You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
manageLTPA encrypts the ltpa.keysPassword using the default wlp.password.encryption.key. thus, when an app specifies their own wlp.password.encryption.key, the ltpa.keysPassword fails to be decryped.
Steps to reproduce:
Create a liberty app which sets <variable name="wlp.password.encryption.key" value="123" /> in the server.xml
Set spec.manageLTPA: true in the WebSphereLibertyApplication
Deploy the app WebSphereLibertyApplication
The following error is produced:
[4/16/24, 13:56:00:638 UTC] 0000002b com.ibm.websphere.crypto.PasswordUtil E CWWKS1856E: The password was not processed because an unknown password algorithm exception was reported.
com.ibm.websphere.crypto.UnsupportedCryptoAlgorithmException
at com.ibm.ws.crypto.util.PasswordCipherUtil.aesDecipher(PasswordCipherUtil.java:269)
at com.ibm.ws.crypto.util.PasswordCipherUtil.decipher(PasswordCipherUtil.java:202)
at com.ibm.websphere.crypto.PasswordUtil.decode_password(PasswordUtil.java:638)
at com.ibm.websphere.crypto.PasswordUtil.passwordDecode(PasswordUtil.java:437)
at com.ibm.ws.security.token.ltpa.internal.LTPAKeyCreateTask.getKeyPasswordBytes(LTPAKeyCreateTask.java:52)
at com.ibm.ws.security.token.ltpa.internal.LTPAKeyCreateTask.getPreparedLtpaKeyInfoManager(LTPAKeyCreateTask.java:59)
at com.ibm.ws.security.token.ltpa.internal.LTPAKeyCreateTask.createRequiredCollaborators(LTPAKeyCreateTask.java:95)
at com.ibm.ws.security.token.ltpa.internal.LTPAKeyCreateTask.run(LTPAKeyCreateTask.java:105)
at com.ibm.ws.threading.internal.ExecutorServiceImpl$RunnableWrapper.run(ExecutorServiceImpl.java:280)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:857)
Caused by: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
at java.base/com.sun.crypto.provider.CipherCore.unpad(CipherCore.java:917)
at java.base/com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:997)
at java.base/com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:771)
at java.base/com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:436)
at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2263)
at com.ibm.ws.crypto.util.PasswordCipherUtil.aesDecipher(PasswordCipherUtil.java:255)
... 11 more
manageLTPA encrypts the
ltpa.keysPassword
using the defaultwlp.password.encryption.key
. thus, when an app specifies their ownwlp.password.encryption.key
, theltpa.keysPassword
fails to be decryped.Steps to reproduce:
<variable name="wlp.password.encryption.key" value="123" />
in theserver.xml
spec.manageLTPA: true
in theWebSphereLibertyApplication
WebSphereLibertyApplication
The following error is produced:
References:
websphere-liberty-operator/controllers/assets/create_ltpa_keys.sh
Line 35 in 74edaca
The text was updated successfully, but these errors were encountered: