javax.crypto.BadPaddingException: Given final block not properly padded

[somurssr]

Hi ,When I start the app with no ssl (HTTP) only [2021-04-05 17:15:24] id= noid Logon request sent (GET) GET /queueWatch/ HTTP/1.1 Host: bnlvwtxfsa:30000 Accept: / Content-Type: application/x-www-form-urlencoded Connection: Keep-Alive

[2021-04-05 17:15:24] id= noid checkHTTPStatus: HTTP/1.1 200 OK

[2021-04-05 17:15:24] id= noid HTTP/1.1 200 OK

[2021-04-05 17:15:24] id= noid Date: Mon, 05 Apr 2021 21:15:24 GMT

[2021-04-05 17:15:24] id= noid securetoken=1617657324323node01rt1pbuc3d1w3bncpyu28e166154 [2021-04-05 17:15:24] id= noid Logon request sent (POST)POST /queueWatch/queueWatcher?securetoken=1617657324323node01rt1pbuc3d1w3bncpyu28e166154 HTTP/1.1 Host: bnlvwtxfsa:30000 Accept: / Content-Type: application/x-www-form-urlencoded Connection: Keep-Alive Content-Length: 30 Cookie: JSESSIONID==3=srv=3=sn=1611F5804A7067A13C0DA9709F87F47B=perc=100000=ol=0=mul=1=app:50b52dac72daf2ee=0

[2021-04-05 17:15:24] id= noid Response status from LOGON call received :null [2021-04-05 17:15:24] id= noid checkHTTPStatus: true null

[2021-04-05 17:15:24] id= noid checkHTTPStatus: true null [2021-04-05 17:15:24] id= noid GET http://bnlvwtxfsa:30000/queueWatch/queueWatcher?securetoken=1617657324323node01rt1pbuc3d1w3bncpyu28e166154&qname=threads HTTP/1.1 Accept: / Accept-Language: en-GB,en-US Host: bnlvwtxfsa:30000 Cookie: JSESSIONID==3=srv=3=sn=1611F5804A7067A13C0DA9709F87F47B=perc=100000=ol=0=mul=1=app:50b52dac72daf2ee=0 Connection: Keep-Alive

[2021-04-05 17:15:24] id= noid checkHTTPStatus: false null

[2021-04-05 17:15:24] id= noid checkHTTPStatus: false null

[2021-04-05 17:15:24] id= noid checkHTTPStatus: false HTTP/1.1 302 Found

[somurssr]

it just created like this only NODE1 2021-04-05 17:37:30 HDR host bnlvwtxfsa port 30000 rate 5000 threshold 90.0 node 1 211 2.1.1 APR 2019

[somurssr]

[2021-04-06 07:51:24] Active: 0 Waiting: 0 Heap: 0.0 GB Free: 0.0 GB Samples: 0 [2021-04-06 07:51:34] Active: 0 Waiting: 0 Heap: 0.0 GB Free: 0.0 GB Samples: 0

[mbabari]

There is a connection problem to QW from the LWQWW application. Please connect to Sterling SFG Queue Watcher with a browser to initiate a session first, and then connect with the LWQWW application.

[somurssr]

Thank you for answering, yes I have been checking all the time from browser and dont see any issue. some how from LWQWW application it is not capturing..it will really helps as often we are seeing issues with produciton and hoping this will give some insights . Please help me.. this is what I have {ecom000@bnlvwtxfsa} {/sterling/qww/LWQWW} $ cat lwqww.properties silence= user=ramasis password= keyStorePassword= trustStorePassword= threshold=90.0 stop_after=0 target1=!\u0014\u0016\u0006\u00128\u0013\u0010ELC\u001C8\f\u0015\u0011\u001C\f\u001C8\u001B\n\u0005\u0004%\u0015\r

keyStore=C\:/tmp/lwqww/keystore.jks

workdir=/sterling/qww/LWQWW jdbc=off nohup=false port=30000 ssl=false memory= host=bnlvwtxfsa logon=on

trustStore=C\:/tmp/lwqww/truststore.jks

debug=on node=1 wfid= keyStoreType=jks netdebug=ssl header= trustStoreType=jks solicitPW=false rate=5000 target=queueWatch workdir=/sterling/qww/LWQWW stop_After=0

[mbabari]

Hello Do you get any errors in SFG sci.log when you connect with LWQWW?

