OPSS - Unable see keystores in EM, error showed Failed To Retrieve All Keystores. Failed To Perform Cryptographic Operation.

(Doc ID 2179273.1)

Last updated on OCTOBER 18, 2017

Applies to:

Oracle Platform Security for Java - Version 12.1.3.0.0 and later
Information in this document applies to any platform.

Symptoms

Unable see keystores in EM

 

When trying to click keystores under domain>Security in EM console, an error pops up with the message of "oracle.security.jps.service.keystore.KeyStoreServiceException: Failed to perform cryptographic operation"

In emoms.log file observing:

[2016-08-06T13:40:03.775-04:00] [adm_server1] [ERROR] [EM_01104] [oracle.sysman.emas.security] [tid: [ACTIVE].ExecuteThread: '20' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: weblogic] [ecid: c1ae1bbf9d8d5a69:581c4389:1566093a121:-8000-00000000000005e2,0] [APP: em] Error in querying list of Keystores.
[2016-08-06T13:40:03.776-04:00] [adm_server1] [NOTIFICATION:32] [EM_01104] [oracle.sysman.emas.security] [tid: [ACTIVE].ExecuteThread: '20' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: weblogic] [ecid: c1ae1bbf9d8d5a69:581c4389:1566093a121:-8000-00000000000005e2,0] [APP: em] Error in querying list of Keystores.[[
javax.management.MBeanException: oracle.security.jps.service.keystore.KeyStoreServiceException: Failed to perform cryptographic operation
at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:205)
at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:222)
.........
Caused by: oracle.as.jmx.framework.exceptions.ManagementException: oracle.security.jps.service.keystore.KeyStoreServiceException: Failed to perform cryptographic operation
at oracle.security.jps.mas.mgmt.jmx.keystore.JpsKeyStoreBeanImpl.rethrowAsManagementException(JpsKeyStoreBeanImpl.java:172)
at oracle.security.jps.mas.mgmt.jmx.keystore.JpsKeyStoreBeanImpl.listKeyStores(JpsKeyStoreBeanImpl.java:244)
.............
[2016-08-06T13:40:03.807-04:00] [adm_server1] [ERROR] [EM-01051] [oracle.sysman.emas.security] [tid: [ACTIVE].ExecuteThread: '20' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: weblogic] [ecid: c1ae1bbf9d8d5a69:581c4389:1566093a121:-8000-00000000000005e2,0] [APP: em] Error occurred in initializing model object.
[2016-08-06T13:40:03.808-04:00] [adm_server1] [NOTIFICATION:32] [EM-01051] [oracle.sysman.emas.security] [tid: [ACTIVE].ExecuteThread: '20' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: weblogic] [ecid: c1ae1bbf9d8d5a69:581c4389:1566093a121:-8000-00000000000005e2,0] [APP: em] Error occurred in initializing model object.[[
oracle.sysman.emSDK.app.exception.EMSystemException
at oracle.sysman.emas.model.security.EMJpsASObject.throwsEMSystemException(EMJpsASObject.java:112)
at oracle.sysman.emas.model.security.keystore.KeystoreHomeModel.findKeystoreList(KeystoreHomeModel.java:229)
at oracle.sysman.emas.model.security.keystore.KeystoreHomeModel.findKeystoreList(KeystoreHomeModel.java:132)
........
Caused by: javax.management.MBeanException: oracle.security.jps.service.keystore.KeyStoreServiceException: Failed to perform cryptographic operation
at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:205)
..........
Caused by: oracle.as.jmx.framework.exceptions.ManagementException: oracle.security.jps.service.keystore.KeyStoreServiceException: Failed to perform cryptographic operation
at oracle.security.jps.mas.mgmt.jmx.keystore.JpsKeyStoreBeanImpl.rethrowAsManagementException(JpsKeyStoreBeanImpl.java:172)
at oracle.security.jps.mas.mgmt.jmx.keystore.JpsKeyStoreBeanImpl.listKeyStores(JpsKeyStoreBeanImpl.java:244)

In Admin server diagnostic log seeing

[2016-08-11T00:24:15.970-04:00] [adm_server1] [TRACE] [] [oracle.jps.keystore] [tid: [ACTIVE].ExecuteThread: '25' for queue: 'weblogic.kernel.Default (self-tuning)'] [ecid: 6d820110a3dd6640:-1735c7c7:15677c79164:-8000-0000000000000258,0] [DSID: 0000LPrpoGc7a6HaytAhMG1Nezay000006] [SRC_CLASS: oracle.security.jps.internal.keystore.util.CryptoUtil] [SRC_METHOD: decrypt] Failed to unwrap encrypted content[[
javax.crypto.BadPaddingException: Invalid pad value!
at com.oracle.security.ucrypto.NativeCipherWithJavaPadding$PKCS5Padding.unpad(NativeCipherWithJavaPadding.java:167)
at com.oracle.security.ucrypto.NativeCipherWithJavaPadding.engineDoFinal(NativeCipherWithJavaPadding.java:399)
at com.oracle.security.ucrypto.NativeCipherWithJavaPadding.engineDoFinal(NativeCipherWithJavaPadding.java:365)
at javax.crypto.Cipher.doFinal(Cipher.java:2131)

 Attempting get the keystone information using wlst script getting the same "oracle.security.jps.service.keystore.KeyStoreServiceException: Failed to perform cryptographic operation" error:

wls:/domain/serverConfig> svc = getOpssService(name='KeyStoreService');
wls:/domain/serverConfig> svc.listKeyStores(appStripe='*');

 Replace the JCE files did not work

Changes

The Webcenter domain was originally built using the version 11.1.1.7 on jdk1.7.0_71.
but then domain was upgraded to 11.1.1.9 and the jdk was upgraded to jdk1.7.0_91

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms