-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Tim,

On 1/4/19 08:23, Tim K wrote:
> On Sat, Dec 22, 2018, 11:56 AM Christopher Schultz < 
> ch...@christopherschultz.net wrote:
> 
> Tim,
> 
> On 12/21/18 08:14, Tim K wrote:
>>>> On Thu, Dec 20, 2018, 10:11 PM Christopher Schultz < 
>>>> ch...@christopherschultz.net wrote:
>>>> 
>>>> Tim,
>>>> 
>>>> On 12/20/18 10:18, Tim K wrote:
>>>>>>>> 
>>>>>>>> I just downloaded and tried 9.0.14 but I'm still
>>>>>>>> getting the same BadPaddingException upon starting
>>>>>>>> the second instance.  I confirmed the encryptionKey
>>>>>>>> matches on my two instances.
>>>>>>>> 
>>>>>>> 
>>>>>>> Maybe something is wrong with my config?  For this
>>>>>>> test, I have both Tomcats on the same server using
>>>>>>> different ports:
>>>> 
>>>> This is the only thing that matters to the encryption
>>>> interceptor:
>>>> 
>>>>>>> <Interceptor 
>>>>>>> className="org.apache.catalina.tribes.group.interceptors.Encrypt
Int
>
>>>>>>> 
erc
>>>> 
>>>>>>> 
> eptor"
>>>>>>> 
>>>>>>> 
>>>> encryptionKey="e0f2cdf931e99fdce0453964294f97f3" />
>>>> 
>>>> I'm not sure if the order of encrypt/asyncdispatch
>>>> interceptors matters much.
>>>> 
>>>> I copy/pasted your key into the TestEncryptInterceptor unit
>>>> test and I didn't get any errors. I generated 4 new
>>>> 32-character (16-byte) keys and tried all of them and didn't
>>>> get any errors.
>>>> 
>>>> Oddly, the very first time I copy/pasted it from your email 
>>>> message into the tester it failed with BadPaddingException,
>>>> but when I re-copied "just in case" it stopped failing. Can
>>>> you download and build the 9.0.14 source and run that unit
>>>> test in your environment? Like this:
>>>> 
>>>> $ ant test 
>>>> -Dtest.entry=org.apache.catalina.tribes.group.interceptors.TestEncr
ypt
>
>>>> 
In
>>>> 
>>>> 
> terceptor
>>>> 
>>>> If that works, try copy/pasting your key into the source file
>>>> of the test -- it's right up at the top, called
>>>> "encryptionKey128" -- then save and re-run the test (ant will
>>>> recompile it). If that works... then I'm stumped.
>>>> 
>>>> -chris
>>>>> 
>>>>> ------------------------------------------------------------------
- ---
>>>>>
>>>>>
>
>>>>> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>>>> For additional commands, e-mail:
>>>>> users-h...@tomcat.apache.org
>>>> 
>>>> 
>>>> I grabbed the src from the site and built it successfully,
>>>> tried the test but it is looking for a message.bin file...
> 
> If the file doesn't exist, it skips the test. That's normal.
> 
>>>> I tried just touch'ing that file and the first test fails
>>>> with a NegativeArraySizeException
> 
> Right... because it should contain an encrypted message. A
> zero-byte file won't be decrypted properly.
> 
> (BTW this explains why I got a BadPaddingException in that
> *single* test... I forgot that the test decrypts the file
> left-behind from the previous test. This was intentional, to ensure
> that there wasn't some magical state being held within the JVM
> allowing it to decrypt the message.)
> 
>>>> and it deletes the message.bin file and the subsequent 2
>>>> tests can't find it.  Is there something special I need to do
>>>> with that message.bin file to run the junit tests?
> No. The tests are running as expected.
> 
>>>> Also, I tried just using the exact encryptionKey128 you had
>>>> within the test class and that one didn't work in my config
>>>> either, same BadPaddingException.
> 
> Try running the test twice in a row. From your output, it looks
> like the test runs fine.
> 
> Oh, you meant using my cafebabe key in your setup didn't work?
> Please see Keiichi's reply: it seems that the EncryptInterceptor
> must be "outside" of the TcpFailureDetector.
> 
> -chris
>> 
>> ---------------------------------------------------------------------
>>
>> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 
> Moving the encryption interceptor to the first position appears to
> have resolved this for me.  Thank you all for the assistance!

Excellent. Thanks for the confirmation.

I was thinking about this the other day and it seems like such an easy
mistake to make with such a bad outcome it would be best to detect the
situation and throw a warning/error. I think that should be possible.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlwwx9EACgkQHPApP6U8
pFgnsRAAofp4lUUj3hTYEH+9/6MoJj2kDTYG3fOvZgqrFKD2PDQtX47nzTplAEBM
5egfE3HKSykFvS5oPFLTSmbhZng+T4oLWsR0DwWVGIrcBQukYIx7BN7eR3txRAft
p2vt9KH89eBuKLjryXgItn0GIs6DG5Bq0iVSF+1dO2SdoNNhuZBPmu2z6Eq3lv4x
cUhJMKJ4RYoFv0xSjquScg6L2Ql+H5WFQneXDLP3vGLkq8pP4STbPazzm2GgnyVm
DDg2D2BpAjYSlhWE7THQM1odqmfDlconFpoft8gzy28TyWZiVJ/Di62Xy7YbKs+v
HtU5/yfPmeGksRoAFIlieERB+ZH+Bqk2QVoClpI10Af+bmzEAg7FQtjYPh5AuGKG
rAon+zD2vGHl3l8pp12w8Uk7u/be/PCrFUUYbfc7ETmLkD80MM4HFuLq3CUCsdYP
9dTues976SC/QdkEWxwSLWtpWYV+UcsVFqbMTbO99RxNeXU1aSmyZ152JJrjOGqK
5Q1cQ0zGONZiDS1NovGmdu1WMNzTwaHfzmK10eNzssf5pRfC72Rpj/X8x3MJSoOx
oGz04+wVk/lWt8SjGcq3bcpHsac2IQxR/HJ10VKaUa/aTaEhH/04mJDv/8fsCso/
sv3PIXGbtn5x+qk3aQwZ/uO/dJuS+m0mg1zeVR/QAt4ZvwWF/n8=
=82t5
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to