[somurssr]

I didnt see sci.log, also I switched to SSL, bu adding keyand truststore as our dashboard is on SSL port. but still no luck.

[somurssr]

HandshakeMessage: TLS Keygenerator IbmTlsPrf from provider from init IBMJCEFIPS version 1.8 %% Cached client session: [Session-2, SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384] lwqww, WRITE: TLSv1.2 Application Data, length = 224 [2021-04-07 08:49:11] id= noid Logon request sent (GET) GET /queueWatch/ HTTP/1.1 Host: bnlvwtxfsa.labcorp.com:30001 Accept: / Content-Type: application/x-www-form-urlencoded Connection: Keep-Alive

lwqww, READ: TLSv1.2 Application Data, length = 11360 [2021-04-07 08:49:11] id= noid checkHTTPStatus: HTTP/1.1 200 OK

[2021-04-07 08:49:11] id= noid HTTP/1.1 200 OK

[2021-04-07 08:49:11] id= noid Date: Wed, 07 Apr 2021 12:49:11 GMT

[2021-04-07 08:49:11] id= noid securetoken=1617799751313node010h8shcbcnrsff0k1ivsicj791762 lwqww, WRITE: TLSv1.2 Application Data, length = 464 [2021-04-07 08:49:11] id= noid Logon request sent (POST)POST /queueWatch/queueWatcher?securetoken=1617799751313node010h8shcbcnrsff0k1ivsicj791762 HTTP/1.1 Host: bnlvwtxfsa.labcorp.com:30001 Accept: / Content-Type: application/x-www-form-urlencoded Connection: Keep-Alive Content-Length: 36 Cookie: JSESSIONID==3=srv=1=sn=3FCA182EDEACC26F6C42186FC43DBF9E=perc=100000=ol=0=mul=1=app:50b52dac72daf2ee=0

lwqww, READ: TLSv1.2 Application Data, length = 16464 lwqww, READ: TLSv1.2 Application Data, length = 4304 [2021-04-07 08:49:11] id= noid Response status from LOGON call received :null

[somurssr]

Also when I enabled to go with SSL, it is still looking with http instead of https as per log [2021-04-07 08:49:16] id= noid GET http://bnlvwtxfsa.labcorp.com:30001/queueWatch/queueWatcher?securetoken=1617799751313node010h8shcbcnrsff0k1ivsicj791762&qname=threads HTTP/1.1

[mbabari]

The LWQWW App is receiving a null from the LOGON call:

[2021-04-05 17:15:24] id= noid Response status from LOGON call received :null [2021-04-05 17:15:24] id= noid checkHTTPStatus: true null

Is the url above works from a browser? Please share the new debug and property file for the HTTPS call ( Logging shows HTTP).

[somurssr]

[somurssr]

[QueueWatcher.docx](https://github.com/mbabari/LWQWW/files/6272687/QueueWatcher.docx)

[somurssr]

silence= user=ramasis password= keyStorePassword= trustStorePassword= threshold=90.0 stop_after=0 target1=!\u0014\u0016\u0006\u00128\u0013\u0010ELC\u001C8\f\u0015\u0011\u001C\f\u001C8\u001B\n\u0005\u0004%\u0015\r keyStore=/sterling/qww/keystore.jks workdir=/sterling/qww/LWQWW jdbc=off nohup=false port=30001 ssl=true memory= host=bnlvwtxfsa.labcorp.com logon=on trustStore=/sterling/qww/truststore.jks debug=on node=1 wfid= keyStoreType=jks netdebug=ssl header= trustStoreType=jks solicitPW=false rate=5000 target=queueWatch workdir=/sterling/qww/LWQWW stop_After=0

[somurssr]

Hi, I shared above properties file and queuewatcher.doc where you can see url is working.

