Application Server 7
  1. Application Server 7
  2. AS7-5275

Vault shared key is displaying the byte[] address

    Details

    • Similar Issues:
      Show 10 results 

      Description

      I added a secured attribute with vault.sh but the shared key looked suspicious:

      ********************************************
      Vault Block:HQ
      Attribute Name:thePass
      Shared Key:[B@52621f0c
      Configuration should be done as follows:
      VAULT::HQ::thePass::[B@52621f0c
      ********************************************
      

      Looking at VaultSession#attributeCreatedDisplay(), the byte[] handshakeKey is displayed by calling toString() => this displays its address, not a textual representation of the bytes.

      When the shared key is read in RuntimeVaultReader, we call String.getBytes() to get back the byte[].

      A simple fix is to display the handshakeKey with new String(handshakeKey).
      However this will work only if the default charset is the same on machines that store the secured attribute and read from it.
      It'd be safe to use always the same Charset (e.g. US-ASCII or UTF-8).

      I've raised the priority to critical since it is not possible to use any secured attribute if the handshake is not properly displayed

        Activity

        Hide
        Jeff Mesnil
        added a comment -

        master pull request

        Show
        Jeff Mesnil
        added a comment - master pull request
        Hide
        Jeff Mesnil
        added a comment -

        Stefan, I wrote a patch to fix this issue[1] but it makes the test suite fail in LdapExtLoginModuleTestCase test cases[2] (I'm not a LDAP expert...)

        [1] https://github.com/jbossas/jboss-as/pull/2770
        [2] http://lightning.mw.lab.eng.bos.redhat.com/jenkins/job/as7-param-pull/3333/

        Show
        Jeff Mesnil
        added a comment - Stefan, I wrote a patch to fix this issue [1] but it makes the test suite fail in LdapExtLoginModuleTestCase test cases [2] (I'm not a LDAP expert...) [1] https://github.com/jbossas/jboss-as/pull/2770 [2] http://lightning.mw.lab.eng.bos.redhat.com/jenkins/job/as7-param-pull/3333/
        Hide
        Stefan Guilhen
        added a comment -

        This is odd, at first I would think the two things are not related. I'll try applying your patch and see what I get here.

        Show
        Stefan Guilhen
        added a comment - This is odd, at first I would think the two things are not related. I'll try applying your patch and see what I get here.
        Hide
        Stefan Guilhen
        added a comment -

        Sent a new PR https://github.com/jbossas/jboss-as/pull/2867 as I've got clean testsuite runs locally with Jeff's patch.

        Show
        Stefan Guilhen
        added a comment - Sent a new PR https://github.com/jbossas/jboss-as/pull/2867 as I've got clean testsuite runs locally with Jeff's patch.
        Hide
        Stefan Guilhen
        added a comment -

        The PR was merged into master.

        Show
        Stefan Guilhen
        added a comment - The PR was merged into master.

          People

          • Assignee:
            Stefan Guilhen
            Reporter:
            Jeff Mesnil
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: