Invalid secret key format when accessing to a vault / ObjectInputFilter REJECTED when trying to create vault in JBoss EAP
Issue
-
EAP and
vault.sh
script throw the following exception:java.lang.Exception: WFLYSEC0045: Exception encountered: at org.jboss.as.security.vault.VaultSession.initSecurityVault(VaultSession.java:192) at org.jboss.as.security.vault.VaultSession.startVaultSession(VaultSession.java:210) at org.jboss.as.security.vault.VaultTool.execute(VaultTool.java:193) at org.jboss.as.security.vault.VaultTool.main(VaultTool.java:83) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.modules.Module.run(Module.java:335) at org.jboss.modules.Main.main(Main.java:505) Caused by: org.jboss.security.vault.SecurityVaultException: java.lang.RuntimeException: PBOX00140: Unable to get keystore (/path/to/vault/vault.keystore) at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:210) at org.jboss.as.security.vault.VaultSession.initSecurityVault(VaultSession.java:189) ... 9 more Caused by: java.lang.RuntimeException: PBOX00140: Unable to get keystore (/path/to/vault/vault.keystore) at org.picketbox.plugins.vault.PicketBoxSecurityVault.getKeyStore(PicketBoxSecurityVault.java:691) at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:205) ... 10 more Caused by: java.io.IOException: Invalid secret key format at com.sun.crypto.provider.JceKeyStore.engineLoad(JceKeyStore.java:856) at java.security.KeyStore.load(KeyStore.java:1445) at org.picketbox.util.KeyStoreUtil.getKeyStore(KeyStoreUtil.java:201) at org.picketbox.util.KeyStoreUtil.getKeyStore(KeyStoreUtil.java:151) at org.picketbox.plugins.vault.PicketBoxSecurityVault.getKeyStore(PicketBoxSecurityVault.java:688) ... 11 more
-
We are seeing ObjectInputFilter REJECTED error when trying to create a vault:
WFLYSEC0056: Initializing Vault May 01, 2018 11:13:49 AM java.io.ObjectInputStream filterCheck INFO: ObjectInputFilter REJECTED: null, array length: -1, nRefs: 1, depth: 1, bytes: 70, ex: n/a WFLYSEC0059: Exception encountered:WFLYSEC0045: Exception encountered:
-
EAP 6.2.x gives a NullPointerException with following stacktrace:
Caused by: org.jboss.security.vault.SecurityVaultException: java.lang.NullPointerException at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:192) at org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:82) [jboss-as-security-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14] ... 11 more Caused by: java.lang.NullPointerException at org.picketbox.plugins.vault.PicketBoxSecurityVault.checkAndConvertKeyStoreToJCEKS(PicketBoxSecurityVault.java:527) at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:189) ... 12 more
-
JBoss doesn't start using OpenJDK from zulu because it can't find the vault file. We didn't change the location of the vault file.
Environment
- Red Hat JBoss Enterprise Application Platform (EAP)
- 6
- 7
- Red Hat JBoss Data Grid
- 7.1.2
- JDK that has included non-public JDK-8189997 including:
- JDK 1.8.0_171+ (OpenJDK or Oracle JDK)
- JDK 1.7.0_181+ (OpenJDK or Oracle JDK)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.