Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Could not decrypt password for user (CryptoSupport missing to unprotect password.) #346

Merged
merged 1 commit into from
Jan 14, 2019

Conversation

oliverlietz
Copy link
Contributor

An exception is thrown on fresh AEM 6.4 with just AC Tool installed and according to web console cryptoSupport is satisfied:

ERROR: Could not process yaml files / e=biz.netcentric.cq.tools.actool.authorizableinstaller.AuthorizableCreatorException: biz.netcentric.cq.tools.actool.authorizableinstaller.AuthorizableCreatorException: Could not decrypt password for user [...]: com.adobe.granite.crypto.CryptoException: CryptoSupport missing to unprotect password.
Bundle | biz.netcentric.cq.tools.accesscontroltool.bundle (545)
-- | --
Implementation Class | biz.netcentric.cq.tools.actool.authorizableinstaller.impl.AuthorizableInstallerServiceImpl
Default State | enabled
Activation | delayed
Configuration Policy | optional
Service Type | singleton
Services | biz.netcentric.cq.tools.actool.authorizableinstaller.AuthorizableInstallerService
PID | biz.netcentric.cq.tools.actool.authorizableinstaller.impl.AuthorizableInstallerServiceImpl
Reference cryptoSupport | SatisfiedService Name: com.adobe.granite.crypto.CryptoSupportCardinality: 0..1Policy: dynamicPolicy Option: greedyBound Service ID 36
Reference externalGroupCreatorService | SatisfiedService Name: biz.netcentric.cq.tools.actool.authorizableinstaller.impl.ExternalGroupInstallerServiceImplCardinality: 0..1Policy: staticPolicy Option: greedyBound Service ID 7059 (biz.netcentric.cq.tools.actool.authorizableinstaller.impl.ExternalGroupInstallerServiceImpl)
Properties | component.id = 3245component.name = biz.netcentric.cq.tools.actool.authorizableinstaller.impl.AuthorizableInstallerServiceImpl

…sing to unprotect password.)

make cryptoSupport volatile
@oliverlietz
Copy link
Contributor Author

@ghenzler @kwin can you please have a look and do a release if you can confirm?

@kwin
Copy link
Member

kwin commented Jan 12, 2019

I think the volatile check for dynamic field injections should be added to https://github.com/apache/felix/blob/trunk/tools/osgicheck-maven-plugin/src/main/java/org/apache/felix/maven/osgicheck/impl/CheckMojo.java. That way such errors would not easily slip through. @ghenzler Would you mind looking into adding such a check?

Update: I created https://issues.apache.org/jira/browse/FELIX-6028 for that.

@kwin
Copy link
Member

kwin commented Jan 12, 2019

I am wondering why CryptoSupport cannot be a static mandatory reference in this case. AFAIK all supported AEM versions ship with the necessary bundles.

@oliverlietz
Copy link
Contributor Author

I am wondering why CryptoSupport cannot be a static mandatory reference in this case. AFAIK all supported AEM versions ship with the necessary bundles.

@kwin see #298

@kwin
Copy link
Member

kwin commented Jan 15, 2019

@oliverlietz Thanks a lot for the fix.

@ghenzler ghenzler modified the milestones: 2.2.1, 2.3.0 Jan 21, 2019
@kwin kwin removed this from the 2.3.0 milestone Jan 21, 2019
@oliverlietz
Copy link
Contributor Author

@kwin Thanks for pushing bnd to check for volatile.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants