Getting javax.crypto.BadPaddingException: Given final block not properly padded in JBoss Vault

Solution Verified - Updated -

Issue

  • Recent java and JBoss EAP upgrade caused javax.crypto.BadPaddingException: Given final block not properly padded error.
  • Starting the JBoss application server intermittently fails with javax.crypto.BadPaddingException: Given final block not properly padded error. Expect the JBoss application server to start. This error started happening when we upgraded from java 1.7._40 to Java 1.80_65, and at the same time upgraded JBoss EAP from 6.1.0 to 6.4.0.
ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 20) JBAS014612: Operation ("enable") failed - address: ([
    ("subsystem" => "datasources"),
    ("data-source" => "MYDatasource")
]): java.lang.SecurityException: JBAS013311: Security Exception
    at org.jboss.as.security.vault.RuntimeVaultReader.retrieveFromVault(RuntimeVaultReader.java:115)
    at org.jboss.as.server.RuntimeExpressionResolver.resolvePluggableExpression(RuntimeExpressionResolver.java:45)

...

Caused by: org.jboss.security.vault.SecurityVaultException: javax.crypto.BadPaddingException: Given final block not properly padded
    at org.picketbox.plugins.vault.PicketBoxSecurityVault.retrieve(PicketBoxSecurityVault.java:297)
    at org.jboss.as.security.vault.RuntimeVaultReader.getValue(RuntimeVaultReader.java:141)
    at org.jboss.as.security.vault.RuntimeVaultReader.getValueAsString(RuntimeVaultReader.java:123)
    at org.jboss.as.security.vault.RuntimeVaultReader.retrieveFromVault(RuntimeVaultReader.java:113)
    ... 26 more
Caused by: javax.crypto.BadPaddingException: Given final block not properly padded
    at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:966) [sunjce_provider.jar:1.8.0_71]
    at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:824) [sunjce_provider.jar:1.8.0_71]
    at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:436) [sunjce_provider.jar:1.8.0_71]
    at javax.crypto.Cipher.doFinal(Cipher.java:2165) [jce.jar:1.8.0_71]
    at org.picketbox.util.EncryptionUtil.decrypt(EncryptionUtil.java:134)
    at org.picketbox.plugins.vault.PicketBoxSecurityVault.retrieve(PicketBoxSecurityVault.java:293)
    ... 29 more

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 6.4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content