Bug 875848

+++ This bug was initially created as a clone of JBoss ON Bug #875845 +++

Description of problem:
Obfuscated passwords fail to be de-obfuscated due to loss of most significant byte when converting from a byte array to a string. The result is a failure to load properties of type ObfuscatedPropertySimple.

Version-Release number of selected component (if applicable):
4.5.0.JON311GA

How reproducible:
Always (with specific plain text passwords)

Steps to Reproduce:
1.  Start ON system
2.  From the *Administration* page, select *Content / Content Sources*
3.  Click on the *JBoss CP Patch Feed* link
4.  Under *CSP Feed Settings* click *Edit*
5.  Set *Username* to `someuser`
6.  Set *Password* to `ue5`
7.  Click *Save*
8.  Click on the *Administration* page again and select *Content / Content Sources*
  
Actual results:
The *JBoss CP Patch Feed* is not displayed and the server log contains the following error:

    ERROR [org.rhq.core.domain.configuration.ObfuscatedPropertySimple] Failed to deobfuscate property value: [5c1d6726bedae4]
    javax.crypto.IllegalBlockSizeException: Input length must be multiple of 8 when decrypting with padded cipher
        at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:750)
        at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)
        at com.sun.crypto.provider.BlowfishCipher.engineDoFinal(BlowfishCipher.java:323)
        at javax.crypto.Cipher.doFinal(Cipher.java:1813)
        at org.rhq.core.util.obfuscation.Obfuscator.decode(Obfuscator.java:98)
        at org.rhq.core.domain.configuration.ObfuscatedPropertySimple.deobfuscate(ObfuscatedPropertySimple.java:194)
        at org.rhq.core.domain.configuration.ObfuscatedPropertySimple.initClearTextValue(ObfuscatedPropertySimple.java:109)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:616)
        ...

Expected results:
*JBoss CP Patch Feed* content source should appear in content source list and no error should be seen in server log.

Additional info:
It appears that this error is a result of converting the byte array to a BigInteger and then to a signed radix 16 string. It appears this process loses the most significant byte of 0 or -1 in the byte array when decoding the encoded string. Other values may also be affected. This is very similar to an issue that impacted JBoss AS as identified in https://issues.jboss.org/browse/JBAS-7094.

Other plain text and obfuscated values that demonstrated this error:
Failed List: {0_[=3c6939fb4668ff, 0FS=2b4d68caa26565, /cP=6cafb5df620be9, 0`;=-99ac74cebe33b, 0N|=de24db1528389, 0UW=-782c3e7f2fb9a4, /|N=-744aa41ca686dc, 0[Q=69f5e94e7174af, 04\=1a7b1db2577287, /l]=-b944ae50dcfca, 04`=7d7632a422b2de, /j`=6388c1bd7c39d4, 0>p=cce1bdd45454, 0?V=8ce006057d497, 0:h=-2c62b934e8b128, 0^E=11857503a7d5a5, 0/d=a85d7b9ed429d, /z]=-6636863bce5f0e, /p5=5fe151d41b39e8, 0PV=-5fa8a8b3229944, /~u=-2f401ed4b9a462, 0<w=-29d1d5287855cb, 0bl=-1bfe66efad11b5, 0W2=-66425aec59dddd, 0#X=-333f552a1376fa, /z<=aecea4fbe5172, /y`=77f7001078c6d8, /m7=-5157c0ed86619b, /jX=2184bbdf37b32, /p!=-1ea93a0bc9ad5c, 08A=-6d79b736cd471, /pg=4874902fd8e995, 0Jk=-7abfb87ed7bf0d, /qJ=1ac4ed90e634a7, 0U%=-1d41bddd24159f, 0<F=-2966646a96a0ad, 02&=328bd5fced1f83}
Failed List: {0g =-e2e42f451c90f, 1`|=534e1b1f08d846, 1f5=-b2ac970c7b0d3, 0|>=-22d0b0500a95a3, 1W8=15df2ac6a0abc1, 1#2=ba48c91e172a0, 1,,=-51cc5f4dab68eb, 0}V=-3f1f8aece743ff, 0lJ=-7799c950fe49b8, 1&[=-674ac3b89d9372, 1m_=-603a2b238f11ed, 19C=-610e42e3a45c19, 1(|=-4feb2a1c34d99f, 1Oo=-35f16f082339f1, 1[g=-446eaf2683c108, 1e:=58f89dceb26bfd, 1F{=4f00504b86a5c0, 1=W=7a15a43d0121d9, 1_"=-67d16ad277f8c9, 1?[=3d221c21f846e6, 1"B=-73cbd2d191a8cf, 1i:=-14544b6b535184, 1 M=1046cd67742af7, 1D}=-3b18eaba1095bf, 1>q=-7f1df58da98c37, 0{;=-206874438a874e, 1C/=63279d15b1c2e3, 1Gg=-1888c60ad3acc6, 0o{=-75411f01a2f001, 0gK=-521d4d04a5ff18, 0u>=-565ed27b1de92b, 14d=700d31b1840877, 1iL=76867f4906834, 1;#=f138e366fdb79, 18.=75467a902de6e4}
Failed List: {2.R=-506cfeb76f78d8, 2U#=-2d87b130c50b8e, 2VF=56004bc76886c2, 2o)=77e104ee2d3c56, 2%U=-7c0cdb5aa5e644, 1z0=-390f469907f772, 2g'=30195d97ddb48d, 1}d=8b5ad4c03c68c, 283=-46e8cbb461b03e, 2[l=174843a1b982e5, 2R(=-42a651948a1423, 2^L=5ff4b3c62cd0e6, 1{N=-157485747ae6a3, 2s5=-5eff4d190af6de, 2II=36a1c0b122d0a1, 2F/=-13c85e8dc48a60, 2(z=68b8dcc395eb93, 2XW=-79634dfdbbb422, 2<k=788277c1188a44, 1p8=64c32bf630f1dc, 2<&=523272fb0de0c6, 2w<=17873bcec1f2db, 2> =-61839969e082a3, 1r5=1f88443e1a7f60, 1z'=-7498dbf6abfff1, 1yi=-1d43b41586c51d, 2@Q=3dee2320426a5, 2:T=-75bd6647568633, 2Tt=-4696bd72d278e0, 1x]=7fd6804251e68d, 2;k=-7322070cba0a0c, 2s_=-7c5bf618c1f88, 1s}=-287bbc391ef740, 2cr=-578c65bbe5a7ac, 1{s=2f14f98df87551}
Failed List: {3W>=-47981c254be887, 3<7=-73fd403486292c, 3fD=9aa0394f30580, 2|;=a29b1ecfe0396, 3W4=-7f886fb77d3291, 3C$=-134da896fcce89, 3me=fcf29ae474b79, 3,Q=48ec268e7a5a6c, 3$<=6d99176edfd257, 3f8=-2c2c688173dda6, 3zu=-25cc0f6b941052, 3|r=1e074f0cf66839, 3fy=-54d2349019138a, 3K?=-7e3976abe016c1, 3@;=-1cb0ca7bb499f7, 3AG=-4c654a02412a02, 3;1=7b5aa0ade63d4, 4 <=-506c30d2c4bcbb, 3G(=11fe8657f3a3c4, 3[$=19cd9ad71d8887, 3PB=-1bf91e2ec8e4b5, 3PC=-3e30d15959c016, 3l$=35606ce8637b69, 3RO=-ec00e1864afb, 3I%=63f48782b713e6, 3G`=7d95d120a44c8a, 36V=-6dc5c4d07779c3, 3R\=396548ee364e2f, 35~=2b4c72258e79c, 3r9=1643868d6c461d, 3[Q=-6d4e89bb623898, 2zS=477452019fdd86}
Failed List: {5'6=-27cac8ef80a48b, 5  =-7620a9f929645f, 5%4=-50cb04409e3881, 4`S=-1e6ecaa5a614b4, 4{p=76dac03b120dc, 4&I=60a321ffbbfba1, 4Y==7bb72ed60a7917, 4IR=-141bd2c9ccd956, 4+1=-2bc21cb55e1872, 4Pi=-3ebf25d58481b6, 4&!=5b20a0f1572200, 44Q=-11694dc5493eb3, 4H =-3fe82a5836df36, 4+"=311c9a8098ba54, 4i]=5d6ad6dfbf9c71, 5)I=6ad9eadf0a38ac, 4YV=2d3b4dcb0b675c, 4%+=6849e37a6c9822, 4$J=7483fac48d886, 49{=35285f44fc46e3, 5,1=5da7e254724164, 4]`=6256be1c0c81d3, 4Mj=561df54520a46e, 4DX=526b682e571954, 5$A=247c25f051c3a5, 4~==-5efe9c2f2e6f7, 4e+=-19dcfd5f776cde, 4hQ=-5d634e072a7ee0, 4'B=6d75aa219c428c, 4$<=-4cdcf2cefbdd4d, 4Qr=-36c898e7dcdd6e, 4.!=121fe431586be, 4s,=2d01d15241ff49, 4b?=7554eee10023b, 5-?=356492b66f4ef, 4g%=35634541dbfae0, 4x{=743e7f024606d4, 4WQ=-22a5c055d4991}
Failed List: {687=438c04e1281dcd, 5;]=190d150ff3d8c5, 5gh=-18ba94e97eb2e7, 5dK=2a575dccdec666, 5Nz=6e59b849ddcbc3, 5fL=4c83f8130689c6, 57%=-2b2f106c1c395d, 62r=300160223c6d2b, 5x:=24172781f6accd, 5Hu=-78e76a987f9a0d, 5l =-7876872ed1693c, 5__=-4c51cfce716072, 5fu=1cd96377ea5c37, 5PL=-1ed2f160e0a434, 5f7=-5dbe8babcc2aa0, 6&n=-4209efe9713b2b, 5C&=-41c83ad5e70d15, 65B=2f1715e9b2712d, 6.y=-201ee4487b6958, 5.t=-7657691826f6ee, 56*=-53455315c3fd8d, 5^P=59884023217f83, 5|,=7294c5f11f7dea, 62U=-c1bec4464a28b, 6/`=-14d1f4301f8b3c, 5Iu=5529a0a9850e36, 5].=97ba59f49c49, 5s;=-317f18daecfe5d, 5Cs=-751390efbf2840, 6%S=2cbf3a468f2728, 5wv=67982eb3d3d8b2, 5e9=38f9555f4fa316, 5oy=-4cfa1654f45d64, 5u$=-127370645888, 5WL=-7defb6627851ae, 5jR=12caf7cc7944d7, 5xC=-6aa73d1c031608, 5|@=4fcaa5c4660256}
Failed List: {6U5=-ddbd8ebbaeec9, 6F,=-4d8fd3f12e7f49, 7Ar=-3bf5fe69b77f57, 7*F=6d263acdc4877b, 6g$=7e32060113056d, 6uD=472eea3f674161, 6Zm=1c07daebfdd66b, 6rv=-1d2115232684d4, 7.#=7f43492770b5bc, 6V[=-5d8abd09147c0b, 7+.=-394dd66e4fa45e, 6<c=6866d423b22f7a, 6xx=-7d96dca76833cf, 6yU=-4a9ad22b8461f9, 6m==2e5e203f23369f, 7#%=-1a00629425f849, 6t,=72d70288e89948, 6p!=29d7ebf29edc9a, 6y[=-2a537771c0e7c5, 6dv=725ab1bbcf86f0, 69R=52a0f5c191ca31, 6](=-51a1d5379a6a3c, 6FN=2901dab2adaadd, 6]j=-722cc81caa7ab1, 6<q=-14224b35ea99e9, 77u=-2383b650458e42, 6]3=-5af81a85ce37df, 6OV=-bc0115073b58e, 7/m=-300d033d7b72af, 6_G=-6e14d1da95a6fd, 75g=13928a6e7c5f26, 6=[=-1cf02e283008f5, 6w{=-3756c13f559ddb, 6Jm=49b5d88345b5cd, 6EO=9bd97e68e722a, 6Dn=2e88b4cfb24b18, 6C&=-1f4949e560989d}
