Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error creating PKCS12 tenanted keystores #22117

Open
hwupathum opened this issue Dec 28, 2024 · 0 comments
Open

Error creating PKCS12 tenanted keystores #22117

hwupathum opened this issue Dec 28, 2024 · 0 comments
Assignees
@hwupathum
Labels
Affected/7.1.0-m5 Type/Bug

Comments

@hwupathum
Copy link
Contributor

Description

When a JKS keystore is used as the primary keystore, and PKCS12 type is used for tenanted keystore, an error is thrown when trying to create a keystore.

[2024-12-28 14:32:28,820] [c307150f-9057-4712-b657-894c850075bf] ERROR {org.wso2.carbon.tenant.mgt.services.TenantMgtAdminService} - Error in notifying tenant addition. org.wso2.carbon.stratos.common.exception.StratosException: Error when adding Resident Identity Provider entry for tenant nono.com
	at org.wso2.carbon.idp.mgt.internal.TenantManagementListener.onTenantCreate(TenantManagementListener.java:55)
	at org.wso2.carbon.tenant.mgt.util.TenantMgtUtil.triggerAddTenant(TenantMgtUtil.java:160)
	at org.wso2.carbon.tenant.mgt.services.TenantMgtAdminService.notifyTenantAddition(TenantMgtAdminService.java:162)
	at org.wso2.carbon.tenant.mgt.services.TenantMgtAdminService.registerTenant(TenantMgtAdminService.java:108)
	at org.wso2.carbon.tenant.mgt.services.TenantMgtAdminService.addTenant(TenantMgtAdminService.java:61)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.apache.axis2.rpc.receivers.RPCUtil.invokeServiceClass(RPCUtil.java:212)
	at org.apache.axis2.rpc.receivers.RPCMessageReceiver.invokeBusinessLogic(RPCMessageReceiver.java:117)
	at org.apache.axis2.receivers.AbstractInOutMessageReceiver.invokeBusinessLogic(AbstractInOutMessageReceiver.java:40)
	at org.apache.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:110)
	at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
	at org.apache.axis2.transport.local.LocalTransportReceiver.processMessage(LocalTransportReceiver.java:170)
	at org.apache.axis2.transport.local.LocalTransportReceiver.processMessage(LocalTransportReceiver.java:82)
	at org.wso2.carbon.core.transports.local.CarbonLocalTransportSender.finalizeSendWithToAddress(CarbonLocalTransportSender.java:45)
	at org.apache.axis2.transport.local.LocalTransportSender.invoke(LocalTransportSender.java:77)
	at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442)
	at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:449)
	at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:235)
	at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
	at org.wso2.carbon.tenant.mgt.stub.TenantMgtAdminServiceStub.addTenant(TenantMgtAdminServiceStub.java:2540)
	at org.wso2.carbon.tenant.mgt.ui.clients.TenantServiceClient.addTenant(TenantServiceClient.java:90)
	at org.wso2.carbon.tenant.mgt.ui.utils.TenantMgtUtil.addTenantConfigBean(TenantMgtUtil.java:68)
	at org.apache.jsp.tenant_002dmgt.submit_005ftenant_005fajaxprocessor_jsp._jspService(submit_005ftenant_005fajaxprocessor_jsp.java:203)
	at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:67)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:623)
	at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:466)
	at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:376)
	at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:324)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:623)
	at org.wso2.carbon.ui.JspServlet.service(JspServlet.java:207)
	at org.wso2.carbon.ui.TilesJspServlet.service(TilesJspServlet.java:80)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:623)
	at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37)
	at org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
	at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
	at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:623)
	at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:199)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
	at org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter.java:88)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
	at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:129)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
	at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:65)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
	at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:129)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:168)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130)
	at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:119)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
	at org.wso2.carbon.identity.context.rewrite.valve.OrganizationContextRewriteValve.invoke(OrganizationContextRewriteValve.java:123)
	at org.wso2.carbon.tomcat.ext.valves.SameSiteCookieValve.invoke(SameSiteCookieValve.java:38)
	at org.wso2.carbon.identity.cors.valve.CORSValve.invoke(CORSValve.java:83)
	at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:177)
	at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:129)
	at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:110)
	at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:49)
	at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:71)
	at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:152)
	at org.wso2.carbon.extension.identity.x509Certificate.valve.X509CertificateAuthenticationValve.invoke(X509CertificateAuthenticationValve.java:59)
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:660)
	at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:63)
	at org.wso2.carbon.tomcat.ext.valves.RequestEncodingValve.invoke(RequestEncodingValve.java:49)
	at org.wso2.carbon.tomcat.ext.valves.RequestCorrelationIdValve.invoke(RequestCorrelationIdValve.java:137)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:346)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:383)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:936)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1791)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
	at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1190)
	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)
	at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: org.wso2.carbon.idp.mgt.IdentityProviderManagementException: Error retrieving primary certificate for tenant : nono.com
	at org.wso2.carbon.idp.mgt.dao.IdPManagementDAO.fillResidentIdpProperties(IdPManagementDAO.java:2723)
	at org.wso2.carbon.idp.mgt.dao.IdPManagementDAO.getIDPbyResourceId(IdPManagementDAO.java:3046)
	at org.wso2.carbon.idp.mgt.dao.IdPManagementDAO.addIdPWithResourceId(IdPManagementDAO.java:3908)
	at org.wso2.carbon.idp.mgt.dao.IdPManagementFacade.addIdPWithResourceId(IdPManagementFacade.java:155)
	at org.wso2.carbon.idp.mgt.dao.CacheBackedIdPMgtDAO.addIdP(CacheBackedIdPMgtDAO.java:585)
	at org.wso2.carbon.idp.mgt.IdentityProviderManager.addResidentIdP(IdentityProviderManager.java:294)
	at org.wso2.carbon.idp.mgt.internal.TenantManagementListener.onTenantCreate(TenantManagementListener.java:51)
	... 88 more
Caused by: java.lang.SecurityException: Key Store with a name: nono-com.jks does not exist.
	at org.wso2.carbon.core.util.KeyStoreManager.getTenantKeyStore(KeyStoreManager.java:577)
	at org.wso2.carbon.core.util.KeyStoreManager.getKeyStore(KeyStoreManager.java:307)
	at org.wso2.carbon.idp.mgt.dao.IdPManagementDAO.fillResidentIdpProperties(IdPManagementDAO.java:2716)
	... 94 more

Steps to Reproduce

  1. Use the JKS type primary keystore and update the configs in deployment.toml
[keystore.primary]
file_name = "wso2carbon.jks"
password = "wso2carbon"
type="JKS"
  1. Set the teanted keystore type to PKCS12
[keystore.tenant]
type = "PKCS12"
  1. Create a new tenant

Version

IS 7.0.0

Environment Details (with versions)

No response
@hwupathum hwupathum mentioned this issue Dec 28, 2024
Open
@hwupathum hwupathum self-assigned this Dec 28, 2024
@hwupathum hwupathum changed the title Error creating PKCS12 tenanted keystores with JKS primary keystore Error creating PKCS12 tenanted keystores Dec 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hwupathum hwupathum

Labels
Affected/7.1.0-m5 Type/Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hwupathum