Uploaded image for project: 'jclouds'
  1. jclouds
  2. JCLOUDS-617

Unable to use Chef API with JCE provider with default RSA transformation padding other than PKCS1

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 1.7.2
    • Fix Version/s: 1.8.0
    • Component/s: jclouds-chef
    • Labels:
      None

      Description

      After adding JSafe JCE povider to java.security I get HTTP response code 401 and the message "Invalid signature for user or client '<chefClient>'" from chef server when trying to connect using jclouds-chef api. The reason is that this provider generates the signature using RSA algortihm with different mode and/or padding that is used for decryption on chef server (and standard SunJCE). The generated signature is then considered bad by the chef server. The problem is in method org.jclouds.chef.filters.SignedHeaderAuth#sign which uses org.jclouds.io.payloads.RSAEncryptingPayload from jcloud-core. This class does not specify the mode and padding of RSA transformation and thus provider defaults are used.

        Attachments

          Activity

            People

            • Assignee:
              nacx Ignasi Barrera
              Reporter:
              jaroslav.kylberger Jaroslav Kylberger
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: