Bug 875845

Summary: ObfuscatedPropertySimple fails to de-obfuscate many passwords
Product: [JBoss] JBoss Operations Network Reporter: Larry O'Leary <loleary>
Component: ConfigurationAssignee: RHQ Project Maintainer <rhq-maint>
Status: CLOSED CURRENTRELEASE QA Contact: Mike Foley <mfoley>
Severity: urgent Docs Contact:
Priority: urgent    
Version: JON 3.1.1CC: lkrejci, myarboro, skondkar
Target Milestone: ---   
Target Release: JON 3.1.2   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 875848 876123 (view as bug list) Environment:
Last Closed: 2013-09-11 10:58:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 875848    
Bug Blocks: 876123, 876480    

Description Larry O'Leary 2012-11-12 16:42:06 UTC 
Description of problem:
Obfuscated passwords fail to be de-obfuscated due to loss of most significant byte when converting from a byte array to a string. The result is a failure to load properties of type ObfuscatedPropertySimple.

Version-Release number of selected component (if applicable):
4.5.0.JON311GA

How reproducible:
Always (with specific plain text passwords)

Steps to Reproduce:
1.  Start ON system
2.  From the *Administration* page, select *Content / Content Sources*
3.  Click on the *JBoss CP Patch Feed* link
4.  Under *CSP Feed Settings* click *Edit*
5.  Set *Username* to `someuser`
6.  Set *Password* to `ue5`
7.  Click *Save*
8.  Click on the *Administration* page again and select *Content / Content Sources*
  
Actual results:
The *JBoss CP Patch Feed* is not displayed and the server log contains the following error:

    ERROR [org.rhq.core.domain.configuration.ObfuscatedPropertySimple] Failed to deobfuscate property value: [5c1d6726bedae4]
    javax.crypto.IllegalBlockSizeException: Input length must be multiple of 8 when decrypting with padded cipher
        at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:750)
        at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)
        at com.sun.crypto.provider.BlowfishCipher.engineDoFinal(BlowfishCipher.java:323)
        at javax.crypto.Cipher.doFinal(Cipher.java:1813)
        at org.rhq.core.util.obfuscation.Obfuscator.decode(Obfuscator.java:98)
        at org.rhq.core.domain.configuration.ObfuscatedPropertySimple.deobfuscate(ObfuscatedPropertySimple.java:194)
        at org.rhq.core.domain.configuration.ObfuscatedPropertySimple.initClearTextValue(ObfuscatedPropertySimple.java:109)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:616)
        ...

Expected results:
*JBoss CP Patch Feed* content source should appear in content source list and no error should be seen in server log.

Additional info:
It appears that this error is a result of converting the byte array to a BigInteger and then to a signed radix 16 string. It appears this process loses the most significant byte of 0 or -1 in the byte array when decoding the encoded string. Other values may also be affected. This is very similar to an issue that impacted JBoss AS as identified in https://issues.jboss.org/browse/JBAS-7094.

Other plain text and obfuscated values that demonstrated this error:
Failed List: {0_[=3c6939fb4668ff, 0FS=2b4d68caa26565, /cP=6cafb5df620be9, 0`;=-99ac74cebe33b, 0N|=de24db1528389, 0UW=-782c3e7f2fb9a4, /|N=-744aa41ca686dc, 0[Q=69f5e94e7174af, 04\=1a7b1db2577287, /l]=-b944ae50dcfca, 04`=7d7632a422b2de, /j`=6388c1bd7c39d4, 0>p=cce1bdd45454, 0?V=8ce006057d497, 0:h=-2c62b934e8b128, 0^E=11857503a7d5a5, 0/d=a85d7b9ed429d, /z]=-6636863bce5f0e, /p5=5fe151d41b39e8, 0PV=-5fa8a8b3229944, /~u=-2f401ed4b9a462, 0<w=-29d1d5287855cb, 0bl=-1bfe66efad11b5, 0W2=-66425aec59dddd, 0#X=-333f552a1376fa, /z<=aecea4fbe5172, /y`=77f7001078c6d8, /m7=-5157c0ed86619b, /jX=2184bbdf37b32, /p!=-1ea93a0bc9ad5c, 08A=-6d79b736cd471, /pg=4874902fd8e995, 0Jk=-7abfb87ed7bf0d, /qJ=1ac4ed90e634a7, 0U%=-1d41bddd24159f, 0<F=-2966646a96a0ad, 02&=328bd5fced1f83}
Failed List: {0g =-e2e42f451c90f, 1`|=534e1b1f08d846, 1f5=-b2ac970c7b0d3, 0|>=-22d0b0500a95a3, 1W8=15df2ac6a0abc1, 1#2=ba48c91e172a0, 1,,=-51cc5f4dab68eb, 0}V=-3f1f8aece743ff, 0lJ=-7799c950fe49b8, 1&[=-674ac3b89d9372, 1m_=-603a2b238f11ed, 19C=-610e42e3a45c19, 1(|=-4feb2a1c34d99f, 1Oo=-35f16f082339f1, 1[g=-446eaf2683c108, 1e:=58f89dceb26bfd, 1F{=4f00504b86a5c0, 1=W=7a15a43d0121d9, 1_"=-67d16ad277f8c9, 1?[=3d221c21f846e6, 1"B=-73cbd2d191a8cf, 1i:=-14544b6b535184, 1 M=1046cd67742af7, 1D}=-3b18eaba1095bf, 1>q=-7f1df58da98c37, 0{;=-206874438a874e, 1C/=63279d15b1c2e3, 1Gg=-1888c60ad3acc6, 0o{=-75411f01a2f001, 0gK=-521d4d04a5ff18, 0u>=-565ed27b1de92b, 14d=700d31b1840877, 1iL=76867f4906834, 1;#=f138e366fdb79, 18.=75467a902de6e4}
Failed List: {2.R=-506cfeb76f78d8, 2U#=-2d87b130c50b8e, 2VF=56004bc76886c2, 2o)=77e104ee2d3c56, 2%U=-7c0cdb5aa5e644, 1z0=-390f469907f772, 2g'=30195d97ddb48d, 1}d=8b5ad4c03c68c, 283=-46e8cbb461b03e, 2[l=174843a1b982e5, 2R(=-42a651948a1423, 2^L=5ff4b3c62cd0e6, 1{N=-157485747ae6a3, 2s5=-5eff4d190af6de, 2II=36a1c0b122d0a1, 2F/=-13c85e8dc48a60, 2(z=68b8dcc395eb93, 2XW=-79634dfdbbb422, 2<k=788277c1188a44, 1p8=64c32bf630f1dc, 2<&=523272fb0de0c6, 2w<=17873bcec1f2db, 2> =-61839969e082a3, 1r5=1f88443e1a7f60, 1z'=-7498dbf6abfff1, 1yi=-1d43b41586c51d, 2@Q=3dee2320426a5, 2:T=-75bd6647568633, 2Tt=-4696bd72d278e0, 1x]=7fd6804251e68d, 2;k=-7322070cba0a0c, 2s_=-7c5bf618c1f88, 1s}=-287bbc391ef740, 2cr=-578c65bbe5a7ac, 1{s=2f14f98df87551}
Failed List: {3W>=-47981c254be887, 3<7=-73fd403486292c, 3fD=9aa0394f30580, 2|;=a29b1ecfe0396, 3W4=-7f886fb77d3291, 3C$=-134da896fcce89, 3me=fcf29ae474b79, 3,Q=48ec268e7a5a6c, 3$<=6d99176edfd257, 3f8=-2c2c688173dda6, 3zu=-25cc0f6b941052, 3|r=1e074f0cf66839, 3fy=-54d2349019138a, 3K?=-7e3976abe016c1, 3@;=-1cb0ca7bb499f7, 3AG=-4c654a02412a02, 3;1=7b5aa0ade63d4, 4 <=-506c30d2c4bcbb, 3G(=11fe8657f3a3c4, 3[$=19cd9ad71d8887, 3PB=-1bf91e2ec8e4b5, 3PC=-3e30d15959c016, 3l$=35606ce8637b69, 3RO=-ec00e1864afb, 3I%=63f48782b713e6, 3G`=7d95d120a44c8a, 36V=-6dc5c4d07779c3, 3R\=396548ee364e2f, 35~=2b4c72258e79c, 3r9=1643868d6c461d, 3[Q=-6d4e89bb623898, 2zS=477452019fdd86}
Failed List: {5'6=-27cac8ef80a48b, 5  =-7620a9f929645f, 5%4=-50cb04409e3881, 4`S=-1e6ecaa5a614b4, 4{p=76dac03b120dc, 4&I=60a321ffbbfba1, 4Y==7bb72ed60a7917, 4IR=-141bd2c9ccd956, 4+1=-2bc21cb55e1872, 4Pi=-3ebf25d58481b6, 4&!=5b20a0f1572200, 44Q=-11694dc5493eb3, 4H =-3fe82a5836df36, 4+"=311c9a8098ba54, 4i]=5d6ad6dfbf9c71, 5)I=6ad9eadf0a38ac, 4YV=2d3b4dcb0b675c, 4%+=6849e37a6c9822, 4$J=7483fac48d886, 49{=35285f44fc46e3, 5,1=5da7e254724164, 4]`=6256be1c0c81d3, 4Mj=561df54520a46e, 4DX=526b682e571954, 5$A=247c25f051c3a5, 4~==-5efe9c2f2e6f7, 4e+=-19dcfd5f776cde, 4hQ=-5d634e072a7ee0, 4'B=6d75aa219c428c, 4$<=-4cdcf2cefbdd4d, 4Qr=-36c898e7dcdd6e, 4.!=121fe431586be, 4s,=2d01d15241ff49, 4b?=7554eee10023b, 5-?=356492b66f4ef, 4g%=35634541dbfae0, 4x{=743e7f024606d4, 4WQ=-22a5c055d4991}
Failed List: {687=438c04e1281dcd, 5;]=190d150ff3d8c5, 5gh=-18ba94e97eb2e7, 5dK=2a575dccdec666, 5Nz=6e59b849ddcbc3, 5fL=4c83f8130689c6, 57%=-2b2f106c1c395d, 62r=300160223c6d2b, 5x:=24172781f6accd, 5Hu=-78e76a987f9a0d, 5l =-7876872ed1693c, 5__=-4c51cfce716072, 5fu=1cd96377ea5c37, 5PL=-1ed2f160e0a434, 5f7=-5dbe8babcc2aa0, 6&n=-4209efe9713b2b, 5C&=-41c83ad5e70d15, 65B=2f1715e9b2712d, 6.y=-201ee4487b6958, 5.t=-7657691826f6ee, 56*=-53455315c3fd8d, 5^P=59884023217f83, 5|,=7294c5f11f7dea, 62U=-c1bec4464a28b, 6/`=-14d1f4301f8b3c, 5Iu=5529a0a9850e36, 5].=97ba59f49c49, 5s;=-317f18daecfe5d, 5Cs=-751390efbf2840, 6%S=2cbf3a468f2728, 5wv=67982eb3d3d8b2, 5e9=38f9555f4fa316, 5oy=-4cfa1654f45d64, 5u$=-127370645888, 5WL=-7defb6627851ae, 5jR=12caf7cc7944d7, 5xC=-6aa73d1c031608, 5|@=4fcaa5c4660256}
Failed List: {6U5=-ddbd8ebbaeec9, 6F,=-4d8fd3f12e7f49, 7Ar=-3bf5fe69b77f57, 7*F=6d263acdc4877b, 6g$=7e32060113056d, 6uD=472eea3f674161, 6Zm=1c07daebfdd66b, 6rv=-1d2115232684d4, 7.#=7f43492770b5bc, 6V[=-5d8abd09147c0b, 7+.=-394dd66e4fa45e, 6<c=6866d423b22f7a, 6xx=-7d96dca76833cf, 6yU=-4a9ad22b8461f9, 6m==2e5e203f23369f, 7#%=-1a00629425f849, 6t,=72d70288e89948, 6p!