[
https://issues.apache.org/jira/browse/NIFI-8465?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17330993#comment-17330993
]
Paul Grey commented on NIFI-8465:
---------------------------------
PasswordBasedEncryptor depends on the contained call to
CipherUtility.processStreams() to throw a BadPaddingException at
cipher.doFinal() in order to engage the legacy fallback logic.
The code currently uses PKCS7Padding.
[https://en.wikipedia.org/wiki/Padding_(cryptography)#PKCS#5_and_PKCS#7]
On decryption of a ciphertext with an incorrect key, the last byte of the
recovered text will randomly contain the character "01". This will result in
the successful return of the doFinal() call. The test then (correctly) fails
on the mismatch of the recovered plaintext to the original plaintext.
> Correct intermittent failures in PasswordBasedEncryptorGroovyTest
> -----------------------------------------------------------------
>
> Key: NIFI-8465
> URL: https://issues.apache.org/jira/browse/NIFI-8465
> Project: Apache NiFi
> Issue Type: Bug
> Reporter: David Handermann
> Assignee: Paul Grey
> Priority: Minor
> Labels: encryption, security
>
> {{PasswordBasedEncryptorGroovyTest}} can fail intermittently during automated
> builds. A recent failure occurred when comparing encrypted and plaintext
> results:
> {quote}Error: Failures:
> Error:
> PasswordBasedEncryptorGroovyTest.testBcryptDecryptShouldSupportLegacyKeyDerivationProcess:445
> assert recovered == PLAINTEXT{quote}
> The test class should be evaluated to determine the source of the problem and
> refactored to avoid potential failures. It is also worth evaluating the
> opportunity to refactor the test into more discrete test classes.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
