[jboss-jira] [JBoss JIRA] (SECURITY-708) Long vault alias name causes "Vault Mismatch" at startup of AS7/EAP6

[Peter Skopek (JIRA)]

Peter Skopek created SECURITY-708:
-------------------------------------

             Summary: Long vault alias name causes "Vault Mismatch" at startup of AS7/EAP6
                 Key: SECURITY-708
                 URL: https://issues.jboss.org/browse/SECURITY-708
             Project: PicketBox 
          Issue Type: Bug
      Security Level: Public (Everyone can see)
          Components: PicketBox
    Affects Versions: PicketBox_4_0_14.Final
            Reporter: Peter Skopek
            Assignee: Peter Skopek


When I use a long alias name in password vault, EAP6 does not start sucessfully.

{code}
12:23:02,669 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 47) JBAS014612: Operation ("add") f
ailed - address: ([                                                                                                               
    ("subsystem" => "web"),
    ("connector" => "HTTPS")
]): java.lang.SecurityException: JBAS013311: Security Exception
        at org.jboss.as.security.vault.RuntimeVaultReader.retrieveFromVault(RuntimeVaultReader.java:104)
        at org.jboss.as.server.RuntimeExpressionResolver.resolvePluggableExpression(RuntimeExpressionResolver.java:45)
        at org.jboss.as.controller.ExpressionResolverImpl.resolveExpressionsRecursively(ExpressionResolverImpl.java:58) [jboss-as-controller-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]                                                                          
        at org.jboss.as.controller.ExpressionResolverImpl.resolveExpressions(ExpressionResolverImpl.java:40) [jboss-as-controller-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]                                                                                     
        at org.jboss.as.controller.ModelControllerImpl.resolveExpressions(ModelControllerImpl.java:455) [jboss-as-controller-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]                                                                                          
        at org.jboss.as.controller.OperationContextImpl.resolveExpressions(OperationContextImpl.java:689) [jboss-as-controller-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]                                                                                        
        at org.jboss.as.controller.ParallelBootOperationContext.resolveExpressions(ParallelBootOperationContext.java:283) [jboss-as-controller-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]                                                                        
        at org.jboss.as.controller.AttributeDefinition.resolveModelAttribute(AttributeDefinition.java:249) [jboss-as-controller-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]                                                                                       
        at org.jboss.as.web.WebConnectorAdd.resolveExpressions(WebConnectorAdd.java:138)
        at org.jboss.as.web.WebConnectorAdd.performRuntime(WebConnectorAdd.java:116)
        at org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:50) [jboss-as-controller-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]                                                                                              
        at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:397) [jboss-as-controller-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]                                                                                       
        at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:284) [jboss-as-controller-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]                                                                                    
        at org.jboss.as.controller.AbstractOperationContext.completeStep(AbstractOperationContext.java:211) [jboss-as-controller-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]                                                                                      
        at org.jboss.as.controller.ParallelBootOperationStepHandler$ParallelBootTask.run(ParallelBootOperationStepHandler.java:312)
 [jboss-as-controller-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]                                                              
        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [rt.jar:1.6.0_37]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [rt.jar:1.6.0_37]
        at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_37]
        at org.jboss.threads.JBossThread.run(JBossThread.java:122) [jboss-threads-2.0.0.GA-redhat-1.jar:2.0.0.GA-redhat-1]
Caused by: org.jboss.security.vault.SecurityVaultException: PB00027: Vault Mismatch:Shared Key does not match for vault block:keyst
ore and attributeName:password                                                                                                    
        at org.picketbox.plugins.vault.PicketBoxSecurityVault.retrieve(PicketBoxSecurityVault.java:364)
        at org.jboss.as.security.vault.RuntimeVaultReader.getValue(RuntimeVaultReader.java:124)
        at org.jboss.as.security.vault.RuntimeVaultReader.getValueAsString(RuntimeVaultReader.java:112)
        at org.jboss.as.security.vault.RuntimeVaultReader.retrieveFromVault(RuntimeVaultReader.java:102)
        ... 18 more
{code}

For example, an alias name "very.short" works fine, but "tooooo.long" is NG.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira