Worries less, smile more!

Summary

When you trying to bring up your service with Gemfire/geode but keep on getting following errors: java.security.UnrecoverableKeyException: Password must not be null

That’s very annoying because you’ve double or triple checked the truststore-password and keystore-password were added into application.yaml file correctly.

Root cause

Firstly let’s check the error message as below

Caused by: java.security.UnrecoverableKeyException: Password must not be null
	at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:135) ~[?:?]
	at sun.security.util.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:90) ~[?:?]
	at java.security.KeyStore.getKey(KeyStore.java:1057) ~[?:?]
	at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:145) ~[?:?]
	at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:70) ~[?:?]
	at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:271) ~[?:?]
	at org.apache.geode.internal.net.SocketCreator.getKeyManagers(SocketCreator.java:407) ~[geode-core-1.13.4.jar:?]
	at org.apache.geode.internal.net.SocketCreator.createAndConfigureSSLContext(SocketCreator.java:277) ~[geode-core-1.13.4.jar:?]
	at org.apache.geode.internal.net.SocketCreator.initialize(SocketCreator.java:231) ~[geode-core-1.13.4.jar:?]
	at org.apache.geode.internal.net.SocketCreator.<init>(SocketCreator.java:196) ~[geode-core-1.13.4.jar:?]
	at org.apache.geode.internal.net.SocketCreatorFactory.createSSLSocketCreator(SocketCreatorFactory.java:113) ~[geode-core-1.13.4.jar:?]
	at org.apache.geode.internal.net.SocketCreatorFactory.getSSLSocketCreator(SocketCreatorFactory.java:87) ~[geode-core-1.13.4.jar:?]
	at org.apache.geode.internal.net.SocketCreatorFactory.getOrCreateSocketCreatorForSSLEnabledComponent(SocketCreatorFactory.java:103) ~[geode-core-1.13.4.jar:?]
	at org.apache.geode.internal.net.SocketCreatorFactory.getSocketCreatorForComponent(SocketCreatorFactory.java:73) ~[geode-core-1.13.4.jar:?]

If we look into details you’ll find following source logic triggered this error:

String passwordString = sslConfig.getKeystorePassword();
char[] password = null;
if (passwordString != null) {
    if (passwordString.trim().equals("")) {
    String encryptedPass = System.getenv("javax.net.ssl.keyStorePassword");
    if (!StringUtils.isEmpty(encryptedPass)) {
        String toDecrypt = "encrypted(" + encryptedPass + ")";
        passwordString = PasswordUtil.decrypt(toDecrypt);
        password = passwordString.toCharArray();
    }
    } else {
    password = passwordString.toCharArray();
    }
}
keyStore.load(fileInputStream, password);
// default algorithm can be changed by setting property "ssl.KeyManagerFactory.algorithm" in
// security properties
KeyManagerFactory keyManagerFactory =
    KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, password);

The field password is null lead to this error.

Solution

Check your configuration file , it may looks like below

spring:
  data:
    gemfire:
      pool:
        locators: xxxxxxx
      security:
        ssl:
          components: all
          enable-endpoint-identification: true
          truststore: ${keystoreFile}
          truststore-password: 0bmr1ddH8rdw8r3
#          truststore.password: 0bmr1ddH8rdw8r3
          keystore: ${keystoreFile}
          keystore-password: 0bmr1ddH8rdw8r3
#          keystore.password: 0bmr1ddH8rdw8r3

Actually the solution is to replace the hypen linked password with dot linked ones.

Tricky, right?!! Hope this save your time.

-HTH-

–HTH–

Updated:

You May Also Enjoy