Cannot check vault via non-interactive cli
gregoryevans Jul 13, 2018 4:30 AMI created a vault using the vault.bat and added some values to it...I then tried to retrieve those values as follows:
.\vault.bat --keystore D:path\to\my.store --keystore-password myPassword --alias Vault --check-sec-attr --vault-block DB --attribute DBUser --enc-dir D:\path\to\enc-dir --iteration 128 --salt <mysalt>
I get this result:
Jul 11, 2018 5:35:34 PM org.picketbox.plugins.vault.PicketBoxSecurityVault init
INFO: PBOX00361: Default Security Vault Implementation Initialized and Ready
WFLYSEC0081: Secured attribute (password) doesn't exist.
When I do the same thing in Interactive mode however, entering each option...
Enter directory to store encrypted files: D:\path\to\enc-dir
Enter Keystore URL: D:\path\to\my.store
Enter Keystore password: myPassword
Enter Keystore password again: myPassword
Values match
Enter 8 character salt: <mysalt>
Enter iteration count as a number (e.g.: 44): 128
Enter Keystore Alias: Vault
I get:
Please enter a Digit:: 0: Store a secured attribute 1: Check whether a secured attribute exists 2: Remove secured attribute 3: Exit
1
Task: Verify whether a secured attribute exists
Enter Vault Block:DB
Enter Attribute Name:DBUser
A value exists for [DB::DBUser]
I am trying to figure out if I am doing something incorrectly in the non-interactive mode, and can't seem to see anything obvious that I am doing incorrect.
Java 1.8.0_171
Wildfly 10.1.0.Final
And we added a dependency as shown in this thread WF 10 Vaults Not Working with 1.8.0_172
Any Help appreciated. My goal is using the vault.bat (or ps1) to add a lot of values via a script and then subsequently run a check on them, and report back any that didn't get created for whatever reason.
It also doesn't seem to be working in my standalone.xml
<extensions>
...
</extensions>
<system-properties>
...
</system-properties>
<vault>
<vault-option name="KEYSTORE_URL" value="D:\path\to\my.store"/>
<vault-option name="KEYSTORE_PASSWORD" value="MASK-2EHbOcomYBBWvYAyTs0u1of/xMfmO96B"/>
<vault-option name="KEYSTORE_ALIAS" value="Vault"/>
<vault-option name="SALT" value="<mySalt>"/>
<vault-option name="ITERATION_COUNT" value="128"/>
<vault-option name="ENC_FILE_DIR" value="D:\path\to\enc-dir\"/>
</vault>
<management>
...
from my wildfly log
07/12/2018 11:52:19,448 INFO [org.xnio] (MSC service thread 1-3) XNIO version 3.4.6.Final
07/12/2018 11:52:22,158 INFO [com.arjuna.ats.jbossatx] (MSC service thread 1-3) ARJUNA032010: JBossTS Recovery Service (tag: c5912) - JBoss Inc.
07/12/2018 11:52:22,233 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 33) WFLYCTL0013: Operation ("add") failed - address: ([
("subsystem" => "datasources"),
("data-source" => "issuance")
]): java.lang.SecurityException: WFLYSRV0228: Security Exception
at org.jboss.as.server.services.security.RuntimeVaultReader.retrieveFromVault(RuntimeVaultReader.java:118)
at org.jboss.as.server.RuntimeExpressionResolver.resolvePluggableExpression(RuntimeExpressionResolver.java:45)
at org.jboss.as.controller.ExpressionResolverImpl.resolveExpressionString(ExpressionResolverImpl.java:337) [wildfly-controller-2.2.0.Final.jar:2.2.0.Final]
at org.jboss.as.controller.ExpressionResolverImpl.parseAndResolve(ExpressionResolverImpl.java:246) [wildfly-controller-2.2.0.Final.jar:2.2.0.Final]
at org.jboss.as.controller.ExpressionResolverImpl.resolveExpressionStringRecursively(ExpressionResolverImpl.java:143) [wildfly-controller-2.2.0.Final.jar:2.2.0.Final]
at org.jboss.as.controller.ExpressionResolverImpl.resolveExpressionsRecursively(ExpressionResolverImpl.java:84) [wildfly-controller-2.2.0.Final.jar:2.2.0.Final]
at org.jboss.as.controller.ExpressionResolverImpl.resolveExpressions(ExpressionResolverImpl.java:66) [wildfly-controller-2.2.0.Final.jar:2.2.0.Final]
at org.jboss.as.controller.ModelControllerImpl.resolveExpressions(ModelControllerImpl.java:911) [wildfly-controller-2.2.0.Final.jar:2.2.0.Final]
at org.jboss.as.controller.OperationContextImpl.resolveExpressions(OperationContextImpl.java:1196) [wildfly-controller-2.2.0.Final.jar:2.2.0.Final]
at org.jboss.as.controller.ParallelBootOperationContext.resolveExpressions(ParallelBootOperationContext.java:438) [wildfly-controller-2.2.0.Final.jar:2.2.0.Final]
at org.jboss.as.controller.AttributeDefinition$1.resolveExpressions(AttributeDefinition.java:516) [wildfly-controller-2.2.0.Final.jar:2.2.0.Final]
at org.jboss.as.controller.AttributeDefinition.resolveValue(AttributeDefinition.java:580) [wildfly-controller-2.2.0.Final.jar:2.2.0.Final]
at org.jboss.as.controller.AttributeDefinition.resolveModelAttribute(AttributeDefinition.java:539) [wildfly-controller-2.2.0.Final.jar:2.2.0.Final]
at org.jboss.as.controller.AttributeDefinition.resolveModelAttribute(AttributeDefinition.java:513) [wildfly-controller-2.2.0.Final.jar:2.2.0.Final]
at org.jboss.as.connector.util.ModelNodeUtil.getResolvedStringIfSetOrGetDefault(ModelNodeUtil.java:35)
at org.jboss.as.connector.subsystems.datasources.DataSourceModelNodeUtil.from(DataSourceModelNodeUtil.java:138)
at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceAdd.secondRuntimeStep(AbstractDataSourceAdd.java:260)
at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceAdd$1.execute(AbstractDataSourceAdd.java:113)
at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:890) [wildfly-controller-2.2.0.Final.jar:2.2.0.Final]
at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:659) [wildfly-controller-2.2.0.Final.jar:2.2.0.Final]
at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:370) [wildfly-controller-2.2.0.Final.jar:2.2.0.Final]
at org.jboss.as.controller.ParallelBootOperationStepHandler$ParallelBootTask.run(ParallelBootOperationStepHandler.java:359) [wildfly-controller-2.2.0.Final.jar:2.2.0.Final]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [rt.jar:1.8.0_171]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [rt.jar:1.8.0_171]
at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_171]
at org.jboss.threads.JBossThread.run(JBossThread.java:320) [jboss-threads-2.2.1.Final.jar:2.2.1.Final]
Caused by: org.jboss.security.vault.SecurityVaultException: java.lang.IllegalArgumentException: Null input buffer
at org.picketbox.plugins.vault.PicketBoxSecurityVault.retrieve(PicketBoxSecurityVault.java:297)
at org.jboss.as.server.services.security.RuntimeVaultReader.getValue(RuntimeVaultReader.java:146)
at org.jboss.as.server.services.security.RuntimeVaultReader.getValueAsString(RuntimeVaultReader.java:126)
at org.jboss.as.server.services.security.RuntimeVaultReader.retrieveFromVault(RuntimeVaultReader.java:116)
... 25 more
Caused by: java.lang.IllegalArgumentException: Null input buffer
at javax.crypto.Cipher.doFinal(Cipher.java:2160) [jce.jar:1.8.0_171]
at org.picketbox.util.EncryptionUtil.decrypt(EncryptionUtil.java:134)
at org.picketbox.plugins.vault.PicketBoxSecurityVault.retrieve(PicketBoxSecurityVault.java:293)