-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Tim,
On 1/4/19 08:23, Tim K wrote: > On Sat, Dec 22, 2018, 11:56 AM Christopher Schultz < > ch...@christopherschultz.net wrote: > > Tim, > > On 12/21/18 08:14, Tim K wrote: >>>> On Thu, Dec 20, 2018, 10:11 PM Christopher Schultz < >>>> ch...@christopherschultz.net wrote: >>>> >>>> Tim, >>>> >>>> On 12/20/18 10:18, Tim K wrote: >>>>>>>> >>>>>>>> I just downloaded and tried 9.0.14 but I'm still >>>>>>>> getting the same BadPaddingException upon starting >>>>>>>> the second instance. I confirmed the encryptionKey >>>>>>>> matches on my two instances. >>>>>>>> >>>>>>> >>>>>>> Maybe something is wrong with my config? For this >>>>>>> test, I have both Tomcats on the same server using >>>>>>> different ports: >>>> >>>> This is the only thing that matters to the encryption >>>> interceptor: >>>> >>>>>>> <Interceptor >>>>>>> className="org.apache.catalina.tribes.group.interceptors.Encrypt Int > >>>>>>> erc >>>> >>>>>>> > eptor" >>>>>>> >>>>>>> >>>> encryptionKey="e0f2cdf931e99fdce0453964294f97f3" /> >>>> >>>> I'm not sure if the order of encrypt/asyncdispatch >>>> interceptors matters much. >>>> >>>> I copy/pasted your key into the TestEncryptInterceptor unit >>>> test and I didn't get any errors. I generated 4 new >>>> 32-character (16-byte) keys and tried all of them and didn't >>>> get any errors. >>>> >>>> Oddly, the very first time I copy/pasted it from your email >>>> message into the tester it failed with BadPaddingException, >>>> but when I re-copied "just in case" it stopped failing. Can >>>> you download and build the 9.0.14 source and run that unit >>>> test in your environment? Like this: >>>> >>>> $ ant test >>>> -Dtest.entry=org.apache.catalina.tribes.group.interceptors.TestEncr ypt > >>>> In >>>> >>>> > terceptor >>>> >>>> If that works, try copy/pasting your key into the source file >>>> of the test -- it's right up at the top, called >>>> "encryptionKey128" -- then save and re-run the test (ant will >>>> recompile it). If that works... then I'm stumped. >>>> >>>> -chris >>>>> >>>>> ------------------------------------------------------------------ - --- >>>>> >>>>> > >>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>>> For additional commands, e-mail: >>>>> users-h...@tomcat.apache.org >>>> >>>> >>>> I grabbed the src from the site and built it successfully, >>>> tried the test but it is looking for a message.bin file... > > If the file doesn't exist, it skips the test. That's normal. > >>>> I tried just touch'ing that file and the first test fails >>>> with a NegativeArraySizeException > > Right... because it should contain an encrypted message. A > zero-byte file won't be decrypted properly. > > (BTW this explains why I got a BadPaddingException in that > *single* test... I forgot that the test decrypts the file > left-behind from the previous test. This was intentional, to ensure > that there wasn't some magical state being held within the JVM > allowing it to decrypt the message.) > >>>> and it deletes the message.bin file and the subsequent 2 >>>> tests can't find it. Is there something special I need to do >>>> with that message.bin file to run the junit tests? > No. The tests are running as expected. > >>>> Also, I tried just using the exact encryptionKey128 you had >>>> within the test class and that one didn't work in my config >>>> either, same BadPaddingException. > > Try running the test twice in a row. From your output, it looks > like the test runs fine. > > Oh, you meant using my cafebabe key in your setup didn't work? > Please see Keiichi's reply: it seems that the EncryptInterceptor > must be "outside" of the TcpFailureDetector. > > -chris >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org > > > Moving the encryption interceptor to the first position appears to > have resolved this for me. Thank you all for the assistance! Excellent. Thanks for the confirmation. I was thinking about this the other day and it seems like such an easy mistake to make with such a bad outcome it would be best to detect the situation and throw a warning/error. I think that should be possible. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlwwx9EACgkQHPApP6U8 pFgnsRAAofp4lUUj3hTYEH+9/6MoJj2kDTYG3fOvZgqrFKD2PDQtX47nzTplAEBM 5egfE3HKSykFvS5oPFLTSmbhZng+T4oLWsR0DwWVGIrcBQukYIx7BN7eR3txRAft p2vt9KH89eBuKLjryXgItn0GIs6DG5Bq0iVSF+1dO2SdoNNhuZBPmu2z6Eq3lv4x cUhJMKJ4RYoFv0xSjquScg6L2Ql+H5WFQneXDLP3vGLkq8pP4STbPazzm2GgnyVm DDg2D2BpAjYSlhWE7THQM1odqmfDlconFpoft8gzy28TyWZiVJ/Di62Xy7YbKs+v HtU5/yfPmeGksRoAFIlieERB+ZH+Bqk2QVoClpI10Af+bmzEAg7FQtjYPh5AuGKG rAon+zD2vGHl3l8pp12w8Uk7u/be/PCrFUUYbfc7ETmLkD80MM4HFuLq3CUCsdYP 9dTues976SC/QdkEWxwSLWtpWYV+UcsVFqbMTbO99RxNeXU1aSmyZ152JJrjOGqK 5Q1cQ0zGONZiDS1NovGmdu1WMNzTwaHfzmK10eNzssf5pRfC72Rpj/X8x3MJSoOx oGz04+wVk/lWt8SjGcq3bcpHsac2IQxR/HJ10VKaUa/aTaEhH/04mJDv/8fsCso/ sv3PIXGbtn5x+qk3aQwZ/uO/dJuS+m0mg1zeVR/QAt4ZvwWF/n8= =82t5 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org