=29d7ebf29edc9a, 6y[=-2a537771c0e7c5, 6dv=725ab1bbcf86f0, 69R=52a0f5c191ca31, 6](=-51a1d5379a6a3c, 6FN=2901dab2adaadd, 6]j=-722cc81caa7ab1, 6<q=-14224b35ea99e9, 77u=-2383b650458e42, 6]3=-5af81a85ce37df, 6OV=-bc0115073b58e, 7/m=-300d033d7b72af, 6_G=-6e14d1da95a6fd, 75g=13928a6e7c5f26, 6=[=-1cf02e283008f5, 6w{=-3756c13f559ddb, 6Jm=49b5d88345b5cd, 6EO=9bd97e68e722a, 6Dn=2e88b4cfb24b18, 6C&=-1f4949e560989d}
Failed List: {8=v=-3ae1c2e276d779, 7hz=-41fbc29221ede0, 8Gp=68390e837aa27b, 86;=34ef46f24538bd, 7`6=-9d8852867fc89, 7R}=-623ed4c1f42693, 7I<=2df078145debbd, 7FT=f8d9f2cf8c22e, 7x3=-57b6054dad8434, 7U#=3bc8ee1a5ce9f2, 7^k=-33bd46b8d5c6b6, 7~T=5886f13c6073b8, 8G&=-57fa7b57d134c3, 7X.=-21369c2d4fba4f, 7a~=154e03cd29224, 8/!=-5b73b624227a75, 7lg=-549b3f189ec0d7, 7Ky=-4eb8278f4aa92f, 7l~=4ff7edaa0a7e6, 7kP=414412306be23, 7X{=636c5d2c646c1c, 7H<=-61ab0e818de564}
Failed List: {8k^=4f3bad09e5315d, 8hs=5fce3e6b9a4694, 8`y=-b1bdb2449a6f5, 9I9=-1b6073b79b1e26, 8l4=-3e7eafa1f527dc, 8g&=2ff5cb6ea2d275, 9',=4e40a53c2a5fda, 923=41d5a378000141, 8{|=19747b6b15f8cf, 8U.=1c7a4fd265f323, 8_B=-42ef67e1501a70, 8P|=-2d1097513c31fd, 8f4=60890b920e9b, 9@Q=4a11b3da95471a, 9L-=-8e1aa11fc53d0, 9Hm=-5e9015731ea41, 8qp=691a6e8dcce2c2, 9$8=329fbd5084f771, 9Lg=-582145a6e6b07a, 9, =42d2132ff4378, 9L7=68184e7bcdcb40, 9M^=-38f6fa18b9adc3, 8`X=-58f7c696b2418d, 9/m=6b26295f8c6fe0, 9*_=-13d6994b14091d, 8YA=-ab61393e7e0c6, 8V;=2b3e45f6dec12, 9PA=-1d564abcc5c9cc, 8n$=-4361928f941ed3, 9Ea=29433eb9a46541, 8yQ=-54f8a0f16b5916, 8YM=4b8f29a28c235a, 8|/=-e93b9d6032e0e, 9K%=-751ca495b84b3e, 9?>=776dc82fd08000, 9Bj=2cb416f0bf705b, 8M.=6c2e40cfb444c6, 8^6=c42b03a126e5d}
Failed List: {:(M=6c7f721850ae6e, 9gu=-589fff6b544caf, :Hq=2f8a8d5c30db5b, :8C=-23a033c50f70e3, 9zS=5b8b2e14a6dac6, :]\=7ebefa6449f890, :.z=-3418bab289c708, :${=1cf97e87342ade, :%*=-427271e95f6d6c, 9w"=-14980869fcb52, 9X/=-45da4c1d6eb6e0, :I"=-43f5877dd36f7c, :@K=-41211ac9f21d59, 9yb=-844bfb07810, 9j#=397af3903ae8a7, :@L=-680054658a957a, :^/=-6e5435042810cf, :(5=578966d9d5855e, :'T=-102f6b3fa178cb, :!T=87bf3ec006f0d, 9tW=-17eb4a277fd4f3, 9~7=7fa740612702d8, 9k*=683acc268198b2, :KM=29e17f7ce0af34, :\S=4b7e98e67f2094, :-6=-6a263f2ee31a0f, : &=-2138646654dd9c, 9d/=32d690aa5e7ddc, :N&=-20ed2f80b892fb, :,#=4e2aeefef198a4, 9rm=45646da83bf6be, :(Z=-c229c93b5d158, 9mY=2534ed84cc2d1f, 9Wr=-2870e1f783a0a2, :Mz=-360963bdb742aa, 9a-=35238e6c8f9cd1, :"R=7fc9ce25b8ac77, 9b;=5c1d288dfee92f, :IJ=d18e5b61200f5, :#r=-2de0ccb8f638a2, :B4=-6dd0251e8a2a58}

The list is massive and this only represents a very small number.
Comment 1 Lukas Krejci 2012-11-12 21:50:03 UTC 
These two issues seem to be the root causes of the behaviour:

https://issues.jboss.org/browse/SECURITY-344
https://issues.jboss.org/browse/SECURITY-563

The passwords stored as they are in the database are unfortunately unrecoverable so we'll have to clear them out in a special upgrade job / patch script.
Comment 2 Lukas Krejci 2012-11-13 13:24:26 UTC 
release/jon3.1.x http://git.fedorahosted.org/cgit/rhq/rhq.git/diff/?id=192aa76cabe45deca27f5feffefbb4a0b2f9fba0
Author: Lukas Krejci <lkrejci>
Date:   Tue Nov 13 14:18:41 2012 +0100

    [BZ 875848] - Use the fixed version of the password obfuscation as found in Picketbox.
    (cherry picked from commit 7c4eb7ac4967f2e0e0630fe921268bff7093b077)
Comment 3 Lukas Krejci 2012-11-14 09:14:13 UTC 
Repro steps:

1) Go to Administration / Content Sources
2) Select the "JBoss CP Patch Feed" content source
3) Edit the "CSP Feed Settings"
4) Set any user name and "dv" as a password.
5) Click save
6) Navigate away from the content detail page (click on any link in the left nav area)
7) Click on the "Content Sources"

Actual Results:
The "JBoss CP Patch Feed" no longer shows up in the list of content sources,
error in the server log caused by "javax.crypto.IllegalBlockSizeException" 

Expected Results:

The feed is updated OK, no errors anywhere.
Comment 4 Lukas Krejci 2012-11-14 09:27:22 UTC 
Repro steps for upgrade:

1) Perform the above repro steps on JON 3.1.1 instance.
2) Upgrade the instance to JON 3.1.2, keeping the database
3) Navigate to Administration / Content Sources

Expected results:

The "JBoss CP Patch Feed" is again visible and the password field is empty.
Comment 5 Simeon Pinder 2012-11-21 21:55:59 UTC 
Moving to ON_QA as available for test with build : https://brewweb.devel.redhat.com//buildinfo?buildID=244662.
Comment 6 Lukas Krejci 2012-11-28 15:55:09 UTC 
I was wrong with the repro steps.

In the end, the encoding phase has not changed (nor did it change in the upstream, see http://anonsvn.jboss.org/repos/picketbox/trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/SecureIdentityLoginModule.java) so only the decoding needed the fixes. This means that the pre-existing persisted passwords contain all the information needed for decoding (i.e. the encoding done at persist time was always working correctly).

The fix only enables all such encoded passwords to get correctly decoded.

Therefore there should be NO emptied passwords and things should start just work automagically.
Comment 7 Sunil Kondkar 2012-11-29 08:06:18 UTC 
Verified on JON 3.1.2 ER2 and upgrading from JON 3.1.1 to JON 3.1.2 ER2 build. No errors are observed in server log and the "JBoss CP Patch Feed" is visible. Works as expected.