2 Replies Latest reply on Jul 13, 2018 9:31 AM by Greg Evans

    Cannot check vault via non-interactive cli

    Greg Evans Newbie

      I created a vault using the vault.bat and added some values to it...I then tried to retrieve those values as follows:

       

      .\vault.bat --keystore D:path\to\my.store --keystore-password myPassword --alias Vault --check-sec-attr --vault-block DB --attribute DBUser --enc-dir D:\path\to\enc-dir --iteration 128 --salt <mysalt>

       

      I get this result:

       

      Jul 11, 2018 5:35:34 PM org.picketbox.plugins.vault.PicketBoxSecurityVault init

      INFO: PBOX00361: Default Security Vault Implementation Initialized and Ready

        WFLYSEC0081: Secured attribute (password) doesn't exist.

       

      When I do the same thing in Interactive mode however, entering each option...

       

      Enter directory to store encrypted files: D:\path\to\enc-dir

      Enter Keystore URL: D:\path\to\my.store

      Enter Keystore password: myPassword

      Enter Keystore password again: myPassword

      Values match

      Enter 8 character salt: <mysalt>

      Enter iteration count as a number (e.g.: 44): 128

      Enter Keystore Alias: Vault

       

      I get:

      Please enter a Digit::  0: Store a secured attribute  1: Check whether a secured attribute exists  2: Remove secured attribute  3: Exit

      1

      Task: Verify whether a secured attribute exists

      Enter Vault Block:DB

      Enter Attribute Name:DBUser

      A value exists for [DB::DBUser]

       

      I am trying to figure out if I am doing something incorrectly in the non-interactive mode, and can't seem to see anything obvious that I am doing incorrect.

       

      Java 1.8.0_171

      Wildfly 10.1.0.Final

       

      And we added a dependency as shown in this thread WF 10 Vaults Not Working with 1.8.0_172

       

      Any Help appreciated. My goal is using the vault.bat (or ps1) to add a lot of values via a script and then subsequently run a check on them, and report back any that didn't get created for whatever reason.

       

      It also doesn't seem to be working in my standalone.xml

      <extensions>

      ...

      </extensions>

      <system-properties>

             ...

      </system-properties>

      <vault>

              <vault-option name="KEYSTORE_URL" value="D:\path\to\my.store"/>

              <vault-option name="KEYSTORE_PASSWORD" value="MASK-2EHbOcomYBBWvYAyTs0u1of/xMfmO96B"/>

              <vault-option name="KEYSTORE_ALIAS" value="Vault"/>

              <vault-option name="SALT" value="<mySalt>"/>

              <vault-option name="ITERATION_COUNT" value="128"/>

              <vault-option name="ENC_FILE_DIR" value="D:\path\to\enc-dir\"/>

          </vault>

          <management>
            ...

      from my wildfly log

      07/12/2018 11:52:19,448 INFO  [org.xnio] (MSC service thread 1-3) XNIO version 3.4.6.Final

      07/12/2018 11:52:22,158 INFO  [com.arjuna.ats.jbossatx] (MSC service thread 1-3) ARJUNA032010: JBossTS Recovery Service (tag: c5912) - JBoss Inc.

      07/12/2018 11:52:22,233 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 33) WFLYCTL0013: Operation ("add") failed - address: ([

          ("subsystem" => "datasources"),

          ("data-source" => "issuance")

      ]): java.lang.SecurityException: WFLYSRV0228: Security Exception

              at org.jboss.as.server.services.security.RuntimeVaultReader.retrieveFromVault(RuntimeVaultReader.java:118)

              at org.jboss.as.server.RuntimeExpressionResolver.resolvePluggableExpression(RuntimeExpressionResolver.java:45)

              at org.jboss.as.controller.ExpressionResolverImpl.resolveExpressionString(ExpressionResolverImpl.java:337) [wildfly-controller-2.2.0.Final.jar:2.2.0.Final]

              at org.jboss.as.controller.ExpressionResolverImpl.parseAndResolve(ExpressionResolverImpl.java:246) [wildfly-controller-2.2.0.Final.jar:2.2.0.Final]

              at org.jboss.as.controller.ExpressionResolverImpl.resolveExpressionStringRecursively(ExpressionResolverImpl.java:143) [wildfly-controller-2.2.0.Final.jar:2.2.0.Final]

              at org.jboss.as.controller.ExpressionResolverImpl.resolveExpressionsRecursively(ExpressionResolverImpl.java:84) [wildfly-controller-2.2.0.Final.jar:2.2.0.Final]

              at org.jboss.as.controller.ExpressionResolverImpl.resolveExpressions(ExpressionResolverImpl.java:66) [wildfly-controller-2.2.0.Final.jar:2.2.0.Final]

              at org.jboss.as.controller.ModelControllerImpl.resolveExpressions(ModelControllerImpl.java:911) [wildfly-controller-2.2.0.Final.jar:2.2.0.Final]

              at org.jboss.as.controller.OperationContextImpl.resolveExpressions(OperationContextImpl.java:1196) [wildfly-controller-2.2.0.Final.jar:2.2.0.Final]

              at org.jboss.as.controller.ParallelBootOperationContext.resolveExpressions(ParallelBootOperationContext.java:438) [wildfly-controller-2.2.0.Final.jar:2.2.0.Final]

              at org.jboss.as.controller.AttributeDefinition$1.resolveExpressions(AttributeDefinition.java:516) [wildfly-controller-2.2.0.Final.jar:2.2.0.Final]

              at org.jboss.as.controller.AttributeDefinition.resolveValue(AttributeDefinition.java:580) [wildfly-controller-2.2.0.Final.jar:2.2.0.Final]

              at org.jboss.as.controller.AttributeDefinition.resolveModelAttribute(AttributeDefinition.java:539) [wildfly-controller-2.2.0.Final.jar:2.2.0.Final]

              at org.jboss.as.controller.AttributeDefinition.resolveModelAttribute(AttributeDefinition.java:513) [wildfly-controller-2.2.0.Final.jar:2.2.0.Final]

              at org.jboss.as.connector.util.ModelNodeUtil.getResolvedStringIfSetOrGetDefault(ModelNodeUtil.java:35)

              at org.jboss.as.connector.subsystems.datasources.DataSourceModelNodeUtil.from(DataSourceModelNodeUtil.java:138)

              at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceAdd.secondRuntimeStep(AbstractDataSourceAdd.java:260)

              at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceAdd$1.execute(AbstractDataSourceAdd.java:113)

              at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:890) [wildfly-controller-2.2.0.Final.jar:2.2.0.Final]

              at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:659) [wildfly-controller-2.2.0.Final.jar:2.2.0.Final]

              at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:370) [wildfly-controller-2.2.0.Final.jar:2.2.0.Final]

              at org.jboss.as.controller.ParallelBootOperationStepHandler$ParallelBootTask.run(ParallelBootOperationStepHandler.java:359) [wildfly-controller-2.2.0.Final.jar:2.2.0.Final]

              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [rt.jar:1.8.0_171]

              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [rt.jar:1.8.0_171]

              at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_171]

              at org.jboss.threads.JBossThread.run(JBossThread.java:320) [jboss-threads-2.2.1.Final.jar:2.2.1.Final]

      Caused by: org.jboss.security.vault.SecurityVaultException: java.lang.IllegalArgumentException: Null input buffer

              at org.picketbox.plugins.vault.PicketBoxSecurityVault.retrieve(PicketBoxSecurityVault.java:297)

              at org.jboss.as.server.services.security.RuntimeVaultReader.getValue(RuntimeVaultReader.java:146)

              at org.jboss.as.server.services.security.RuntimeVaultReader.getValueAsString(RuntimeVaultReader.java:126)

              at org.jboss.as.server.services.security.RuntimeVaultReader.retrieveFromVault(RuntimeVaultReader.java:116)

              ... 25 more

      Caused by: java.lang.IllegalArgumentException: Null input buffer

              at javax.crypto.Cipher.doFinal(Cipher.java:2160) [jce.jar:1.8.0_171]

              at org.picketbox.util.EncryptionUtil.decrypt(EncryptionUtil.java:134)

              at org.picketbox.plugins.vault.PicketBoxSecurityVault.retrieve(PicketBoxSecurityVault.java:293)