maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul Benedict (JIRA)" <j...@codehaus.org>
Subject [jira] (MNG-4612) Password escaping doesn't work
Date Wed, 02 Jul 2014 13:44:37 GMT

     [ https://jira.codehaus.org/browse/MNG-4612?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Paul Benedict updated MNG-4612:
-------------------------------

    Fix Version/s:     (was: Issues to be reviewed for 3.x)

> Password escaping doesn't work
> ------------------------------
>
>                 Key: MNG-4612
>                 URL: https://jira.codehaus.org/browse/MNG-4612
>             Project: Maven
>          Issue Type: Bug
>          Components: Settings
>    Affects Versions: 2.2.1, 3.0-alpha-7
>            Reporter: Benjamin Bentmann
>            Priority: Minor
>
> In MNG-4611 some user presented a *cleartext* password of the form
> {noformat}
> {DESede}y+qq...==
> {noformat}
> Given the presence of braces, this password needs to be escaped to be used as a cleartext
password. However, the escaping syntax documented in [Maven Password Encryption|http://maven.apache.org/guides/mini/guide-encryption.html#Tips]
is broken. Trying the documented way of putting in backslashes and embedding the entire string
again in braces like
> {noformat}
> {\{DESede\}y+qq...==}
> {noformat}
> yields
> {noformat}
> [WARNING] Not decrypting password for server 'maven-core-it' due to exception in security
handler.
> Cause: null
> [DEBUG] Full trace follows
> org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException:
> org.sonatype.plexus.components.cipher.PlexusCipherException:
> java.lang.ArrayIndexOutOfBoundsException
>         at org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher.decrypt(DefaultSecDispatcher.java:121)
>         at org.apache.maven.DefaultMaven.resolveParameters(DefaultMaven.java:738)
>         at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:250)
>         at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:138)
>         at org.apache.maven.cli.MavenCli.main(MavenCli.java:362)
>         at org.apache.maven.cli.compat.CompatibleMain.main(CompatibleMain.java:60)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>         at java.lang.reflect.Method.invoke(Method.java:592)
>         at org.codehaus.classworlds.Launcher.launchEnhanced(Launcher.java:315)
>         at org.codehaus.classworlds.Launcher.launch(Launcher.java:255)
>         at org.codehaus.classworlds.Launcher.mainWithExitCode(Launcher.java:430)
>         at org.codehaus.classworlds.Launcher.main(Launcher.java:375)
> Caused by: org.sonatype.plexus.components.cipher.PlexusCipherException: java.lang.ArrayIndexOutOfBoundsException
>         at org.sonatype.plexus.components.cipher.PBECipher.decrypt64(PBECipher.java:193)
>         at org.sonatype.plexus.components.cipher.DefaultPlexusCipher.decrypt(DefaultPlexusCipher.java:72)
>         at org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher.decrypt(DefaultSecDispatcher.java:96)
>         ... 13 more
> Caused by: java.lang.ArrayIndexOutOfBoundsException
>         at java.lang.System.arraycopy(Native Method)
>         at org.sonatype.plexus.components.cipher.PBECipher.decrypt64(PBECipher.java:175)
>         ... 15 more
> {noformat}
> Trying without the surrounding braces as suggested by the source code
> {noformat}
> \{DESede\}y+qq...==
> {noformat}
> successfully prevents decryption, but the string isn't unescaped either, making Maven
use a wrong password.



--
This message was sent by Atlassian JIRA
(v6.1.6#6162)

Mime
View raw message