrit.onap.org/r/c/sdnc/oam/+/105729

       

      The certs have been updated in this commit, but the password for keystore (org.onap.sdnc.p12) was not updated in the pom file (installation/sdnc/pom.xml) which contains this entry:

      <sdnc.keypass><![CDATA[ff^G9D][yf&r}Ktum@BJ0YB?N]]></sdnc.keypass>

       

      Tried to list the keys in both old keystore and the updated keystore in above commit. The old one works with this password, but the new one does not work:

      OLD:

      keytool -v -list -keystore org.onap.sdnc_old-b4795c3241968668957a57b0dca331a6.p12
      Enter keystore password:
      Keystore type: PKCS12
      Keystore provider: SUN

      Your keystore contains 1 entry

      Alias name: sdnc@sdnc.onap.org
      Creation date: 26 Apr 2019
      Entry type: PrivateKeyEntry
      Certificate chain length: 2
      Certificate[1]:
      Owner: C=US, O=ONAP, OU=OSAAF, OU=sdnc@sdnc.onap.org, EMAILADDRESS=, CN=ccsdk-sdnc-heat-dev
      Issuer: CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
      Serial number: 7c3405254e2a8851
      Valid from: Fri Apr 26 19:48:01 CEST 2019 until: Sun Apr 26 19:48:01 CEST 2020
      Certificate fingerprints:
      SHA1: 5D:9D:2C:3A:37:C3:86:73:65:55:91:29:74:8F:EA:D9:8F:C0:88:BB
      SHA256: C4:41:12:76:EA:4B:46:52:DE:88:91:2A:8E:71:FD:2F:16:3C:5E:00:97:28:70:A0:9B:A9:EE:B1:2D:7D:22:93
      Signature algorithm name: SHA256withRSA
      Subject Public Key Algorithm: 2048-bit RSA key
      Version: 3

       

      NEW:

      keytool -v -list -keystore org.onap.sdnc_new-1814b26af102bcb8d7f5f31d6489e8ea.p12
      Enter keystore password:
      keytool error: java.io.IOException: keystore password was incorrect
      java.io.IOException: keystore password was incorrect
      at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2108)
      at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:222)
      at java.base/java.security.KeyStore.load(KeyStore.java:1479)
      at java.base/sun.security.tools.keytool.Main.doCommands(Main.java:1050)
      at java.base/sun.security.tools.keytool.Main.run(Main.java:397)
      at java.base/sun.security.tools.keytool.Main.main(Main.java:390)
      Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
      ... 6 more
       

      Attachments

        Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              pendurty Ravi Pendurty
              RehanRaza Muhammad Rehan Raza
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: