You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Wido den Hollander (JIRA)" <ji...@apache.org> on 2013/05/15 20:17:16 UTC
[jira] [Reopened] (CLOUDSTACK-2039) Improve console access security
with 128-bit AES encryption and securely-randomized key generation
[ https://issues.apache.org/jira/browse/CLOUDSTACK-2039?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Wido den Hollander reopened CLOUDSTACK-2039:
--------------------------------------------
I think I encountered a bug with this.
My management server is 4.1 and my Console Proxy as well. The problem is that when I try to open a Console session I get this in my systemvm.log:
2013-05-15 12:05:21,908 ERROR [cloud.consoleproxy.ConsoleProxyPasswordBasedEncryptor] (Thread-43:) Unexpected exception
javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.DESCipher.engineDoFinal(DashoA13*..)
at javax.crypto.Cipher.doFinal(DashoA13*..)
at com.cloud.consoleproxy.ConsoleProxyPasswordBasedEncryptor.decryptText(ConsoleProxyPasswordBasedEncryptor.java:97)
at com.cloud.consoleproxy.ConsoleProxyPasswordBasedEncryptor.decryptObject(ConsoleProxyPasswordBasedEncryptor.java:129)
at com.cloud.consoleproxy.ConsoleProxyHttpHandlerHelper.getQueryMap(ConsoleProxyHttpHandlerHelper.java:53)
at com.cloud.consoleproxy.ConsoleProxyAjaxHandler.doHandle(ConsoleProxyAjaxHandler.java:69)
at com.cloud.consoleproxy.ConsoleProxyAjaxHandler.handle(ConsoleProxyAjaxHandler.java:47)
at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:65)
at sun.net.httpserver.AuthFilter.doFilter(AuthFilter.java:65)
at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:68)
at sun.net.httpserver.ServerImpl$Exchange$LinkHandler.handle(ServerImpl.java:555)
at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:65)
at sun.net.httpserver.ServerImpl$Exchange.run(ServerImpl.java:525)
at java.lang.Thread.run(Thread.java:662)
2013-05-15 12:05:21,910 WARN [cloud.consoleproxy.ConsoleProxyAjaxHandler] (Thread-43:) Exception,
java.lang.IllegalArgumentException
at com.cloud.consoleproxy.ConsoleProxyAjaxHandler.doHandle(ConsoleProxyAjaxHandler.java:90)
at com.cloud.consoleproxy.ConsoleProxyAjaxHandler.handle(ConsoleProxyAjaxHandler.java:47)
at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:65)
at sun.net.httpserver.AuthFilter.doFilter(AuthFilter.java:65)
at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:68)
at sun.net.httpserver.ServerImpl$Exchange$LinkHandler.handle(ServerImpl.java:555)
at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:65)
at sun.net.httpserver.ServerImpl$Exchange.run(ServerImpl.java:525)
at java.lang.Thread.run(Thread.java:662)
Line 97 is:
cipher.init(Cipher.DECRYPT_MODE, keySpec, new IvParameterSpec(keyIvPair.getIvBytes()));
That throws a "BadPaddingException: Given final block not properly padded"
I'm not so familiar with this, so any ideas what this could be?
> Improve console access security with 128-bit AES encryption and securely-randomized key generation
> --------------------------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-2039
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2039
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the default.)
> Affects Versions: 4.1.0, 4.2.0
> Reporter: Kelven Yang
> Assignee: Kelven Yang
> Fix For: 4.1.0, 4.2.0
>
>
> Improve console access security with 128-bit AES encryption and securely-randomized key generation
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira