Describe the bug
A clear and concise description of what the bug is.
I am testing custom AES key as the feature is added to WebSphere/Open Liberty Operator.
I tried incorrect AES password which is not encrypted with provided AES key and I see below exceptions during startup and when accessing DB2. I think these exceptions are not clear and need to be updated. We need to clearly mentioned that password could not decrypted: AES algorithm is known to Liberty.
If there is a stack trace, please include the FULL stack trace (without any [internal classes] lines in it). To find the full stack trace, you may need to check in $WLP_OUTPUT_DIR/messages.log
[9/9/24, 20:55:20:285 UTC] 0000001e com.ibm.websphere.crypto.PasswordUtil E CWWKS1856E: The password was not processed because an unknown password algorithm exception was reported.
com.ibm.websphere.crypto.UnsupportedCryptoAlgorithmException
at com.ibm.ws.crypto.util.PasswordCipherUtil.aesDecipher(PasswordCipherUtil.java:269)
at com.ibm.ws.crypto.util.PasswordCipherUtil.decipher(PasswordCipherUtil.java:202)
at com.ibm.websphere.crypto.PasswordUtil.decode_password(PasswordUtil.java:631)
at com.ibm.websphere.crypto.PasswordUtil.passwordDecode(PasswordUtil.java:437)
at com.ibm.ws.security.auth.data.internal.AuthDataImpl.activate(AuthDataImpl.java:49)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at org.apache.felix.scr.impl.inject.methods.BaseMethod.invokeMethod(BaseMethod.java:245)
at org.apache.felix.scr.impl.inject.methods.BaseMethod.access$500(BaseMethod.java:41)
at org.apache.felix.scr.impl.inject.methods.BaseMethod$Resolved.invoke(BaseMethod.java:687)
at org.apache.felix.scr.impl.inject.methods.BaseMethod.invoke(BaseMethod.java:531)
at org.apache.felix.scr.impl.inject.methods.ActivateMethod.invoke(ActivateMethod.java:317)
at org.apache.felix.scr.impl.inject.methods.ActivateMethod.invoke(ActivateMethod.java:307)
Steps to Reproduce
Steps to reproduce the bug
I saw the problem for Liberty application deployed in OCP cluster but it is equivalent to below steps:
Setup Liberty server
Include custom encryption key in server.xml
Encrypt DB2 password as part of the auth alias (in server.xml) with a different key than above provided key
When I restart Liberty server, I see exception during startup:
[9/9/24, 20:55:20:285 UTC] 0000001e com.ibm.websphere.crypto.PasswordUtil E CWWKS1856E: The password was not processed because an unknown password algorithm exception was reported.
Expected behavior
A clear and concise description of what you expected to happen.
We need improved exception which says that provided password cannot be decrypted instead of unknown password algorithm
Diagnostic information:
OpenLiberty Version: [e.g. 21.0.0.8 - 21.0.0.10]
Affected feature(s) [e.g. mpHealth-3.0]
Java Version: [i.e. full output of java -version]
server.xml configuration (WITHOUT sensitive information like passwords)
If it would be useful, upload the messages.log file found in $WLP_OUTPUT_DIR/messages.log
Liberty version 24.0.0.8
Eclipse OpenJ9 VM, version 17.0.8.1+1 (en_US)
Additional context
Add any other context about the problem here.
Describe the bug
A clear and concise description of what the bug is. I am testing custom AES key as the feature is added to WebSphere/Open Liberty Operator.
I tried incorrect AES password which is not encrypted with provided AES key and I see below exceptions during startup and when accessing DB2. I think these exceptions are not clear and need to be updated. We need to clearly mentioned that password could not decrypted: AES algorithm is known to Liberty.
Steps to Reproduce
Steps to reproduce the bug I saw the problem for Liberty application deployed in OCP cluster but it is equivalent to below steps:
[9/9/24, 20:55:20:285 UTC] 0000001e com.ibm.websphere.crypto.PasswordUtil E CWWKS1856E: The password was not processed because an unknown password algorithm exception was reported.
Expected behavior
A clear and concise description of what you expected to happen. We need improved exception which says that provided password cannot be decrypted instead of
unknown password algorithm
Diagnostic information:
java -version
]$WLP_OUTPUT_DIR/messages.log
Liberty version 24.0.0.8 Eclipse OpenJ9 VM, version 17.0.8.1+1 (en_US)
Additional context
Add any other context about the problem here.