You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2013/05/17 09:51:16 UTC
[jira] [Commented] (CLOUDSTACK-2552) AWSAPI: Cannot register/use
EC2 API when the setup uses encryption -
EncryptionOperationNotPossibleException
[ https://issues.apache.org/jira/browse/CLOUDSTACK-2552?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13660451#comment-13660451 ]
ASF subversion and git services commented on CLOUDSTACK-2552:
-------------------------------------------------------------
Commit 046580fcf117aadf77179011ecfb5dfffdcca65f in branch refs/heads/master from [~likithas]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=046580f ]
CLOUDSTACK-2552. Modify AWSAPI to decrypt db values using the decrypted database_key and not management_server_key
> AWSAPI: Cannot register/use EC2 API when the setup uses encryption - EncryptionOperationNotPossibleException
> ------------------------------------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-2552
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2552
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the default.)
> Components: AWSAPI
> Affects Versions: 4.1.0
> Reporter: Likitha Shetty
> Assignee: Likitha Shetty
> Fix For: 4.2.0
>
>
> REPRO STEPS
> =============
> Setup:
> -----------
> 1. Setup encrytion while running cloud-setup-databases
> cloud-setup-databases cloud:cloud@localhost --deploy-as=root:<password> -e file -m <management-key> -k <database-key>
> Make sure that values for <management-key> and <database-key> are different
> 2. Create a user under root domain and generate api/secret key
> 3. Generate a private key and a self-signed X.509 certificate and try to register the user
> CloudStack using cloudstack-aws-api-register script.
> $ cloudstack-aws-api-register --apikey=<User’s Cloudstack API key>
> --secretkey=<User’s CloudStack Secret key> --cert=</path/to/cert.pem>
> --url=http://127.0.0.1:7080/awsapi
> 4. $User registration failed with http error code: 500
> 5. Also try any EC2 Query API calls - they fail too
> awsapi.log shows:
> 2013-05-03 16:35:39,772 ERROR [bridge.service.EC2RestServlet]
> (catalina-exec-int-9:null) Unexpected exception: null
> org.jasypt.exceptions.EncryptionOperationNotPossibleException
> at
> org.jasypt.encryption.pbe.StandardPBEByteEncryptor.decrypt(StandardPBEByteEncryptor.java:981)
> at
> org.jasypt.encryption.pbe.StandardPBEStringEncryptor.decrypt(StandardPBEStringEncryptor.java:717)
> at
> com.cloud.bridge.persist.dao.UserCredentialsDao.getByAccessKeyFromCloudDB(UserCredentialsDao.java:127)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira