[
https://issues.apache.org/jira/browse/NIFI-8465?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17332486#comment-17332486
]
Paul Grey commented on NIFI-8465:
---------------------------------
Trying to bound the work here.
Since we plan to revisit EncryptContent / StreamCallback, a test case patch
seems appropriate. I have direct evidence that the PKCS7Padding false positive
is the issue. I've opened a PR that will handle the existing random failure by
directly invoking the legacy KDF logic.
I've verified the expected log output on a failure case, as well as the correct
output. While this test formerly would fail 1/256 of the time, it should now
fail only when there is an actual problem.
> Correct intermittent failures in PasswordBasedEncryptorGroovyTest
> -----------------------------------------------------------------
>
> Key: NIFI-8465
> URL: https://issues.apache.org/jira/browse/NIFI-8465
> Project: Apache NiFi
> Issue Type: Bug
> Reporter: David Handermann
> Assignee: Paul Grey
> Priority: Minor
> Labels: encryption, security
> Time Spent: 10m
> Remaining Estimate: 0h
>
> {{PasswordBasedEncryptorGroovyTest}} can fail intermittently during automated
> builds. A recent failure occurred when comparing encrypted and plaintext
> results:
> {quote}Error: Failures:
> Error:
> PasswordBasedEncryptorGroovyTest.testBcryptDecryptShouldSupportLegacyKeyDerivationProcess:445
> assert recovered == PLAINTEXT{quote}
> The test class should be evaluated to determine the source of the problem and
> refactored to avoid potential failures. It is also worth evaluating the
> opportunity to refactor the test into more discrete test classes.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