I think you asked me to test the url from console log , I tested that and interstingly it is giving "P" in the browser screen. I am attaching that screenshot document "LWQWW_Results_FromBrowser.docx"

Here is the command I used to start /sterling/b2bi/install/jdk/bin/java -Dcom.ibm.jsse2.overrideDefaultProtocol=TLSv12 -jar lwqww-211.jar -prop lwqww.properties {ecom000@bnlvwtxfsa} {/sterling/qww/LWQWW} $ /sterling/b2bi/install/jdk/bin/java -Dcom.ibm.jsse2.overrideDefaultProtocol=TLSv12 -jar lwqww-211.jar -prop lwqww.properties [2021-04-07 12:47:26] id= noid GET http://bnlvwtxfsa.labcorp.com:30001/queueWatch/queueWatcher?securetoken=1617814020704node073byms90stj71316u2vbp0era1933&qname=threads HTTP/1.1 Accept: / Accept-Language: en-GB,en-US Host: bnlvwtxfsa.labcorp.com:30001 Cookie: JSESSIONID==3=srv=3=sn=AC610102C5FE7BE3AD79A4225D1DDF37=perc=100000=ol=0=mul=1=app:50b52dac72daf2ee=0 Connection: Keep-Alive

lwqww, READ: TLSv1.2 Application Data, length = 992 [2021-04-07 12:47:26] id= noid checkHTTPStatus: false HTTP/1.1 302 Found

LWQWW Sterling B2B Integrator activity monitoring This code is provided to you on an "AS IS" basis, without warranty of any kind. host: bnlvwtxfsa.labcorp.com port: 30001 rate: 5000

No password found in : lwqww.properties Type your password please: I entered My password

Add this : password=621F5565E5CF4CE9937DA0A92628E016 to lwqww.properties Type your keystore password please:[SSL MODE ONLY] I entered My password Add this : keyStorePassword=4EE3A3AB8EDF93C8067E98D4CEC8BAE9 to lwqww.properties Type your Truststore password please [SSL MODE ONLY]: I entered My password

[somurssr]

[LWQWW_Results_FromBrowser.docx](https://github.com/mbabari/LWQWW/files/6273259/LWQWW_Results_FromBrowser.docx)

[somurssr]

From the same above url if have https when I tested from browser I am getting "

Page not found or not allowed!

But if I test the url until queueWatch, it isgiving me login screen and I able to login with my credentials and it is working. so something was blocking from app I guess

[somurssr]

I dont know how to ask your help..becuase IBM support said it is not something they will support for me...Could you please share some insights of my issue or how to debug.

[somurssr]

I tried to debug your code and tried to test , I see I am getting a secure token after that at receiveContent() method it is trying to loop the line and getting logout, here is the sequence of log

[somurssr]

[2021-04-07 22:51:11] id= noid Logon request sent (GET) GET /queueWatch/ HTTP/1.1 Host: rtlvwtxf01:30000 Accept: / Content-Type: application/x-www-form-urlencoded Connection: Keep-Alive

[2021-04-07 22:51:11] id= noid checkHTTPStatus: HTTP/1.1 200 OK

[2021-04-07 22:51:11] id= noid HTTP/1.1 200 OK

[2021-04-07 22:51:11] id= noid securetoken=1617850271145owzfigmforx61x1nrorql47di Testing the responsePOST /queueWatch/queueWatcher?securetoken=1617850271145owzfigmforx61x1nrorql47di HTTP/1.1 Host: rtlvwtxf01:30000 Accept: / Content-Type: application/x-www-form-urlencoded Connection: Keep-Alive Content-Length: 35 Cookie: JSESSIONID=v_4_srv_2_sn_D6339122BEF303C83EBB84D5E3C1DDBB_perc_100000_ol_0_mul_1_app-3A15129a4f530bb7ca_0

[2021-04-07 22:51:13] id= noid Logon request sent (POST)POST /queueWatch/queueWatcher?securetoken=1617850271145owzfigmforx61x1nrorql47di HTTP/1.1 Host: rtlvwtxf01:30000 Accept: / Content-Type: application/x-www-form-urlencoded Connection: Keep-Alive Content-Length: 35 Cookie: JSESSIONID=v_4_srv_2_sn_D6339122BEF303C83EBB84D5E3C1DDBB_perc_100000_ol_0_mul_1_app-3A15129a4f530bb7ca_0

Return line is:

[2021-04-07 22:51:15] id= noid Response status from LOGON call received :null

[somurssr]

Hi , Could you please check as I able to understand your code now but what should happen at this code receiveContent(); --- this method is doing do while by reading all lines QWUtil.debugCall("Response status from LOGON call received :" + QWGlobal.httpStatus);

is there any piece is missing when you zip the file?

Thanks Somu

[mbabari]

After the first run you added the encoded passwords to lwqww.properties and run the tool? Can you share the property and show the output of the command on the second run?

[somurssr]

Hi ,Even after adding encoded passwords it is asking me, let me share that as well with you in few minutes

[somurssr]

Here is the file [lwqww.properties.txt](https://github.com/mbabari/LWQWW/files/6278832/lwqww.properties.txt)

[somurssr]

LWQWW Sterling B2B Integrator activity monitoring This code is provided to you on an "AS IS" basis, without warranty of any kind. host: bnlvwtxfsa.labcorp.com port: 30001 rate: 5000

ERROR: The QW password should be encrypted in the property file: lwqww.properties ERROR: Remove the password from the property file, leave it blank (password=) then restart lwqww. ERROR: At the next run, lwqww will ask you to type the password and display an encrypted version. ERROR: Add the encrypted password to your property file e.g. password= javax.crypto.BadPaddingException: Given final block not properly padded at com.ibm.crypto.fips.provider.at.a(Unknown Source) at com.ibm.crypto.fips.provider.at.b(Unknown Source) at com.ibm.crypto.fips.provider.at.engineDoFinal(Unknown Source) at javax.crypto.Cipher.doFinal(Unknown Source) at com.ibm.de.duedorf.issupport.lwqww.SecureString.decrypt(SecureString.java:62) at com.ibm.de.duedorf.issupport.lwqww.SecureString.decrypt(SecureString.java:35) at com.ibm.de.duedorf.issupport.lwqww.main.CommandProcessor.run(CommandProcessor.java:73) command thread started CMD: (/stop/display/newfile/version/debug/help) IBMJSSE2 will not allow protocol SSLv3 per com.ibm.jsse2.disableSSLv3 set to TRUE or default IBMJSSEProvider2 Build-Level: -20200611--106 IBMJSSE2 when using default SSLSocketFactory per com.ibm.jsse2.overrideDefaultProtocol will set protocol to TLSv12 Installed Providers = IBMJCEFIPS IBMJCE BC Certicom IBMJSSE2 IBMJGSSProvider IBMCertPath SCIKS SCIKM CerticomJSSE jdk.tls.client.protocols is defined as null SSLv3 protocol was requested but was not enabled SSLv3 protocol was requested but was not enabled SUPPORTED: [TLSv1, TLSv1.1, TLSv1.2] SERVER_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2] CLIENT_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2] keyStore is: /sterling/qww/keystore.jks keyStore type is: jks keyStore provider is: init keystore IBMKeyManager: Exception accessing default keystore: java.io.IOException: Keystore was tampered with, or password was incorrect default context init failed: java.security.KeyStoreException: IBMKeyManager: Problem accessing key store java.io.IOException: Keystore was tampered with, or password was incorrect [2021-04-08 09:06:45] id= noid java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: IBMJSSE2, class: com.ibm.jsse2.aj)

Unexpected Login response - terminating... Command thread terminating VERSION: 211 BUILD: 2.1.1 BUILDDATE: APR 2019 Monitor Started - toggle on / off with CMD:display

Monitor thread terminated Last QWW FILE: null

[somurssr]

when I added encrypted password back to propertie file, it is giving above error

[mbabari]

Ok this is a problem with crypto providers as you are using the SFG JDK which contains FIPS provider at the top of the list of providers.

You have two options to solve this:

1/ Use a different external JDK which doesn't have the FIPS provider configured.

2/

Make a copy of you JDK java.security file and use a different provider from the original list ( change the order as the top one will be used) for example: security.provider.1=sun.security.provider.Sun security.provider.2=com.ibm.crypto.provider.IBMJCE security.provider.3=com.ibm.crypto.fips.provider.IBMJCEFIPS security.provider.4=org.bouncycastle.jce.provider.BouncyCastleProvider security.provider.5=com.certicom.ecc.jcae.Certicom security.provider.6=com.sterlingcommerce.security.jcae.STERCOMM security.provider.7=com.ibm.jsse2.IBMJSSEProvider2 security.provider.8=com.ibm.security.jgss.IBMJGSSProvider security.provider.9=com.ibm.security.cert.IBMCertPath security.provider.10=com.sterlingcommerce.security.keystoreprovider.SCIKS security.provider.11=com.sterlingcommerce.security.provider.SCI security.provider.12=com.sterlingcommerce.security.jsseimpl.spi.SCIKM security.provider.13=com.certicom.jsse.provider.CerticomJSSE

security.provider.2=com.ibm.crypto.fips.provider.IBMJCEFIPS

security.provider.3=com.ibm.crypto.provider.IBMJCE

Then add the new java.security file to your running arguments:

/sterling/b2bi/install/jdk/bin/java -Djava.security.properties=/newlocation/copyOfJava.security -Dcom.ibm.jsse2.overrideDefaultProtocol=TLSv12 -jar lwqww-211.jar -prop lwqww.properties

P.S.: Also Please comment the old target1 property (Kept for backward compatibility)

[somurssr]

Thank you so much , this time it crossed that error from console log file. but still have the issue. As you mentioned I commented out target1 and this time started with Oracle JDK,here is the command I used /sbi/softwares/oraclejdk/jdk1.8.0_191/bin/java -jar lwqww-211.jar -prop lwqww.properties

[somurssr]

I am attaching the complete console log of the above command. could you please look and let me know this time where it went wrong. [LWQWWCommandLog.txt](https://github.com/mbabari/LWQWW/files/6280067/LWQWWCommandLog.txt)

[somurssr]

What I see is initial HTTP logon is success with "200", after getting secure token it is failing with noid checkHTTPStatus: false null

[mbabari]

Can you please try with IBM JDK with modified providers. Also what version of SFG are you using?Tx

[somurssr]

Hi, we are on 6010001, I tried with SFG JDK still getting the same issue which is after getting secure token somehow it is getting null. Here is the command I executed with the copied java.security file . Please help me to overcome this issue /sterling/b2bi/install/jdk/bin/java -Djava.security.properties=/sterling/qww/LWQWW/java.security -Dcom.ibm.jsse2.overrideDefaultProtocol=TLSv12 -jar lwqww-211.jar -prop lwqww.properties

Attached complete console log [SFG_JDK_LWQWWCommandLog.txt](https://github.com/mbabari/LWQWW/files/6282592/SFG_JDK_LWQWWCommandLog.txt)

[mbabari]

I haven't had the chance to test LWQWW with 6.1 yet. I asked the community if anyone has done this before. I will let you know.

Alternatively, you can use the GETALLQUEUEDEPTH OPS command described here: https://community.ibm.com/community/user/supplychain/blogs/tanvi-kakodkar1/2020/01/20/sterlingintegrator

[somurssr]

Thank you, yeah I looked at that but this LWQWW utility helps us to get a nice log that we want to inject it to splunk and we want to get insights of what happened if we see production issues.

My production is still on 5.2.6.3, in couple of weeks that will be upgraded so let me test on Prod and get back to you as well

[somurssr]

One thing I would like to update, the same jdk and same jar is working for windows based Sterling integrator server and not working for Linux server

[somurssr]

Could you please test again linux system, I am not able to understand why it is working for windows based sterling integrator and not why to Linux-Sterlin integrator.. I dont have any other environments to test.

[somurssr]

Hi, it would be great if you can commit the code as well it really helps as a community to enhance it. I am seeing issue with Sterling running on linux only..I have couple of windows sterling servers for that it is connecting with out an issue.

[mbabari]

My colleagues have tested LWQWW successfully on SI V 6.1 on Linux with IBM JDK 1.8.

[somurssr]

Interesting, at my end the same jar was working only with windows based Sterling Integrator servers and the same jar is not collecting data when I try to connect to Linux sterling integrator. Is there any way you can commit the code or they have latest jar?

[mbabari]

We tested with the latest version. I don't have the green light yet to open source the tools code.