[jira] [Commented] (JCLOUDS-617) Unable to use Chef API with JCE provider with default RSA transformation padding other than PKCS1

Mon, 30 Jun 2014 22:59:23 -0700 

    [ 
https://issues.apache.org/jira/browse/JCLOUDS-617?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14048552#comment-14048552
 ] 

Jaroslav Kylberger commented on JCLOUDS-617:
--------------------------------------------

I didn't try other tools using this signature algorithm. And even more I am not 
able to generate valid signature with JSafe JCE. I did some mistake in my tests 
the first time, probably - sorry about that. The real problem is most probably 
that I am not able to configure this provider to generate a valid signature at 
all. What I didn't mention the first time is that this provider have to be set 
to use FIPS mode in my application (by setting 
com.rsa.cryptoj.fips140initialmode=FIPS140_MODE in java.security file). 

Nevertheless, making EncryptingPayload plugable will be exactly what I need.

> Unable to use Chef API with JCE provider with default RSA transformation 
> padding other than PKCS1
> -------------------------------------------------------------------------------------------------
>
>                 Key: JCLOUDS-617
>                 URL: https://issues.apache.org/jira/browse/JCLOUDS-617
>             Project: jclouds
>          Issue Type: Bug
>          Components: jclouds-chef
>    Affects Versions: 1.7.2
>            Reporter: Jaroslav Kylberger
>            Priority: Critical
>
> After adding JSafe JCE povider to java.security I get HTTP response code 401 
> and the message "Invalid signature for user or client '<chefClient>'" from 
> chef server when trying to connect using jclouds-chef api. The reason is that 
> this provider generates the signature using RSA algortihm with different mode 
> and/or padding that is used for decryption on chef server (and standard 
> SunJCE). The generated signature is then considered bad by the chef server. 
> The problem is in method org.jclouds.chef.filters.SignedHeaderAuth#sign which 
> uses org.jclouds.io.payloads.RSAEncryptingPayload from jcloud-core. This 
> class does not specify the mode and padding of RSA transformation and thus 
> provider defaults are used.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to