You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Benjamin Bentmann (JIRA)" <ji...@codehaus.org> on 2010/03/26 17:45:23 UTC
[jira] Created: (MNG-4612) Password escpaping doesn't work
Password escpaping doesn't work
-------------------------------
Key: MNG-4612
URL: http://jira.codehaus.org/browse/MNG-4612
Project: Maven 2 & 3
Issue Type: Bug
Components: Settings
Affects Versions: 3.0-alpha-7, 2.2.1
Reporter: Benjamin Bentmann
Priority: Minor
In MNG-4611 some user presented a *cleartext* password of the form
{noformat}
{DESede}y+qq...==
{noformat}
Given the presence of braces, this password needs to be escaped to be used as a cleartext password. However, the escaping syntax documented in [Maven Password Encryption|http://maven.apache.org/guides/mini/guide-encryption.html#Tips] is broken. Trying the documented way of putting in backslashes and embedding the entire string again in braces like
{noformat}
{\{DESede\}y+qq...==}
{noformat}
yields
{noformat}
[WARNING] Not decrypting password for server 'maven-core-it' due to exception in security handler.
Cause: null
[DEBUG] Full trace follows
org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException: org.sonatype.plexus.components.cipher.PlexusCipherException: java.lang.ArrayIndexOutOfBoun
dsException
at org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher.decrypt(DefaultSecDispatcher.java:121)
at org.apache.maven.DefaultMaven.resolveParameters(DefaultMaven.java:738)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:250)
at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:138)
at org.apache.maven.cli.MavenCli.main(MavenCli.java:362)
at org.apache.maven.cli.compat.CompatibleMain.main(CompatibleMain.java:60)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:592)
at org.codehaus.classworlds.Launcher.launchEnhanced(Launcher.java:315)
at org.codehaus.classworlds.Launcher.launch(Launcher.java:255)
at org.codehaus.classworlds.Launcher.mainWithExitCode(Launcher.java:430)
at org.codehaus.classworlds.Launcher.main(Launcher.java:375)
Caused by: org.sonatype.plexus.components.cipher.PlexusCipherException: java.lang.ArrayIndexOutOfBoundsException
at org.sonatype.plexus.components.cipher.PBECipher.decrypt64(PBECipher.java:193)
at org.sonatype.plexus.components.cipher.DefaultPlexusCipher.decrypt(DefaultPlexusCipher.java:72)
at org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher.decrypt(DefaultSecDispatcher.java:96)
... 13 more
Caused by: java.lang.ArrayIndexOutOfBoundsException
at java.lang.System.arraycopy(Native Method)
at org.sonatype.plexus.components.cipher.PBECipher.decrypt64(PBECipher.java:175)
... 15 more
{noformat}
Trying without the surrounding braces as suggested by the source code
{noformat}
\{DESede\}y+qq...==
{noformat}
successfully prevents decryption, but the string isn't unescaped either, making Maven use a wrong password.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (MNG-4612) Password escpaping doesn't work
Posted by "Benjamin Bentmann (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MNG-4612?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Benjamin Bentmann updated MNG-4612:
-----------------------------------
Description:
In MNG-4611 some user presented a *cleartext* password of the form
{noformat}
{DESede}y+qq...==
{noformat}
Given the presence of braces, this password needs to be escaped to be used as a cleartext password. However, the escaping syntax documented in [Maven Password Encryption|http://maven.apache.org/guides/mini/guide-encryption.html#Tips] is broken. Trying the documented way of putting in backslashes and embedding the entire string again in braces like
{noformat}
{\{DESede\}y+qq...==}
{noformat}
yields
{noformat}
[WARNING] Not decrypting password for server 'maven-core-it' due to exception in security handler.
Cause: null
[DEBUG] Full trace follows
org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException:
org.sonatype.plexus.components.cipher.PlexusCipherException:
java.lang.ArrayIndexOutOfBoundsException
at org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher.decrypt(DefaultSecDispatcher.java:121)
at org.apache.maven.DefaultMaven.resolveParameters(DefaultMaven.java:738)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:250)
at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:138)
at org.apache.maven.cli.MavenCli.main(MavenCli.java:362)
at org.apache.maven.cli.compat.CompatibleMain.main(CompatibleMain.java:60)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:592)
at org.codehaus.classworlds.Launcher.launchEnhanced(Launcher.java:315)
at org.codehaus.classworlds.Launcher.launch(Launcher.java:255)
at org.codehaus.classworlds.Launcher.mainWithExitCode(Launcher.java:430)
at org.codehaus.classworlds.Launcher.main(Launcher.java:375)
Caused by: org.sonatype.plexus.components.cipher.PlexusCipherException: java.lang.ArrayIndexOutOfBoundsException
at org.sonatype.plexus.components.cipher.PBECipher.decrypt64(PBECipher.java:193)
at org.sonatype.plexus.components.cipher.DefaultPlexusCipher.decrypt(DefaultPlexusCipher.java:72)
at org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher.decrypt(DefaultSecDispatcher.java:96)
... 13 more
Caused by: java.lang.ArrayIndexOutOfBoundsException
at java.lang.System.arraycopy(Native Method)
at org.sonatype.plexus.components.cipher.PBECipher.decrypt64(PBECipher.java:175)
... 15 more
{noformat}
Trying without the surrounding braces as suggested by the source code
{noformat}
\{DESede\}y+qq...==
{noformat}
successfully prevents decryption, but the string isn't unescaped either, making Maven use a wrong password.
was:
In MNG-4611 some user presented a *cleartext* password of the form
{noformat}
{DESede}y+qq...==
{noformat}
Given the presence of braces, this password needs to be escaped to be used as a cleartext password. However, the escaping syntax documented in [Maven Password Encryption|http://maven.apache.org/guides/mini/guide-encryption.html#Tips] is broken. Trying the documented way of putting in backslashes and embedding the entire string again in braces like
{noformat}
{\{DESede\}y+qq...==}
{noformat}
yields
{noformat}
[WARNING] Not decrypting password for server 'maven-core-it' due to exception in security handler.
Cause: null
[DEBUG] Full trace follows
org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException: org.sonatype.plexus.components.cipher.PlexusCipherException: java.lang.ArrayIndexOutOfBoun
dsException
at org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher.decrypt(DefaultSecDispatcher.java:121)
at org.apache.maven.DefaultMaven.resolveParameters(DefaultMaven.java:738)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:250)
at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:138)
at org.apache.maven.cli.MavenCli.main(MavenCli.java:362)
at org.apache.maven.cli.compat.CompatibleMain.main(CompatibleMain.java:60)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:592)
at org.codehaus.classworlds.Launcher.launchEnhanced(Launcher.java:315)
at org.codehaus.classworlds.Launcher.launch(Launcher.java:255)
at org.codehaus.classworlds.Launcher.mainWithExitCode(Launcher.java:430)
at org.codehaus.classworlds.Launcher.main(Launcher.java:375)
Caused by: org.sonatype.plexus.components.cipher.PlexusCipherException: java.lang.ArrayIndexOutOfBoundsException
at org.sonatype.plexus.components.cipher.PBECipher.decrypt64(PBECipher.java:193)
at org.sonatype.plexus.components.cipher.DefaultPlexusCipher.decrypt(DefaultPlexusCipher.java:72)
at org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher.decrypt(DefaultSecDispatcher.java:96)
... 13 more
Caused by: java.lang.ArrayIndexOutOfBoundsException
at java.lang.System.arraycopy(Native Method)
at org.sonatype.plexus.components.cipher.PBECipher.decrypt64(PBECipher.java:175)
... 15 more
{noformat}
Trying without the surrounding braces as suggested by the source code
{noformat}
\{DESede\}y+qq...==
{noformat}
successfully prevents decryption, but the string isn't unescaped either, making Maven use a wrong password.
> Password escpaping doesn't work
> -------------------------------
>
> Key: MNG-4612
> URL: http://jira.codehaus.org/browse/MNG-4612
> Project: Maven 2 & 3
> Issue Type: Bug
> Components: Settings
> Affects Versions: 2.2.1, 3.0-alpha-7
> Reporter: Benjamin Bentmann
> Priority: Minor
>
> In MNG-4611 some user presented a *cleartext* password of the form
> {noformat}
> {DESede}y+qq...==
> {noformat}
> Given the presence of braces, this password needs to be escaped to be used as a cleartext password. However, the escaping syntax documented in [Maven Password Encryption|http://maven.apache.org/guides/mini/guide-encryption.html#Tips] is broken. Trying the documented way of putting in backslashes and embedding the entire string again in braces like
> {noformat}
> {\{DESede\}y+qq...==}
> {noformat}
> yields
> {noformat}
> [WARNING] Not decrypting password for server 'maven-core-it' due to exception in security handler.
> Cause: null
> [DEBUG] Full trace follows
> org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException:
> org.sonatype.plexus.components.cipher.PlexusCipherException:
> java.lang.ArrayIndexOutOfBoundsException
> at org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher.decrypt(DefaultSecDispatcher.java:121)
> at org.apache.maven.DefaultMaven.resolveParameters(DefaultMaven.java:738)
> at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:250)
> at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:138)
> at org.apache.maven.cli.MavenCli.main(MavenCli.java:362)
> at org.apache.maven.cli.compat.CompatibleMain.main(CompatibleMain.java:60)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:592)
> at org.codehaus.classworlds.Launcher.launchEnhanced(Launcher.java:315)
> at org.codehaus.classworlds.Launcher.launch(Launcher.java:255)
> at org.codehaus.classworlds.Launcher.mainWithExitCode(Launcher.java:430)
> at org.codehaus.classworlds.Launcher.main(Launcher.java:375)
> Caused by: org.sonatype.plexus.components.cipher.PlexusCipherException: java.lang.ArrayIndexOutOfBoundsException
> at org.sonatype.plexus.components.cipher.PBECipher.decrypt64(PBECipher.java:193)
> at org.sonatype.plexus.components.cipher.DefaultPlexusCipher.decrypt(DefaultPlexusCipher.java:72)
> at org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher.decrypt(DefaultSecDispatcher.java:96)
> ... 13 more
> Caused by: java.lang.ArrayIndexOutOfBoundsException
> at java.lang.System.arraycopy(Native Method)
> at org.sonatype.plexus.components.cipher.PBECipher.decrypt64(PBECipher.java:175)
> ... 15 more
> {noformat}
> Trying without the surrounding braces as suggested by the source code
> {noformat}
> \{DESede\}y+qq...==
> {noformat}
> successfully prevents decryption, but the string isn't unescaped either, making Maven use a wrong password.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MNG-4612) Password escaping doesn't work
Posted by "Robert Scholte (JIRA)" <ji...@codehaus.org>.
[ https://jira.codehaus.org/browse/MNG-4612?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Scholte updated MNG-4612:
--------------------------------
Summary: Password escaping doesn't work (was: Password escpaping doesn't work)
> Password escaping doesn't work
> ------------------------------
>
> Key: MNG-4612
> URL: https://jira.codehaus.org/browse/MNG-4612
> Project: Maven 2 & 3
> Issue Type: Bug
> Components: Settings
> Affects Versions: 2.2.1, 3.0-alpha-7
> Reporter: Benjamin Bentmann
> Priority: Minor
> Fix For: Issues to be reviewed for 3.x
>
>
> In MNG-4611 some user presented a *cleartext* password of the form
> {noformat}
> {DESede}y+qq...==
> {noformat}
> Given the presence of braces, this password needs to be escaped to be used as a cleartext password. However, the escaping syntax documented in [Maven Password Encryption|http://maven.apache.org/guides/mini/guide-encryption.html#Tips] is broken. Trying the documented way of putting in backslashes and embedding the entire string again in braces like
> {noformat}
> {\{DESede\}y+qq...==}
> {noformat}
> yields
> {noformat}
> [WARNING] Not decrypting password for server 'maven-core-it' due to exception in security handler.
> Cause: null
> [DEBUG] Full trace follows
> org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException:
> org.sonatype.plexus.components.cipher.PlexusCipherException:
> java.lang.ArrayIndexOutOfBoundsException
> at org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher.decrypt(DefaultSecDispatcher.java:121)
> at org.apache.maven.DefaultMaven.resolveParameters(DefaultMaven.java:738)
> at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:250)
> at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:138)
> at org.apache.maven.cli.MavenCli.main(MavenCli.java:362)
> at org.apache.maven.cli.compat.CompatibleMain.main(CompatibleMain.java:60)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:592)
> at org.codehaus.classworlds.Launcher.launchEnhanced(Launcher.java:315)
> at org.codehaus.classworlds.Launcher.launch(Launcher.java:255)
> at org.codehaus.classworlds.Launcher.mainWithExitCode(Launcher.java:430)
> at org.codehaus.classworlds.Launcher.main(Launcher.java:375)
> Caused by: org.sonatype.plexus.components.cipher.PlexusCipherException: java.lang.ArrayIndexOutOfBoundsException
> at org.sonatype.plexus.components.cipher.PBECipher.decrypt64(PBECipher.java:193)
> at org.sonatype.plexus.components.cipher.DefaultPlexusCipher.decrypt(DefaultPlexusCipher.java:72)
> at org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher.decrypt(DefaultSecDispatcher.java:96)
> ... 13 more
> Caused by: java.lang.ArrayIndexOutOfBoundsException
> at java.lang.System.arraycopy(Native Method)
> at org.sonatype.plexus.components.cipher.PBECipher.decrypt64(PBECipher.java:175)
> ... 15 more
> {noformat}
> Trying without the surrounding braces as suggested by the source code
> {noformat}
> \{DESede\}y+qq...==
> {noformat}
> successfully prevents decryption, but the string isn't unescaped either, making Maven use a wrong password.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira