[OPENAM-9033] Upgrade to AM 13.x makes ERROR: JCEEncryption:: failed to decrypt data in IdRepo Created: 07/Jun/16  Updated: 09/Jun/16  Resolved: 09/Jun/16

Status: Closed
Project: OpenAM
Component/s: upgrade
Affects Version/s: 13.0.0, 13.5.0
Fix Version/s: None

Type: Bug Priority: Minor
Reporter: Richard Hruza Assignee: Neil Madden
Resolution: Duplicate Votes: 0
Labels: 13.5.0-Must-Fix, AME, test-candidate
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

OpenAM 13.5.0-RC2 Build 8ce0f52a5f (2016-June-03 15:55)

Attachments: HTML File IdRepo    
Issue Links:
Duplicate
duplicates OPENAM-8214 JCEEncryption errors are recorded dur... Closed
Relates
relates to OPENAM-8214 JCEEncryption errors are recorded dur... Closed
Target Version/s:
Rank: 1|hzrko7:
QA Assignee: Richard Hruza

 Description   

Upgrade AM 13.5 makes ERROR: JCEEncryption:: failed to decrypt data in IdRepo

Steps to reproduce

1.) Default installation of an AM12.0.3
2.) Deploy AM 13.5 and start container
3.) Hit the AM page (no need to perform upgrade)

Observed result

IdRepo debug log
amSDK:06/07/2016 11:04:44:647 AM BST: Thread[localhost-startStop-1,5,main]: TransactionId[a2546ced-75ae-450c-a7f6-ac35bbdae55f-2]
ERROR: JCEEncryption:: failed to decrypt data
javax.crypto.BadPaddingException: Given final block not properly padded
        at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811)
        at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)
        at com.sun.crypto.provider.PBECipherCore.doFinal(PBECipherCore.java:422)
        at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(PBEWithMD5AndDESCipher.java:316)
        at javax.crypto.Cipher.doFinal(Cipher.java:2087)
        at com.iplanet.services.util.JCEEncryption.pbeDecrypt(JCEEncryption.java:251)
        at com.iplanet.services.util.JCEEncryption.decrypt(JCEEncryption.java:149)
        at com.iplanet.services.util.Crypt.decode(Crypt.java:350)
        at com.iplanet.services.util.Crypt.decode(Crypt.java:375)
        at com.iplanet.services.ldap.LDAPUser.getPasswd(LDAPUser.java:117)
        at com.iplanet.services.ldap.ServerInstance.getPasswd(ServerInstance.java:128)
        at org.forgerock.openam.sm.ServerGroupConfiguration.getBindPassword(ServerGroupConfiguration.java:55)
        at org.forgerock.openam.sm.ConnectionConfigFactory$DelegatingConnectionConfig.getBindPassword(ConnectionConfigFactory.java:136)
        at org.forgerock.openam.sm.utils.ConfigurationValidator.validate(ConfigurationValidator.java:48)
        at org.forgerock.openam.sm.ConnectionConfigFactory.getConfig(ConnectionConfigFactory.java:90)
        at org.forgerock.openam.cts.impl.queue.config.CTSQueueConfiguration.getProcessors(CTSQueueConfiguration.java:90)
        at org.forgerock.openam.core.guice.CoreGuiceModule.getCTSWorkerExecutorService(CoreGuiceModule.java:369)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at com.google.inject.internal.ProviderMethod.get(ProviderMethod.java:104)
        at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40)
        at com.google.inject.internal.InjectorImpl$4$1.call(InjectorImpl.java:978)
        at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1031)
        at com.google.inject.internal.InjectorImpl$4.get(InjectorImpl.java:974)
        at com.google.inject.spi.ProviderLookup$1.get(ProviderLookup.java:89)
        at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40)
        at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)
        at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)
        at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:84)
        at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254)
        at com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:54)
        at com.google.inject.internal.InjectorImpl$4$1.call(InjectorImpl.java:978)
        at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1031)
        at com.google.inject.internal.InjectorImpl$4.get(InjectorImpl.java:974)
        at com.google.inject.spi.ProviderLookup$1.get(ProviderLookup.java:89)
        at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40)
        at com.google.inject.internal.ExposedKeyFactory.get(ExposedKeyFactory.java:54)
        at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)
        at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)
        at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:84)
        at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254)
        at com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:46)
        at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1031)
        at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
        at com.google.inject.Scopes$1$1.get(Scopes.java:65)
        at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40)
        at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)
        at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)
        at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:84)
        at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254)
        at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)
        at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)
        at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:84)
        at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254)
        at com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:46)
        at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1031)
        at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
        at com.google.inject.Scopes$1$1.get(Scopes.java:65)
        at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40)
        at com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:54)
        at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)
        at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)
        at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:84)
        at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254)
        at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)
        at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)
        at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:84)
        at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254)
        at com.google.inject.internal.InjectorImpl$4$1.call(InjectorImpl.java:978)
        at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1024)
        at com.google.inject.internal.InjectorImpl$4.get(InjectorImpl.java:974)
        at com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java:1013)
        at org.forgerock.guice.core.InjectorHolder.getInstance(InjectorHolder.java:80)
        at com.iplanet.dpro.session.Session.<init>(Session.java:290)
        at org.forgerock.openam.session.SessionCache.getSession(SessionCache.java:297)
        at org.forgerock.openam.session.SessionCache.getSession(SessionCache.java:232)
        at org.forgerock.openam.session.SessionCache.getSession(SessionCache.java:217)
        at com.iplanet.dpro.session.service.SessionService.getAuthenticationSession(SessionService.java:348)
        at com.sun.identity.authentication.service.AuthD.initAuthSession(AuthD.java:814)
        at com.sun.identity.authentication.service.AuthD.<init>(AuthD.java:242)
        at com.sun.identity.authentication.service.AuthD.<init>(AuthD.java:100)
        at com.sun.identity.authentication.service.AuthD$SingletonHolder.getInstance(AuthD.java:122)
        at com.sun.identity.authentication.service.AuthD.getAuth(AuthD.java:531)
        at com.sun.identity.authentication.UI.LoginLogoutMapping.initializeAuth(LoginLogoutMapping.java:98)
        at com.sun.identity.authentication.UI.LoginLogoutMapping.init(LoginLogoutMapping.java:73)
        at com.sun.identity.authentication.UI.LoginLogoutMapping.init(LoginLogoutMapping.java:62)
        at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1284)
        at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1197)
        at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1087)
        at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5231)
        at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5518)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
        at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
        at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:649)
        at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:1081)
        at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1877)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
        at java.util.concurrent.FutureTask.run(FutureTask.java:262)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:745)


 Comments   
Comment by Neil Madden [ 08/Jun/16 ]

I've just reproduced this issue after upgrading from DJ 3.0 to DJ 3.5 for the embedded store, and now my system is completely hosed: 500 errors from all endpoints. Upgrading to a Must-Fix issue for 13.5

Comment by Neil Madden [ 08/Jun/16 ]

Possible duplicate of linked bug.

Generated at Mon Mar 01 22:57:49 UTC 2021 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.