Loading...

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.1.0.Beta1, 7.1.0.Final
Affects Version/s: 7.0.2.Final
Component/s: Security, Server
Labels:
None

Git Pull Request:
https://github.com/infinispan/infinispan/pull/3150
Bugzilla References:
https://bugzilla.redhat.com/show_bug.cgi?id=1172038

JGroups subsystem doesn't support passwords encrypted in Vault. E.g. when running EncryptProtocolIT with following configuration:

<protocol type="ENCRYPT">
                    <property name="key_store_name">${jboss.server.config.dir}/server_jceks.keystore</property>
                    <property name="store_password">${VAULT::keystore::password::1}</property>
                    <property name="alias">memcached</property>
                </protocol>

i.e. it uses Vault-encrypted password for keystore, it fails with:

groups.channel.clustered: java.lang.Exception: Unable to load keystore infinispan/server/integration/testsuite/target/server/node2/standalone/configuration/server_jceks.keystore: java.io.IOException: Keystore was tampered with, or password was incorrect
        at org.jboss.as.clustering.jgroups.subsystem.ChannelService.start(ChannelService.java:74)
        at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948) [jboss-msc-1.2.2.Final.jar:1.2.2.Final]
        at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881) [jboss-msc-1.2.2.Final.jar:1.2.2.Final]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_55]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_55]
        at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_55]
Caused by: java.lang.Exception: Unable to load keystore infinispan/server/integration/testsuite/target/server/node2/standalone/configuration/server_jceks.keystore: java.io.IOException: Keystore was tampered with, or password was incorrect
        at org.jgroups.protocols.ENCRYPT.initConfiguredKey(ENCRYPT.java:309)
        at org.jgroups.protocols.ENCRYPT.init(ENCRYPT.java:250)
        at org.jgroups.stack.ProtocolStack.initProtocolStack(ProtocolStack.java:860)
        at org.jgroups.stack.ProtocolStack.setup(ProtocolStack.java:481)
        at org.jgroups.JChannel.init(JChannel.java:848)
        at org.jgroups.JChannel.<init>(JChannel.java:159)
        at org.jboss.as.clustering.jgroups.JChannelFactory.createChannel(JChannelFactory.java:87)
        at org.jboss.as.clustering.jgroups.subsystem.ChannelService.start(ChannelService.java:69)

Vault record for keystore::password exists:

Task: Verify whether a secured attribute exists
Enter Vault Block:keystore
Enter Attribute Name:password
A value exists for (keystore, password)

Assignee:: Tristan Tarrant

Reporter:: Vojtech Juranek

Archiver:: Amol Dongare

Created:: 2014/12/09 4:17 AM

Updated:: 2020/02/07 6:01 AM

Resolved:: 2014/12/17 4:04 AM

Archived:: 2024/11/28 6:21 AM

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates

PagerDuty