Failed List: {8=v=-3ae1c2e276d779, 7hz=-41fbc29221ede0, 8Gp=68390e837aa27b, 86;=34ef46f24538bd, 7`6=-9d8852867fc89, 7R}=-623ed4c1f42693, 7I<=2df078145debbd, 7FT=f8d9f2cf8c22e, 7x3=-57b6054dad8434, 7U#=3bc8ee1a5ce9f2, 7^k=-33bd46b8d5c6b6, 7~T=5886f13c6073b8, 8G&=-57fa7b57d134c3, 7X.=-21369c2d4fba4f, 7a~=154e03cd29224, 8/!=-5b73b624227a75, 7lg=-549b3f189ec0d7, 7Ky=-4eb8278f4aa92f, 7l~=4ff7edaa0a7e6, 7kP=414412306be23, 7X{=636c5d2c646c1c, 7H<=-61ab0e818de564}
Failed List: {8k^=4f3bad09e5315d, 8hs=5fce3e6b9a4694, 8`y=-b1bdb2449a6f5, 9I9=-1b6073b79b1e26, 8l4=-3e7eafa1f527dc, 8g&=2ff5cb6ea2d275, 9',=4e40a53c2a5fda, 923=41d5a378000141, 8{|=19747b6b15f8cf, 8U.=1c7a4fd265f323, 8_B=-42ef67e1501a70, 8P|=-2d1097513c31fd, 8f4=60890b920e9b, 9@Q=4a11b3da95471a, 9L-=-8e1aa11fc53d0, 9Hm=-5e9015731ea41, 8qp=691a6e8dcce2c2, 9$8=329fbd5084f771, 9Lg=-582145a6e6b07a, 9, =42d2132ff4378, 9L7=68184e7bcdcb40, 9M^=-38f6fa18b9adc3, 8`X=-58f7c696b2418d, 9/m=6b26295f8c6fe0, 9*_=-13d6994b14091d, 8YA=-ab61393e7e0c6, 8V;=2b3e45f6dec12, 9PA=-1d564abcc5c9cc, 8n$=-4361928f941ed3, 9Ea=29433eb9a46541, 8yQ=-54f8a0f16b5916, 8YM=4b8f29a28c235a, 8|/=-e93b9d6032e0e, 9K%=-751ca495b84b3e, 9?>=776dc82fd08000, 9Bj=2cb416f0bf705b, 8M.=6c2e40cfb444c6, 8^6=c42b03a126e5d}
Failed List: {:(M=6c7f721850ae6e, 9gu=-589fff6b544caf, :Hq=2f8a8d5c30db5b, :8C=-23a033c50f70e3, 9zS=5b8b2e14a6dac6, :]\=7ebefa6449f890, :.z=-3418bab289c708, :${=1cf97e87342ade, :%*=-427271e95f6d6c, 9w"=-14980869fcb52, 9X/=-45da4c1d6eb6e0, :I"=-43f5877dd36f7c, :@K=-41211ac9f21d59, 9yb=-844bfb07810, 9j#=397af3903ae8a7, :@L=-680054658a957a, :^/=-6e5435042810cf, :(5=578966d9d5855e, :'T=-102f6b3fa178cb, :!T=87bf3ec006f0d, 9tW=-17eb4a277fd4f3, 9~7=7fa740612702d8, 9k*=683acc268198b2, :KM=29e17f7ce0af34, :\S=4b7e98e67f2094, :-6=-6a263f2ee31a0f, : &=-2138646654dd9c, 9d/=32d690aa5e7ddc, :N&=-20ed2f80b892fb, :,#=4e2aeefef198a4, 9rm=45646da83bf6be, :(Z=-c229c93b5d158, 9mY=2534ed84cc2d1f, 9Wr=-2870e1f783a0a2, :Mz=-360963bdb742aa, 9a-=35238e6c8f9cd1, :"R=7fc9ce25b8ac77, 9b;=5c1d288dfee92f, :IJ=d18e5b61200f5, :#r=-2de0ccb8f638a2, :B4=-6dd0251e8a2a58}

The list is massive and this only represents a very small number.