Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Migrated to another ITS
    • Affects Version/s: EAP 6.0.0
    • Fix Version/s: TBD EAP 6
    • Component/s: Security
    • Labels:
      None
    • Steps to Reproduce:
      Hide

      1. keytool -genkey -alias tooooo.long -keyalg RSA 2048 -keystore vault.ks
      2. $JBOSS_HOME/bin/vault.sh`
      3. configure standalone.xml to use vault
      4. $JBOSS_HOME/bin/standalone.sh

      Show
      1. keytool -genkey -alias tooooo.long -keyalg RSA 2048 -keystore vault.ks 2. $JBOSS_HOME/bin/vault.sh` 3. configure standalone.xml to use vault 4. $JBOSS_HOME/bin/standalone.sh
    • Workaround:
      Workaround Exists
    • Workaround Description:
      Hide

      Use an alias which length < 11.

      Show
      Use an alias which length < 11.
    • Docs QE Status:
      NEW

      Description

      When I use a long alias name in password vault, EAP6 does not start sucessfully.

      12:23:02,669 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 47) JBAS014612: Operation ("add") f
      ailed - address: ([                                                                                                               
          ("subsystem" => "web"),
          ("connector" => "HTTPS")
      ]): java.lang.SecurityException: JBAS013311: Security Exception
              at org.jboss.as.security.vault.RuntimeVaultReader.retrieveFromVault(RuntimeVaultReader.java:104)
              at org.jboss.as.server.RuntimeExpressionResolver.resolvePluggableExpression(RuntimeExpressionResolver.java:45)
              at org.jboss.as.controller.ExpressionResolverImpl.resolveExpressionsRecursively(ExpressionResolverImpl.java:58) [jboss-as-controller-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]                                                                          
              at org.jboss.as.controller.ExpressionResolverImpl.resolveExpressions(ExpressionResolverImpl.java:40) [jboss-as-controller-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]                                                                                     
              at org.jboss.as.controller.ModelControllerImpl.resolveExpressions(ModelControllerImpl.java:455) [jboss-as-controller-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]                                                                                          
              at org.jboss.as.controller.OperationContextImpl.resolveExpressions(OperationContextImpl.java:689) [jboss-as-controller-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]                                                                                        
              at org.jboss.as.controller.ParallelBootOperationContext.resolveExpressions(ParallelBootOperationContext.java:283) [jboss-as-controller-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]                                                                        
              at org.jboss.as.controller.AttributeDefinition.resolveModelAttribute(AttributeDefinition.java:249) [jboss-as-controller-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]                                                                                       
              at org.jboss.as.web.WebConnectorAdd.resolveExpressions(WebConnectorAdd.java:138)
              at org.jboss.as.web.WebConnectorAdd.performRuntime(WebConnectorAdd.java:116)
              at org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:50) [jboss-as-controller-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]                                                                                              
              at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:397) [jboss-as-controller-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]                                                                                       
              at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:284) [jboss-as-controller-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]                                                                                    
              at org.jboss.as.controller.AbstractOperationContext.completeStep(AbstractOperationContext.java:211) [jboss-as-controller-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]                                                                                      
              at org.jboss.as.controller.ParallelBootOperationStepHandler$ParallelBootTask.run(ParallelBootOperationStepHandler.java:312)
       [jboss-as-controller-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]                                                              
              at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [rt.jar:1.6.0_37]
              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [rt.jar:1.6.0_37]
              at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_37]
              at org.jboss.threads.JBossThread.run(JBossThread.java:122) [jboss-threads-2.0.0.GA-redhat-1.jar:2.0.0.GA-redhat-1]
      Caused by: org.jboss.security.vault.SecurityVaultException: PB00027: Vault Mismatch:Shared Key does not match for vault block:keyst
      ore and attributeName:password                                                                                                    
              at org.picketbox.plugins.vault.PicketBoxSecurityVault.retrieve(PicketBoxSecurityVault.java:364)
              at org.jboss.as.security.vault.RuntimeVaultReader.getValue(RuntimeVaultReader.java:124)
              at org.jboss.as.security.vault.RuntimeVaultReader.getValueAsString(RuntimeVaultReader.java:112)
              at org.jboss.as.security.vault.RuntimeVaultReader.retrieveFromVault(RuntimeVaultReader.java:102)
              ... 18 more
      

      For example, an alias name "very.short" works fine, but "tooooo.long" is NG.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  pskopek Peter Škopek
                  Reporter:
                  hisanobu.okuda Hisanobu Okuda
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: