[JBoss JIRA] (WFLY-4238) Vault script not showing shared key
by Abhinav Gupta (JIRA)
[ https://issues.jboss.org/browse/WFLY-4238?page=com.atlassian.jira.plugin.... ]
Abhinav Gupta commented on WFLY-4238:
-------------------------------------
Many Thanks [~pskopek] .
Its working now without shared key. Please close this bug once documentation is updated.
> Vault script not showing shared key
> -----------------------------------
>
> Key: WFLY-4238
> URL: https://issues.jboss.org/browse/WFLY-4238
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Affects Versions: 8.1.0.Final
> Environment: Windows 7 with jdk1.7.0_51
> Reporter: Abhinav Gupta
> Assignee: Peter Skopek
>
> Team,
> while using vault.bat , we are not able to see shared key. For every password entered I get a key as : VAULT::test1::pas::1
> Below is console for vault.bat
> Microsoft Windows [Version 6.1.7601]
> Copyright (c) 2009 Microsoft Corporation. All rights reserved.
> D:\e3c\E3C_Install_ZipTask_SCE_B3\sw\System\WildFly\bin>vault.bat
> =========================================================================
> JBoss Vault Tool
> JBOSS_HOME: "D:\e3c\E3C_Install_ZipTask_SCE_B3\sw\System\WildFly"
> JAVA: "C:\jdk1.7.0_51\bin\java"
> JAVA_OPTS: ""
> =========================================================================
> **********************************
> **** JBoss Vault ***************
> **********************************
> Please enter a Digit:: 0: Start Interactive Session 1: Remove Interactive Session 2: Exit
> 0
> Starting an interactive session
> Enter directory to store encrypted files:D:\e3c\E3C_Install_ZipTask_SCE_B3\sw\System\WildFly\vault
> Enter Keystore URL:D:\e3c\E3C_Install_ZipTask_SCE_B3\sw\System\WildFly\vault\vault.keystore
> Enter Keystore password:
> Enter Keystore password again:
> Values match
> Enter 8 character salt:12345678
> Enter iteration count as a number (e.g.: 44):50
> Enter Keystore Alias:vault
> Initializing Vault
> Jan 12, 2015 1:03:22 PM org.picketbox.plugins.vault.PicketBoxSecurityVault init
> INFO: PBOX000361: Default Security Vault Implementation Initialized and Ready
> Vault Configuration in WildFly configuration file:
> ********************************************
> ...
> </extensions>
> <vault>
> <vault-option name="KEYSTORE_URL" value="D:\e3c\E3C_Install_ZipTask_SCE_B3\sw\System\WildFly\vault\vault.keystore"/>
> <vault-option name="KEYSTORE_PASSWORD" value="MASK-InRT5Cuu6V"/>
> <vault-option name="KEYSTORE_ALIAS" value="vault"/>
> <vault-option name="SALT" value="12345678"/>
> <vault-option name="ITERATION_COUNT" value="50"/>
> <vault-option name="ENC_FILE_DIR" value="D:\e3c\E3C_Install_ZipTask_SCE_B3\sw\System\WildFly\vault\"/>
> </vault><management> ...
> ********************************************
> Vault is initialized and ready for use
> Handshake with Vault complete
> Please enter a Digit:: 0: Store a secured attribute 1: Check whether a secured attribute exists 2: Exit
> 0
> Task: Store a secured attribute
> Please enter secured attribute value (such as password):
> Please enter secured attribute value (such as password) again:
> Values match
> Enter Vault Block:test1
> Enter Attribute Name:pas
> Secured attribute value has been stored in Vault.
> Please make note of the following:
> ********************************************
> Vault Block:test1
> Attribute Name:pas
> Configuration should be done as follows:
> VAULT::test1::pas::1
> ********************************************
> Please enter a Digit:: 0: Store a secured attribute 1: Check whether a secured attribute exists 2: Exit
--
This message was sent by Atlassian JIRA
(v6.3.11#6341)
11 years, 5 months
[JBoss JIRA] (JGRP-1905) FORK: RPCs might block if fork channel or fork stack is not available
by Paul Ferraro (JIRA)
[ https://issues.jboss.org/browse/JGRP-1905?page=com.atlassian.jira.plugin.... ]
Paul Ferraro commented on JGRP-1905:
------------------------------------
If this can be handled in Infinispan via a ResponseFilter, that would be ideal. I'll experiment with this today.
> FORK: RPCs might block if fork channel or fork stack is not available
> ---------------------------------------------------------------------
>
> Key: JGRP-1905
> URL: https://issues.jboss.org/browse/JGRP-1905
> Project: JGroups
> Issue Type: Bug
> Reporter: Bela Ban
> Assignee: Bela Ban
> Priority: Critical
> Fix For: 3.6.2
>
>
> When we have nodes A,B,C,D, but fork-stack "fs-2" is not available on B, or fork-channel "ch-3" is not available on B, then an RPC invoked by A on all cluster nodes will time out.
> h5. Solution
> * Throw an exception on B if a fork-stack or -channel is not available on a target node. This way, the RPC would return quickly and B's response would be set to the exception (e.g. "fork channel fc-2 not available").
--
This message was sent by Atlassian JIRA
(v6.3.11#6341)
11 years, 5 months
[JBoss JIRA] (SECURITY-868) Multithread issue when validate with cached hased password + nonce credential info from JBossCachedAuthenticationManager
by RH Bugzilla Integration (JIRA)
[ https://issues.jboss.org/browse/SECURITY-868?page=com.atlassian.jira.plug... ]
RH Bugzilla Integration updated SECURITY-868:
---------------------------------------------
Bugzilla References: https://bugzilla.redhat.com/show_bug.cgi?id=1173492, https://bugzilla.redhat.com/show_bug.cgi?id=1181084 (was: https://bugzilla.redhat.com/show_bug.cgi?id=1173492)
> Multithread issue when validate with cached hased password + nonce credential info from JBossCachedAuthenticationManager
> --------------------------------------------------------------------------------------------------------------------------
>
> Key: SECURITY-868
> URL: https://issues.jboss.org/browse/SECURITY-868
> Project: PicketBox
> Issue Type: Task
> Components: PicketBox
> Reporter: Jim Ma
> Assignee: Stefan Guilhen
> Fix For: PicketBox_4_9_0.Beta3
>
>
> When the new security domain is configured with catch-type=default in standalone.xml, the validated credential will be put in the JBossCachedAuthenticationManager with principal and domaininfo value pair. In multithread environment, a new validated credential can overwrite the previous thread cached domain info. This will cause even in the same thread , the cached authentication info could not work. For example if one user login with username , password and nonce in two threads : thread A and thread B ;thread A caches the validated credential(hased password +nonce) in JBossCachedAuthenticationMessager, thread B does the authentication, then caches the validated credential (hashed password + nonce) , even it's the same user and passoword, the credential is different because the nonce is diffrent. So the new credential created in thread B will overwrite the previous value created by thread A . So in thread A, the cached validation info won't work and following validation with cached credential will all fail.
--
This message was sent by Atlassian JIRA
(v6.3.11#6341)
11 years, 5 months
[JBoss JIRA] (JGRP-1905) FORK: RPCs might block if fork channel or fork stack is not available
by Dan Berindei (JIRA)
[ https://issues.jboss.org/browse/JGRP-1905?page=com.atlassian.jira.plugin.... ]
Dan Berindei commented on JGRP-1905:
------------------------------------
Another option I see in Infinispan would be to attach a ResponseFilter to the request and only wait for a response from the nodes that are actually members of the "web" cluster. Actually it would be members of the individual caches, ATM we don't have a way to keep track of which members are part of a fork cluster.
> FORK: RPCs might block if fork channel or fork stack is not available
> ---------------------------------------------------------------------
>
> Key: JGRP-1905
> URL: https://issues.jboss.org/browse/JGRP-1905
> Project: JGroups
> Issue Type: Bug
> Reporter: Bela Ban
> Assignee: Bela Ban
> Priority: Critical
> Fix For: 3.6.2
>
>
> When we have nodes A,B,C,D, but fork-stack "fs-2" is not available on B, or fork-channel "ch-3" is not available on B, then an RPC invoked by A on all cluster nodes will time out.
> h5. Solution
> * Throw an exception on B if a fork-stack or -channel is not available on a target node. This way, the RPC would return quickly and B's response would be set to the exception (e.g. "fork channel fc-2 not available").
--
This message was sent by Atlassian JIRA
(v6.3.11#6341)
11 years, 5 months
[JBoss JIRA] (WFLY-4238) Vault script not showing shared key
by Peter Skopek (JIRA)
[ https://issues.jboss.org/browse/WFLY-4238?page=com.atlassian.jira.plugin.... ]
Peter Skopek commented on WFLY-4238:
------------------------------------
[~abhinav.gupta01] PicketBox has changed some time ago to using symmetric cypher (AES) to encrypt passwords in PicketBoxVault. Therefore there is no need to use shared key anymore. Just to keep format of "vault string" we put ::1 at the place where shared key used to be. We need it to support automatic vault conversion as well.
The third parameter is ignored by new vault implementation.
I will check referenced article and fix it to make it clear.
> Vault script not showing shared key
> -----------------------------------
>
> Key: WFLY-4238
> URL: https://issues.jboss.org/browse/WFLY-4238
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Affects Versions: 8.1.0.Final
> Environment: Windows 7 with jdk1.7.0_51
> Reporter: Abhinav Gupta
> Assignee: Peter Skopek
>
> Team,
> while using vault.bat , we are not able to see shared key. For every password entered I get a key as : VAULT::test1::pas::1
> Below is console for vault.bat
> Microsoft Windows [Version 6.1.7601]
> Copyright (c) 2009 Microsoft Corporation. All rights reserved.
> D:\e3c\E3C_Install_ZipTask_SCE_B3\sw\System\WildFly\bin>vault.bat
> =========================================================================
> JBoss Vault Tool
> JBOSS_HOME: "D:\e3c\E3C_Install_ZipTask_SCE_B3\sw\System\WildFly"
> JAVA: "C:\jdk1.7.0_51\bin\java"
> JAVA_OPTS: ""
> =========================================================================
> **********************************
> **** JBoss Vault ***************
> **********************************
> Please enter a Digit:: 0: Start Interactive Session 1: Remove Interactive Session 2: Exit
> 0
> Starting an interactive session
> Enter directory to store encrypted files:D:\e3c\E3C_Install_ZipTask_SCE_B3\sw\System\WildFly\vault
> Enter Keystore URL:D:\e3c\E3C_Install_ZipTask_SCE_B3\sw\System\WildFly\vault\vault.keystore
> Enter Keystore password:
> Enter Keystore password again:
> Values match
> Enter 8 character salt:12345678
> Enter iteration count as a number (e.g.: 44):50
> Enter Keystore Alias:vault
> Initializing Vault
> Jan 12, 2015 1:03:22 PM org.picketbox.plugins.vault.PicketBoxSecurityVault init
> INFO: PBOX000361: Default Security Vault Implementation Initialized and Ready
> Vault Configuration in WildFly configuration file:
> ********************************************
> ...
> </extensions>
> <vault>
> <vault-option name="KEYSTORE_URL" value="D:\e3c\E3C_Install_ZipTask_SCE_B3\sw\System\WildFly\vault\vault.keystore"/>
> <vault-option name="KEYSTORE_PASSWORD" value="MASK-InRT5Cuu6V"/>
> <vault-option name="KEYSTORE_ALIAS" value="vault"/>
> <vault-option name="SALT" value="12345678"/>
> <vault-option name="ITERATION_COUNT" value="50"/>
> <vault-option name="ENC_FILE_DIR" value="D:\e3c\E3C_Install_ZipTask_SCE_B3\sw\System\WildFly\vault\"/>
> </vault><management> ...
> ********************************************
> Vault is initialized and ready for use
> Handshake with Vault complete
> Please enter a Digit:: 0: Store a secured attribute 1: Check whether a secured attribute exists 2: Exit
> 0
> Task: Store a secured attribute
> Please enter secured attribute value (such as password):
> Please enter secured attribute value (such as password) again:
> Values match
> Enter Vault Block:test1
> Enter Attribute Name:pas
> Secured attribute value has been stored in Vault.
> Please make note of the following:
> ********************************************
> Vault Block:test1
> Attribute Name:pas
> Configuration should be done as follows:
> VAULT::test1::pas::1
> ********************************************
> Please enter a Digit:: 0: Store a secured attribute 1: Check whether a secured attribute exists 2: Exit
--
This message was sent by Atlassian JIRA
(v6.3.11#6341)
11 years, 5 months
[JBoss JIRA] (ELY-132) Add support for generating certificate signing requests
by Darran Lofthouse (JIRA)
Darran Lofthouse created ELY-132:
------------------------------------
Summary: Add support for generating certificate signing requests
Key: ELY-132
URL: https://issues.jboss.org/browse/ELY-132
Project: WildFly Elytron
Issue Type: Feature Request
Components: SSL
Reporter: Darran Lofthouse
Assignee: Darran Lofthouse
Fix For: 1.0.0.Beta1
At some point we want to be able to guide users through the process of generating their own public and private key along with getting a certificate signed by a certificate authority.
Generation of a certificate signing request is going to be essential for that.
https://tools.ietf.org/html/rfc2986
--
This message was sent by Atlassian JIRA
(v6.3.11#6341)
11 years, 5 months
[JBoss JIRA] (WFLY-4238) Vault script not showing shared key
by Abhinav Gupta (JIRA)
[ https://issues.jboss.org/browse/WFLY-4238?page=com.atlassian.jira.plugin.... ]
Abhinav Gupta commented on WFLY-4238:
-------------------------------------
[~dlofthouse] - May be I miss something basic here. Please correct me in that case.
My objective it to encrypt my passwords in standalone.xml . For that I want to use vault . Now , if I don't get shared key on console while using vault.bat , what string should I insert on password fields inside my standalone.xml ?
Do you mean that from WildFly 8.1 vault support is removed ?
> Vault script not showing shared key
> -----------------------------------
>
> Key: WFLY-4238
> URL: https://issues.jboss.org/browse/WFLY-4238
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Affects Versions: 8.1.0.Final
> Environment: Windows 7 with jdk1.7.0_51
> Reporter: Abhinav Gupta
> Assignee: Peter Skopek
>
> Team,
> while using vault.bat , we are not able to see shared key. For every password entered I get a key as : VAULT::test1::pas::1
> Below is console for vault.bat
> Microsoft Windows [Version 6.1.7601]
> Copyright (c) 2009 Microsoft Corporation. All rights reserved.
> D:\e3c\E3C_Install_ZipTask_SCE_B3\sw\System\WildFly\bin>vault.bat
> =========================================================================
> JBoss Vault Tool
> JBOSS_HOME: "D:\e3c\E3C_Install_ZipTask_SCE_B3\sw\System\WildFly"
> JAVA: "C:\jdk1.7.0_51\bin\java"
> JAVA_OPTS: ""
> =========================================================================
> **********************************
> **** JBoss Vault ***************
> **********************************
> Please enter a Digit:: 0: Start Interactive Session 1: Remove Interactive Session 2: Exit
> 0
> Starting an interactive session
> Enter directory to store encrypted files:D:\e3c\E3C_Install_ZipTask_SCE_B3\sw\System\WildFly\vault
> Enter Keystore URL:D:\e3c\E3C_Install_ZipTask_SCE_B3\sw\System\WildFly\vault\vault.keystore
> Enter Keystore password:
> Enter Keystore password again:
> Values match
> Enter 8 character salt:12345678
> Enter iteration count as a number (e.g.: 44):50
> Enter Keystore Alias:vault
> Initializing Vault
> Jan 12, 2015 1:03:22 PM org.picketbox.plugins.vault.PicketBoxSecurityVault init
> INFO: PBOX000361: Default Security Vault Implementation Initialized and Ready
> Vault Configuration in WildFly configuration file:
> ********************************************
> ...
> </extensions>
> <vault>
> <vault-option name="KEYSTORE_URL" value="D:\e3c\E3C_Install_ZipTask_SCE_B3\sw\System\WildFly\vault\vault.keystore"/>
> <vault-option name="KEYSTORE_PASSWORD" value="MASK-InRT5Cuu6V"/>
> <vault-option name="KEYSTORE_ALIAS" value="vault"/>
> <vault-option name="SALT" value="12345678"/>
> <vault-option name="ITERATION_COUNT" value="50"/>
> <vault-option name="ENC_FILE_DIR" value="D:\e3c\E3C_Install_ZipTask_SCE_B3\sw\System\WildFly\vault\"/>
> </vault><management> ...
> ********************************************
> Vault is initialized and ready for use
> Handshake with Vault complete
> Please enter a Digit:: 0: Store a secured attribute 1: Check whether a secured attribute exists 2: Exit
> 0
> Task: Store a secured attribute
> Please enter secured attribute value (such as password):
> Please enter secured attribute value (such as password) again:
> Values match
> Enter Vault Block:test1
> Enter Attribute Name:pas
> Secured attribute value has been stored in Vault.
> Please make note of the following:
> ********************************************
> Vault Block:test1
> Attribute Name:pas
> Configuration should be done as follows:
> VAULT::test1::pas::1
> ********************************************
> Please enter a Digit:: 0: Store a secured attribute 1: Check whether a secured attribute exists 2: Exit
--
This message was sent by Atlassian JIRA
(v6.3.11#6341)
11 years, 5 months
[JBoss JIRA] (ELY-131) Add support for the creation of signed certificates.
by Darran Lofthouse (JIRA)
Darran Lofthouse created ELY-131:
------------------------------------
Summary: Add support for the creation of signed certificates.
Key: ELY-131
URL: https://issues.jboss.org/browse/ELY-131
Project: WildFly Elytron
Issue Type: Feature Request
Components: SSL
Reporter: Darran Lofthouse
Assignee: Darran Lofthouse
Fix For: 1.0.0.Beta1
Whilst the standard Java APIs support the creation of public and private keys these APIs do not have a mechanism for creating a signed certificate.
The latest RFC describing the format of these certificates is here: -
https://datatracker.ietf.org/doc/rfc5280/
Essentially this is about DER encoding of a number of fields combined with signing.
The alternative could to being in something like bouncy castle.
--
This message was sent by Atlassian JIRA
(v6.3.11#6341)
11 years, 5 months