]
RH Bugzilla Integration commented on ISPN-5059:
-----------------------------------------------
Dave Stahl <dstahl(a)redhat.com> changed the Status of [bug
JGroups subsystem doesn't support Vault
---------------------------------------
Key: ISPN-5059
URL:
https://issues.jboss.org/browse/ISPN-5059
Project: Infinispan
Issue Type: Bug
Components: Security, Server
Affects Versions: 7.0.2.Final
Reporter: Vojtech Juranek
Assignee: Tristan Tarrant
Fix For: 7.1.0.Beta1, 7.1.0.Final
JGroups subsystem doesn't support passwords encrypted in Vault. E.g. when running
[
EncryptProtocolIT|https://github.com/infinispan/infinispan/blob/master/se...]
with following configuration:
{noformat}
<protocol type="ENCRYPT">
<property
name="key_store_name">${jboss.server.config.dir}/server_jceks.keystore</property>
<property
name="store_password">${VAULT::keystore::password::1}</property>
<property name="alias">memcached</property>
</protocol>
{noformat}
i.e. it uses Vault-encrypted password for keystore, it fails with:
{noformat}
groups.channel.clustered: java.lang.Exception: Unable to load keystore
infinispan/server/integration/testsuite/target/server/node2/standalone/configuration/server_jceks.keystore:
java.io.IOException: Keystore was tampered with, or password was incorrect
at
org.jboss.as.clustering.jgroups.subsystem.ChannelService.start(ChannelService.java:74)
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)
[jboss-msc-1.2.2.Final.jar:1.2.2.Final]
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)
[jboss-msc-1.2.2.Final.jar:1.2.2.Final]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_55]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_55]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_55]
Caused by: java.lang.Exception: Unable to load keystore
infinispan/server/integration/testsuite/target/server/node2/standalone/configuration/server_jceks.keystore:
java.io.IOException: Keystore was tampered with, or password was incorrect
at org.jgroups.protocols.ENCRYPT.initConfiguredKey(ENCRYPT.java:309)
at org.jgroups.protocols.ENCRYPT.init(ENCRYPT.java:250)
at org.jgroups.stack.ProtocolStack.initProtocolStack(ProtocolStack.java:860)
at org.jgroups.stack.ProtocolStack.setup(ProtocolStack.java:481)
at org.jgroups.JChannel.init(JChannel.java:848)
at org.jgroups.JChannel.<init>(JChannel.java:159)
at
org.jboss.as.clustering.jgroups.JChannelFactory.createChannel(JChannelFactory.java:87)
at
org.jboss.as.clustering.jgroups.subsystem.ChannelService.start(ChannelService.java:69)
{noformat}
Vault record for {{keystore::password}} exists:
{noformat}
Task: Verify whether a secured attribute exists
Enter Vault Block:keystore
Enter Attribute Name:password
A value exists for (keystore, password)
{noformat}