wso2 api manager - wso2:vault-lookup() not working

Question

I would like to configure WSO2 Api Manager to send basic auth header inside an in sequence . Everything was working great until I started configuring secure vault to store the credentials.

I am using dockerized version of Api Manager ( https://github.com/wso2/docker-apim/tree/v2.1.0/docker-compose/pattern-2 )

I've tried to add new vault entry in repository/conf/security/cipher-text.properties file but after running sh bin/ciphertool.sh -Dconfigure I received an exception:

Exception in thread "main" org.wso2.ciphertool.exception.CipherToolException: XPath value for secret alias 'ApiManager.BasicAuth.password' cannot be found.
at org.wso2.ciphertool.CipherTool.loadXpathValuesAndPasswordDetails(CipherTool.java:174)
at org.wso2.ciphertool.CipherTool.main(CipherTool.java:56)

Does it mean I have to specify xPath to the sequence file I want to use it in?

Aside from that I wanted to check if any of the existing passwords that are located inside vault file ( repository/conf/security/cipher-text.properties ) can be used in my sequence so I've used a value:

<property name="X-SomeHeader" expression="wso2:vault-lookup('UserManager.AdminUser.Password')" scope="transport" type="STRING" description="" />

When I try to run an API with this sequence I receive this exception:

api-manager_1   | [2017-05-25 10:12:04,949] ERROR - SynapseXPath Evaluation of the XPath expression wso2:vault-lookup('UserManager.AdminUser.Password') resulted in an error
api-manager_1   | org.jaxen.FunctionCallException
api-manager_1   |   at org.wso2.carbon.mediation.security.vault.xpath.VaultLookupFunction.call(VaultLookupFunction.java:85)
api-manager_1   |   at org.jaxen.expr.DefaultFunctionCallExpr.evaluate(DefaultFunctionCallExpr.java:181)
api-manager_1   |   at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
api-manager_1   |   at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:677)
api-manager_1   |   at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:216)
api-manager_1   |   at org.jaxen.BaseXPath.evaluate(BaseXPath.java:175)
api-manager_1   |   at org.apache.synapse.util.xpath.SynapseXPath.stringValueOf(SynapseXPath.java:297)
api-manager_1   |   at org.apache.synapse.mediators.builtin.PropertyMediator.getResultValue(PropertyMediator.java:346)
api-manager_1   |   at org.apache.synapse.mediators.builtin.PropertyMediator.mediate(PropertyMediator.java:108)
api-manager_1   |   at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:97)
api-manager_1   |   at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:59)
api-manager_1   |   at org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:158)
api-manager_1   |   at org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerExtensionHandler.mediate(APIManagerExtensionHandler.java:67)
api-manager_1   |   at org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerExtensionHandler.handleRequest(APIManagerExtensionHandler.java:78)
api-manager_1   |   at org.apache.synapse.rest.API.process(API.java:325)
api-manager_1   |   at org.apache.synapse.rest.RESTRequestHandler.dispatchToAPI(RESTRequestHandler.java:90)
api-manager_1   |   at org.apache.synapse.rest.RESTRequestHandler.process(RESTRequestHandler.java:69)
api-manager_1   |   at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironment.java:304)
api-manager_1   |   at org.apache.synapse.core.axis2.SynapseMessageReceiver.receive(SynapseMessageReceiver.java:78)
api-manager_1   |   at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
api-manager_1   |   at org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEnclosingRESTHandler(ServerWorker.java:325)
api-manager_1   |   at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:158)
api-manager_1   |   at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
api-manager_1   |   at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
api-manager_1   |   at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
api-manager_1   |   at java.lang.Thread.run(Thread.java:745)
api-manager_1   | Caused by: java.lang.NullPointerException
api-manager_1   |   at org.wso2.carbon.mediation.security.vault.SecureVaultLookupHandlerImpl.vaultLookup(SecureVaultLookupHandlerImpl.java:166)
api-manager_1   |   at org.wso2.carbon.mediation.security.vault.SecureVaultLookupHandlerImpl.evaluate(SecureVaultLookupHandlerImpl.java:153)
api-manager_1   |   at org.wso2.carbon.mediation.security.vault.xpath.VaultLookupFunction.call(VaultLookupFunction.java:82)
api-manager_1   |   ... 25 more

Can someone guide me what am I doing wrong? Thank you in advance.

Answer 1

Exception in thread "main" org.wso2.ciphertool.exception.CipherToolException: XPath value for secret alias 'ApiManager.BasicAuth.password' cannot be found.
at org.wso2.ciphertool.CipherTool.loadXpathValuesAndPasswordDetails(CipherTool.java:174)
at org.wso2.ciphertool.CipherTool.main(CipherTool.java:56)

implies that your cipher-tool.properties file contains an xpath that does not match the one inside the file you specified.

It has to be this way: {alias}={path}{xpath}, so if you take the following:

SalesforcePasswords.SalesforceApi.ClientId=tmp/app-config/SalesforcePasswords.xml//SalesforceApi/ClientId

• {alias} is SalesforcePasswords.SalesforceApi.ClientId
• {path} is tmp/app-config/SalesforcePasswords.xml
• {xpath} is //SalesforceApi/ClientId

not sure what is causing your second exception