Details
-
Bug
-
Status: Closed
-
Minor
-
Resolution: Incomplete
-
2.2.1, 3.0-alpha-7
-
None
-
None
Description
In MNG-4611 some user presented a cleartext password of the form
{DESede}y+qq...==
Given the presence of braces, this password needs to be escaped to be used as a cleartext password. However, the escaping syntax documented in Maven Password Encryption is broken. Trying the documented way of putting in backslashes and embedding the entire string again in braces like
{\{DESede\}y+qq...==}
yields
[WARNING] Not decrypting password for server 'maven-core-it' due to exception in security handler. Cause: null [DEBUG] Full trace follows org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException: org.sonatype.plexus.components.cipher.PlexusCipherException: java.lang.ArrayIndexOutOfBoundsException at org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher.decrypt(DefaultSecDispatcher.java:121) at org.apache.maven.DefaultMaven.resolveParameters(DefaultMaven.java:738) at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:250) at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:138) at org.apache.maven.cli.MavenCli.main(MavenCli.java:362) at org.apache.maven.cli.compat.CompatibleMain.main(CompatibleMain.java:60) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:592) at org.codehaus.classworlds.Launcher.launchEnhanced(Launcher.java:315) at org.codehaus.classworlds.Launcher.launch(Launcher.java:255) at org.codehaus.classworlds.Launcher.mainWithExitCode(Launcher.java:430) at org.codehaus.classworlds.Launcher.main(Launcher.java:375) Caused by: org.sonatype.plexus.components.cipher.PlexusCipherException: java.lang.ArrayIndexOutOfBoundsException at org.sonatype.plexus.components.cipher.PBECipher.decrypt64(PBECipher.java:193) at org.sonatype.plexus.components.cipher.DefaultPlexusCipher.decrypt(DefaultPlexusCipher.java:72) at org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher.decrypt(DefaultSecDispatcher.java:96) ... 13 more Caused by: java.lang.ArrayIndexOutOfBoundsException at java.lang.System.arraycopy(Native Method) at org.sonatype.plexus.components.cipher.PBECipher.decrypt64(PBECipher.java:175) ... 15 more
Trying without the surrounding braces as suggested by the source code
\{DESede\}y+qq...==
successfully prevents decryption, but the string isn't unescaped either, making Maven use a wrong password.