[jira] [Commented] (JCLOUDS-617) Unable to use Chef API with JCE provider with default RSA transformation padding other than PKCS1

Tue, 01 Jul 2014 06:52:48 -0700 

    [ 
https://issues.apache.org/jira/browse/JCLOUDS-617?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14048887#comment-14048887
 ] 

Ignasi Barrera commented on JCLOUDS-617:
----------------------------------------

I've just opened [pull request 
#428|https://github.com/jclouds/jclouds/pull/428] to allow customizing the JCE 
provider the RSAEncryptingPayload uses. Once it is merged you should be able to 
plug your own JCE provider as follows:

{code:java}
ChefContext ctx = ContextBuilder.newBuilder("chef")
   ...
   .modules(ImmutableSet.of(new JSafeCryptoModule()))
   .buildView(ChefContext.class);


private static class JSafeCryptoModule extends AbstractModule {
   @Override
   protected void configure() {
      bind(Crypto.class).to(JSafeCrypto.class);
   }
}

private static class JSafeCrypto extends JCECrypto {
   public JSafeCrypto() {
      super(new JSafeProvider()); // Or however the JSafe provider is 
instantiated
   }
   // Override any JCECrypto method, if needed
}
{code}

So, basically you'll have to subclass the {{JCECrypto}} class and pass the JCE 
provider of your choice to the {{super}} constructor. Once that is done, you 
just have to create a Guice module that binds that class to the {{Crypto}} 
interface, and add it to the list of modules you provide when creating the 
context.
In theory you shouldn't have to override the methods in the {{JCECrypto}} 
class, but you can do it if needed (you may also want to have a look at the 
[BouncyCastle 
driver|https://github.com/jclouds/jclouds/tree/master/drivers/bouncycastle] for 
a similar example.

> Unable to use Chef API with JCE provider with default RSA transformation 
> padding other than PKCS1
> -------------------------------------------------------------------------------------------------
>
>                 Key: JCLOUDS-617
>                 URL: https://issues.apache.org/jira/browse/JCLOUDS-617
>             Project: jclouds
>          Issue Type: Bug
>          Components: jclouds-chef
>    Affects Versions: 1.7.2
>            Reporter: Jaroslav Kylberger
>            Priority: Critical
>
> After adding JSafe JCE povider to java.security I get HTTP response code 401 
> and the message "Invalid signature for user or client '<chefClient>'" from 
> chef server when trying to connect using jclouds-chef api. The reason is that 
> this provider generates the signature using RSA algortihm with different mode 
> and/or padding that is used for decryption on chef server (and standard 
> SunJCE). The generated signature is then considered bad by the chef server. 
> The problem is in method org.jclouds.chef.filters.SignedHeaderAuth#sign which 
> uses org.jclouds.io.payloads.RSAEncryptingPayload from jcloud-core. This 
> class does not specify the mode and padding of RSA transformation and thus 
> provider defaults are used.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to