Invalid Secret Key when using a vault and JDK 1.8.0_171 #79
Comments
|
All images were rebuilt yesterday, current OpenJDK provided is: |
|
@goldmann I'm not sure if you understood the issue above but changed happen in update JDK 1.8.0_171 So java-1.8.0-openjdk-1.8.0.181 will be also affected. I'm currently using java-1.8.0-openjdk-1.8.0.181-3.b13.el7_5.x86_64, the image was pulled yesterday. |
|
Currently maintained WildFly version is 13. Anything that is older is provided as-is and will not be updated. We do not provide any backports to older versions of WildFly. |
|
The solution described by Ricardo Martin in the Redhat Bugzilla-Ticket worked for me.
|
Description of problem:
The following exception is thrown when using vault and JDK 1.8.0_171+ (EAP startup and "vault.sh" script):
java.lang.Exception: WFLYSEC0045: Exception encountered:
at org.jboss.as.security.vault.VaultSession.initSecurityVault(VaultSession.java:192)
at org.jboss.as.security.vault.VaultSession.startVaultSession(VaultSession.java:210)
at org.jboss.as.security.vault.VaultTool.execute(VaultTool.java:193)
at org.jboss.as.security.vault.VaultTool.main(VaultTool.java:83)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.jboss.modules.Module.run(Module.java:335)
at org.jboss.modules.Main.main(Main.java:505)
Caused by: org.jboss.security.vault.SecurityVaultException: java.lang.RuntimeException: PBOX00140: Unable to get keystore (/path/to/vault/vault.keystore)
at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:210)
at org.jboss.as.security.vault.VaultSession.initSecurityVault(VaultSession.java:189)
... 9 more
Caused by: java.lang.RuntimeException: PBOX00140: Unable to get keystore (/path/to/vault/vault.keystore)
at org.picketbox.plugins.vault.PicketBoxSecurityVault.getKeyStore(PicketBoxSecurityVault.java:691)
at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:205)
... 10 more
Caused by: java.io.IOException: Invalid secret key format
at com.sun.crypto.provider.JceKeyStore.engineLoad(JceKeyStore.java:856)
at java.security.KeyStore.load(KeyStore.java:1445)
at org.picketbox.util.KeyStoreUtil.getKeyStore(KeyStoreUtil.java:201)
at org.picketbox.util.KeyStoreUtil.getKeyStore(KeyStoreUtil.java:151)
at org.picketbox.plugins.vault.PicketBoxSecurityVault.getKeyStore(PicketBoxSecurityVault.java:688)
... 11 more
Version-Release number of selected component (if applicable):
6.4.x and JDK 1.8.0_171.
How reproducible:
Just create/configure a vault and use JDK 1.8.0_171+, for example doing the following vault command:
./vault.sh -keystore ${JBOSS_HOME}/vault/vault.keystore --keystore-password XXXXX -alias vault --vault-block vb --attribute password --sec-attr YYYYY --enc-dir ${JBOSS_HOME}/vault --iteration 120 --salt 1234abcd
This affects Wildfly version, 8,9,10
Additional info:
The info seems to be produced by a change in openjdk. See:
https://bugzilla.redhat.com/show_bug.cgi?id=1569958
https://developer.jboss.org/thread/277727
The text was updated successfully, but these errors were encountered: