Hi all,
*My server:*
- Version: CAS 5.3.x
- Ticketing: Hazelcast
*Problem:*
These few days I have been stress testing my CAS 5.3.x for production
launch, and I see that *undergoes medium stress (1 req / seconds using
JMeter), the following errors will occurs randomly* (~100 times 1 will
occurs):
- Exception that I see are:
- java.lang.IllegalStateException: Cipher not initialized
- javax.crypto.BadPaddingException: Given final block not properly
padded. Such issues can arise if a bad key is used during decryption.
- javax.crypto.IllegalBlockSizeException: Input length must be
multiple of 16 when decrypting with padded cipher
*Research and possible solution:*
I found that, for my server, it seems to be a problem in
BaseBinaryCipherExecutor.java
<https://github.com/apereo/cas/blob/v5.3.6/core/cas-server-core-util-api/src/main/java/org/apereo/cas/util/cipher/BaseBinaryCipherExecutor.java#L73>
,
this.aesCipher = Cipher.getInstance("AES"); is executed in the *class
constructor *instead of before this.aesCipher.init(Cipher.ENCRYPT_MODE, this
.encryptionKey);.
And after changing the code to the following:
@Override
@SneakyThrows
public byte[] encode(final byte[] value, final Object[] parameters) {
Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.ENCRYPT_MODE, this.encryptionKey);
final byte[] result = cipher.doFinal(value);
return sign(result);
}
@Override
@SneakyThrows
public byte[] decode(final byte[] value, final Object[] parameters) {
final byte[] verifiedValue = verifySignature(value);
Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.DECRYPT_MODE, this.encryptionKey);
final byte[] bytePlainText = cipher.doFinal(verifiedValue);
return bytePlainText;
}
My stress test yield much more consistent result. And no more Cipher error
exists anymore.
*Question:*
Before I submit a PR, *I want to know if this is a problem only applicable
to me, or is applicable to other CAS 5.3.x servers.* So I would like to ask:
- Have anybody else using 5.3.x, found the above Exception in their
production CAS logs?
- If yes, are you using Hazelcast (I want to know if this problem
extends beyond Hazelcast)
Thanks and cheers!
- Andy
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/478e3787-f2f4-4f1d-84d1-cdff759b45d1%40apereo.org.
