Tomcat 中的 org.jasypt.exceptions.EncryptionOperationNotPossibleException

发布于 2024-11-09 20:16:18 字数 2440 浏览 2 评论 0原文

我正在使用 Jasypt 加密库来加密/解密一些文本。该代码嵌入到 WAR 文件中并部署到服务器。

在本地运行和单元测试中,加密/解密循环运行良好。我使用 Jetty 来开发该应用程序。该代码在该服务器中完美运行。由于某种原因,部署到 Tomcat 会破坏它,但有以下例外:

仅供参考,我在本地和服务器环境中都安装了强大的加密库,并且我正在使用最新的 1.6 版本(补丁级别 25)。

org.jasypt.exceptions.EncryptionOperationNotPossibleException

异常没有消息。

该代码是完全对称的。我把它贴在这里供检查。以下是相关内容:

我发现了一篇 旧 Nabble 帖子< /a> 用户遇到了非常相似的问题。除了 Tomcat 之外,代码在任何地方都可以工作。没有给出解决方案。

任何见解将不胜感激。

**更新:** 在我的本地系统上的 Tomcat 中运行,它似乎可以工作。所以我的服务器有问题。在服务器上,我在 Windows Server 2008 上使用 64 位 JVM。我在本地使用 32 位 JVM(由于我的系统有点旧)。我想知道这是否与这个问题有关。

public void initializeService() {
    binaryEncryptor = new BasicBinaryEncryptor();
    binaryEncryptor.setPassword(keyBase64);
}

@Override
public <T extends Serializable> String simpleEncrypt(T objectToEncrypt) throws EncryptionException {
    ByteArrayOutputStream bos = new ByteArrayOutputStream();
    try {
        ObjectOutputStream oos = new ObjectOutputStream(bos);
        oos.writeObject(objectToEncrypt);

        byte[] bytes = binaryEncryptor.encrypt(bos.toByteArray());
        return new String(Base64.encodeBase64(bytes));
    } catch (IOException e) {
        LOGGER.error("failed to encrypt String: " + e.getMessage());
        throw new EncryptionException(e.getMessage(), e);
    } catch (Exception e) {
        LOGGER.error("failed to encrypt String: " + e.getMessage());
        throw new EncryptionException(e.getMessage(), e);
    }
};

@SuppressWarnings("unchecked")
@Override
public <T> T simpleDecrypt(String objectToDecrypt) throws EncryptionException {
    try {
        byte[] bytes = Base64.decodeBase64(objectToDecrypt);
        byte[] decryptedBytes = binaryEncryptor.decrypt(bytes);

        ObjectInputStream ois = new ObjectInputStream(new ByteArrayInputStream(decryptedBytes));
        T object = (T)ois.readObject();
        return object;
    } catch (IOException e) {
        LOGGER.error("failed to decrypt String: '" + objectToDecrypt + "', mesage = " + e.getMessage());
        throw new EncryptionException(e.getMessage(), e);
    } catch (Exception e) {
        LOGGER.error("failed to decrypt String: '" + objectToDecrypt + "', mesage = " + e.getMessage());
        throw new EncryptionException(e.getMessage(), e);
    }
}

I'm using the Jasypt encryption library to encrypt/decrypt some text. This code is embedded in a WAR file and deployed to a server.

When running locally, and in unit tests, the encrypt/decrypt cycle works perfectly. I use Jetty to develop the application. The code works perfectly in that server. For some reason, deploying to Tomcat breaks it with the following exception:

FYI, I have the strong encryption libraries installed in both my local and server environments and I'm using the latest 1.6 version (patch level 25).

org.jasypt.exceptions.EncryptionOperationNotPossibleException

The exception has no message.

The code is fully symmetric. I pasted it here for examination. Here are the relevant bits:

I found one old Nabble post where a user had a very similar problem. Code worked everywhere except inside Tomcat. No solution was given.

Any insights would be most appreciated.

**Update: ** Running in Tomcat on my local system, it appears to work. So there's something about my server. On the server, I'm using a 64-bit JVM on Windows Server 2008. I'm using a 32-bit JVM locally (due to my system being a bit older). I wonder if this has something to do with the issue.

public void initializeService() {
    binaryEncryptor = new BasicBinaryEncryptor();
    binaryEncryptor.setPassword(keyBase64);
}

@Override
public <T extends Serializable> String simpleEncrypt(T objectToEncrypt) throws EncryptionException {
    ByteArrayOutputStream bos = new ByteArrayOutputStream();
    try {
        ObjectOutputStream oos = new ObjectOutputStream(bos);
        oos.writeObject(objectToEncrypt);

        byte[] bytes = binaryEncryptor.encrypt(bos.toByteArray());
        return new String(Base64.encodeBase64(bytes));
    } catch (IOException e) {
        LOGGER.error("failed to encrypt String: " + e.getMessage());
        throw new EncryptionException(e.getMessage(), e);
    } catch (Exception e) {
        LOGGER.error("failed to encrypt String: " + e.getMessage());
        throw new EncryptionException(e.getMessage(), e);
    }
};

@SuppressWarnings("unchecked")
@Override
public <T> T simpleDecrypt(String objectToDecrypt) throws EncryptionException {
    try {
        byte[] bytes = Base64.decodeBase64(objectToDecrypt);
        byte[] decryptedBytes = binaryEncryptor.decrypt(bytes);

        ObjectInputStream ois = new ObjectInputStream(new ByteArrayInputStream(decryptedBytes));
        T object = (T)ois.readObject();
        return object;
    } catch (IOException e) {
        LOGGER.error("failed to decrypt String: '" + objectToDecrypt + "', mesage = " + e.getMessage());
        throw new EncryptionException(e.getMessage(), e);
    } catch (Exception e) {
        LOGGER.error("failed to decrypt String: '" + objectToDecrypt + "', mesage = " + e.getMessage());
        throw new EncryptionException(e.getMessage(), e);
    }
}

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

戏舞 2024-11-16 20:16:18

以下是文档的链接: http://www.jasypt.org/faq.html#i-keep-on-receiving-加密操作-not-possible

  • 加密和解密配置是否相同
  • 检查以确保表列足够大
  • Base64 编码和 urlencoding 可能会发生冲突,所以必须做得恰到好处。

Here is a link to the docs: http://www.jasypt.org/faq.html#i-keep-on-receiving-encryption-operation-not-possible

  • Is encryption and decryption config identical
  • Check to make sure table columns are large enough
  • Base64 encoding and urlencoding can conflict, so it has to be done just right.
烟凡古楼 2024-11-16 20:16:18

@biniam_埃塞俄比亚
我会评论你的答案,但我没有足够的声誉,所以我写了自己的答案:

我有一个非常相似的问题,但就我而言,这是因为更改了加密算法(PBEWithMD5AndTripleDES),而数据库中的条目之前是用不同的条目保存的(PBEWithMD5AndDES)。
所以我也得到了一个 EncryptionOperationNotPossibleException 异常,由于上面 @Nathan Feger 的评论,该异常没有任何信息。

我希望有一天这也能帮助别人;)

@biniam_Ethiopia
I would have commented your answer but I have not enough reputation, so I write my own answer:

I had a very similiar problem, but in my case it was because of changing the encryption algorithm (PBEWithMD5AndTripleDES), while entries in the db were saved with a different one before (PBEWithMD5AndDES).
So I got a EncryptionOperationNotPossibleException too, which is without information because of @Nathan Feger's comment above.

I hope this could help somebody someday too ;)

拥抱影子 2024-11-16 20:16:18

我遇到了类似的问题。
对我来说,这是因为它试图解密使用解密机制无法解密的密码。

因此,在解密方法尝试解密密码之前,我加密了密码并将其存储在数据库中

我希望它能帮助某人。

I faced similar problem.
For me, it was because it was trying to decrypt a password which could not have been decrypted using the decrypting mechanism.

Hence, I encrypted the password and stored it in database before the decrypt method tries to decrypt it.

I hope it helps someone.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文