You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by "Metin Savignano (Jira)" <se...@james.apache.org> on 2022/02/11 10:53:00 UTC

[jira] [Commented] (JAMES-3206) Keystore Exception when running the "Basic" Server

    [ https://issues.apache.org/jira/browse/JAMES-3206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17490849#comment-17490849 ] 

Metin Savignano commented on JAMES-3206:
----------------------------------------

I think I stumbled upon this issue when trying to get the demo docker image to work. Please bear with me if I'm wrong.

I had tried to create an own custom docker image based on dockerfiles/run/guice/provisioned/Dockerfile and replaced the demo keystore with my own pkcs12 keystore (using the same famous "{{{}james72laBalle{}}}" password).This resulted in the above exception. 

After trying everything with regard to fixing the keystore, I eventually found out that the pkcs12 format wasn't supported, and after converting the keystore to JKS, it worked instantly. Wondering why, I did some reserach here in the existing issues, and it looks like pkcs12 has only been added in a newer version, but the demo docker image still uses 3.4.0.
{code:java}
FROM linagora/james-jpa-guice:james-project-3.4.0{code}
I changed it to use 3.6.2, and immediately was able to use my pcks12 keystore.

I'm not sure, though, which version is used in the the "Basic" server (jpa-guice), andit may have been updated since the creation of this issue here.

However, I would recommend to update the demo docker to a newer version. It is probably used a s a start quite often.

> Keystore Exception when running the "Basic" Server
> --------------------------------------------------
>
>                 Key: JAMES-3206
>                 URL: https://issues.apache.org/jira/browse/JAMES-3206
>             Project: James Server
>          Issue Type: Bug
>            Reporter: David Leangen
>            Priority: Blocker
>
> When attempting to run the "Basic" server (jpa-guice) out-of-the-box, I am unable to get the server running due to a password exception:
> {code:java}
> 12:13:26.044 [ERROR] o.a.j.GuiceJamesServer - Fatal error while starting James
> java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: java.lang.IllegalStateException: password has been cleared
>  ... 32 common frames omitted
> Wrapped by: java.io.IOException: keystore password was incorrect
>  at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(Unknown Source)
>  at java.base/sun.security.util.KeyStoreDelegator.engineLoad(Unknown Source)
>  at java.base/java.security.KeyStore.load(Unknown Source)
>  at org.apache.james.protocols.lib.netty.AbstractConfigurableAsyncServer.buildSSLContext(AbstractConfigurableAsyncServer.java:396)
>  at org.apache.james.protocols.lib.netty.AbstractConfigurableAsyncServer.init(AbstractConfigurableAsyncServer.java:264)
>  at org.apache.james.protocols.lib.netty.AbstractServerFactory.init(AbstractServerFactory.java:58)
>  at org.apache.james.modules.protocols.IMAPServerModule.lambda$configureImap$0(IMAPServerModule.java:93)
>  at org.apache.james.utils.InitilizationOperationBuilder$PrivateImpl.initModule(InitilizationOperationBuilder.java:52)
>  at com.github.fge.lambdas.consumers.ConsumerChainer.lambda$sneakyThrow$9(ConsumerChainer.java:73)
>  at java.base/java.util.stream.ReferencePipeline$11$1.accept(Unknown Source)
>  at java.base/java.util.stream.DistinctOps$1$2.accept(Unknown Source)
>  at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(Unknown Source)
>  at java.base/java.util.stream.ReferencePipeline$2$1.accept(Unknown Source)
>  at java.base/java.util.Spliterators$ArraySpliterator.forEachRemaining(Unknown Source)
>  at java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source)
>  at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source)
>  at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(Unknown Source)
>  at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(Unknown Source)
>  at java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source)
>  at java.base/java.util.stream.ReferencePipeline.forEach(Unknown Source)
>  at java.base/java.util.stream.ReferencePipeline$7$1.accept(Unknown Source)
>  at java.base/java.util.Spliterators$ArraySpliterator.forEachRemaining(Unknown Source)
>  at java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source)
>  at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source)
>  at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(Unknown Source)
>  at java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source)
>  at java.base/java.util.stream.ReferencePipeline.collect(Unknown Source)
>  at org.apache.james.utils.InitializationOperations.processConfigurables(InitializationOperations.java:53)
>  at org.apache.james.utils.InitializationOperations.initModules(InitializationOperations.java:43)
>  at org.apache.james.GuiceJamesServer.start(GuiceJamesServer.java:93)
>  at org.apache.james.JamesServerMain.main(JamesServerMain.java:24)
>  at org.apache.james.JPAJamesServerMain.main(JPAJamesServerMain.java:105)
> 12:14:23.287 [ERROR] o.a.j.PeriodicalHealthChecks - UNHEALTHY: Guice application lifecycle : James server is not started.
> {code}
>  I opened a session into the docker container to test the keystore. It exists in the conf directory and works as intended with the default password.
> So I do not know why this exception occurs and the server does not start. :(



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org