Invalid secret key format when accessing to a vault / ObjectInputFilter REJECTED when trying to create vault in JBoss EAP
Issue
-
EAP and
vault.shscript throw the following exception:java.lang.Exception: WFLYSEC0045: Exception encountered: at org.jboss.as.security.vault.VaultSession.initSecurityVault(VaultSession.java:192) at org.jboss.as.security.vault.VaultSession.startVaultSession(VaultSession.java:210) at org.jboss.as.security.vault.VaultTool.execute(VaultTool.java:193) at org.jboss.as.security.vault.VaultTool.main(VaultTool.java:83) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.modules.Module.run(Module.java:335) at org.jboss.modules.Main.main(Main.java:505) Caused by: org.jboss.security.vault.SecurityVaultException: java.lang.RuntimeException: PBOX00140: Unable to get keystore (/path/to/vault/vault.keystore) at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:210) at org.jboss.as.security.vault.VaultSession.initSecurityVault(VaultSession.java:189) ... 9 more Caused by: java.lang.RuntimeException: PBOX00140: Unable to get keystore (/path/to/vault/vault.keystore) at org.picketbox.plugins.vault.PicketBoxSecurityVault.getKeyStore(PicketBoxSecurityVault.java:691) at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:205) ... 10 more Caused by: java.io.IOException: Invalid secret key format at com.sun.crypto.provider.JceKeyStore.engineLoad(JceKeyStore.java:856) at java.security.KeyStore.load(KeyStore.java:1445) at org.picketbox.util.KeyStoreUtil.getKeyStore(KeyStoreUtil.java:201) at org.picketbox.util.KeyStoreUtil.getKeyStore(KeyStoreUtil.java:151) at org.picketbox.plugins.vault.PicketBoxSecurityVault.getKeyStore(PicketBoxSecurityVault.java:688) ... 11 more -
We are seeing ObjectInputFilter REJECTED error when trying to create a vault:
WFLYSEC0056: Initializing Vault May 01, 2018 11:13:49 AM java.io.ObjectInputStream filterCheck INFO: ObjectInputFilter REJECTED: null, array length: -1, nRefs: 1, depth: 1, bytes: 70, ex: n/a WFLYSEC0059: Exception encountered:WFLYSEC0045: Exception encountered: -
EAP 6.2.x gives a NullPointerException with following stacktrace:
Caused by: org.jboss.security.vault.SecurityVaultException: java.lang.NullPointerException at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:192) at org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:82) [jboss-as-security-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14] ... 11 more Caused by: java.lang.NullPointerException at org.picketbox.plugins.vault.PicketBoxSecurityVault.checkAndConvertKeyStoreToJCEKS(PicketBoxSecurityVault.java:527) at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:189) ... 12 more -
JBoss doesn't start using OpenJDK from zulu because it can't find the vault file. We didn't change the location of the vault file.
Environment
- Red Hat JBoss Enterprise Application Platform (EAP)
- 6
- 7
- Red Hat JBoss Data Grid
- 7.1.2
- JDK that has included non-public JDK-8189997 including:
- JDK 1.8.0_171+ (OpenJDK or Oracle JDK)
- JDK 1.7.0_181+ (OpenJDK or Oracle JDK)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Close
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.