[jira] [Commented] (ARTEMIS-1074) Acceptors and Connectors that enable SSL don’t start up while using a password codec

Tue, 28 Mar 2017 10:15:06 -0700 

    [ 
https://issues.apache.org/jira/browse/ARTEMIS-1074?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15945566#comment-15945566
 ] 

ASF GitHub Bot commented on ARTEMIS-1074:
-----------------------------------------

Github user jbertram commented on a diff in the pull request:

    https://github.com/apache/activemq-artemis/pull/1139#discussion_r108480518
  
    --- Diff: 
artemis-commons/src/main/java/org/apache/activemq/artemis/utils/DefaultSensitiveStringCodec.java
 ---
    @@ -139,8 +140,12 @@ private void updateKey(String key) {
           public String decode(String secret) throws Exception {
              SecretKeySpec key = new SecretKeySpec(internalKey, "Blowfish");
     
    -         BigInteger n = new BigInteger((String) secret, 16);
    -         byte[] encoding = n.toByteArray();
    +         byte[] encoding;
    +         try {
    +            encoding = new BigInteger(secret, 16).toByteArray();
    +         } catch (Exception ex) {
    +            throw new IllegalArgumentException("Password must be 
encrypted.");
    --- End diff --
    
    I think it would also be worth logging the original exception at debug 
level.  Be sure to wrap the log statement in `if (logger.isDebugEnabled())`.


> Acceptors and Connectors that enable SSL don’t start up while using a 
> password codec
> ------------------------------------------------------------------------------------
>
>                 Key: ARTEMIS-1074
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-1074
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>    Affects Versions: 1.5.3, 2.0.0
>            Reporter: Armand Roelens
>            Priority: Critical
>              Labels: security
>         Attachments: exception.png
>
>
> When configuring acceptors/connectors in the artemis.xml to use SSL and a 
> password codec for password encryption (masking-password is enabled to true), 
> the following exception (attached to the ticket) occurs preventing the 
> acceptors/connectors from starting up.
> The getPasswordProperty() method in the ConfigurationHelper expects both the 
> masking password property and the password codec property as input arguments, 
> however the masking password property is being passed in place of the 
> password codec property (thus being passed in twice) which will cause an 
> exception to occur.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to