OpenDaylight JIRA https://jira.opendaylight.org This file is an XML representation of an issue en-us 8.20.10 820010 22-06-2022 [NETCONF-1217] Given final block not properly padded. Such issues can arise if a bad key is used during decryption https://jira.opendaylight.org/browse/NETCONF-1217 netconf <p>Invoke PUT request to:</p> <div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> <pre>http://192.168.56.25:8181/rests/data/network-topology:network-topology/topology=topology-netconf/node=17830-sim-device</pre> </div></div> <p>with payload:</p> <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent"> <pre class="code-java"> {     <span class="code-quote">"node"</span>: [         {             <span class="code-quote">"node-id"</span>: <span class="code-quote">"17830-sim-device"</span>,             <span class="code-quote">"netconf-node-topology:login-password"</span>: {                 <span class="code-quote">"username"</span>: <span class="code-quote">"admin"</span>,                 <span class="code-quote">"password"</span>: <span class="code-quote">"Aw1Cnm3U99u7K4aJxEZGkA=="</span>             },             <span class="code-quote">"netconf-node-topology:schemaless"</span>: <span class="code-keyword">false</span>,             <span class="code-quote">"netconf-node-topology:port"</span>: 17830,             <span class="code-quote">"netconf-node-topology:tcp-only"</span>: <span class="code-keyword">false</span>,             <span class="code-quote">"netconf-node-topology:keepalive-delay"</span>: 0,             <span class="code-quote">"netconf-node-topology:host"</span>: <span class="code-quote">"192.168.56.25"</span>         }     ] }</pre> </div></div> <p>You can see error in karaf console:</p> <div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> <pre>09:54:15.461 ERROR [opendaylight-cluster-data-notification-dispatcher-51] Failed to decrypt encoded data javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.         at com.sun.crypto.provider.CipherCore.unpad(CipherCore.java:862) ~[?:?]         at com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:942) ~[?:?]         at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:735) ~[?:?]         at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:436) ~[?:?]         at javax.crypto.Cipher.doFinal(Cipher.java:2205) ~[?:?]         at org.opendaylight.aaa.encrypt.impl.AAAEncryptionServiceImpl.decrypt(AAAEncryptionServiceImpl.java:154) ~[?:?]         at org.opendaylight.netconf.topology.spi.NetconfClientConfigurationBuilderFactoryImpl.setSshParametersFromCredentials(NetconfClientConfigurationBuilderFactoryImpl.java:106) ~[bundleFile:?]         at org.opendaylight.netconf.topology.spi.NetconfClientConfigurationBuilderFactoryImpl.createClientConfigurationBuilder(NetconfClientConfigurationBuilderFactoryImpl.java:74) ~[bundleFile:?]         at org.opendaylight.netconf.topology.spi.NetconfNodeHandler.&lt;init&gt;(NetconfNodeHandler.java:193) ~[bundleFile:?]         at org.opendaylight.netconf.topology.spi.AbstractNetconfTopology.lockedEnsureNode(AbstractNetconfTopology.java:124) ~[bundleFile:?]         at org.opendaylight.netconf.topology.spi.AbstractNetconfTopology.ensureNode(AbstractNetconfTopology.java:91) ~[bundleFile:?]         at org.opendaylight.netconf.topology.impl.NetconfTopologyImpl.ensureNode(NetconfTopologyImpl.java:143) ~[?:?]         at org.opendaylight.netconf.topology.impl.NetconfTopologyImpl.onDataTreeChanged(NetconfTopologyImpl.java:129) ~[?:?]         at org.opendaylight.mdsal.binding.dom.adapter.BindingDOMDataTreeChangeListenerAdapter.onDataTreeChanged(BindingDOMDataTreeChangeListenerAdapter.java:44) ~[bundleFile:?]         at org.opendaylight.controller.cluster.datastore.DataTreeChangeListenerActor.dataTreeChanged(DataTreeChangeListenerActor.java:90) ~[bundleFile:?]         at org.opendaylight.controller.cluster.datastore.DataTreeChangeListenerActor.handleReceive(DataTreeChangeListenerActor.java:45) ~[bundleFile:?]         at akka.japi.pf.UnitCaseStatement.apply(CaseStatements.scala:24) [bundleFile:?]         at akka.japi.pf.UnitCaseStatement.apply(CaseStatements.scala:20) [bundleFile:?]         at scala.PartialFunction.applyOrElse(PartialFunction.scala:214) [bundleFile:?]         at scala.PartialFunction.applyOrElse$(PartialFunction.scala:213) [bundleFile:?]         at akka.japi.pf.UnitCaseStatement.applyOrElse(CaseStatements.scala:20) [bundleFile:?]         at scala.PartialFunction$OrElse.applyOrElse(PartialFunction.scala:269) [bundleFile:?]         at scala.PartialFunction$OrElse.applyOrElse(PartialFunction.scala:270) [bundleFile:?]         at akka.actor.Actor.aroundReceive(Actor.scala:537) [bundleFile:?]         at akka.actor.Actor.aroundReceive$(Actor.scala:535) [bundleFile:?]         at akka.actor.AbstractActor.aroundReceive(AbstractActor.scala:220) [bundleFile:?]         at akka.actor.ActorCell.receiveMessage(ActorCell.scala:579) [bundleFile:?]         at akka.actor.ActorCell.invoke(ActorCell.scala:547) [bundleFile:?]         at akka.dispatch.Mailbox.processMailbox(Mailbox.scala:270) [bundleFile:?]         at akka.dispatch.Mailbox.run(Mailbox.scala:231) [bundleFile:?]         at akka.dispatch.Mailbox.exec(Mailbox.scala:243) [bundleFile:?]         at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:373) [?:?]         at java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1182) [?:?]         at java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1655) [?:?]         at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1622) [?:?]         at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:165) [?:?]</pre> </div></div> <p>Note that the password when fails to decrypt is returned untouched, the revision on which bug is present is:  </p> <div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> <pre>fedba3cac1c141c2b2bfb61ccf8a5622977254d4</pre> </div></div> NETCONF-1217 Given final block not properly padded. Such issues can arise if a bad key is used during decryption Bug Medium Resolved Won't Do Yaroslav Lastivka Ivan Hrasko Fri, 5 Jan 2024 10:05:16 +0000 Wed, 24 Jan 2024 11:55:13 +0000 Wed, 24 Jan 2024 11:55:13 +0000 7.0.0 netconf 0 2 <p>The AAAEncryptionServiceImpl is configured to generate a new encryption key with each build of the application. This dynamic key generation presents a significant challenge: users are unable to update node user details via PUT requests, as they lack access to the current encryption key. This limitation hinders the ability to perform routine updates and maintenance through our API.</p> <p>The Netconf user guide has been updated to recommend using 'login-password-unencrypted' as a replacement for 'login-password'. This change is reflected in the revision b8b4c4adf96d6f7f0e2c582b505fd7ea194bb3af.</p> <p>Its a responsibility of the user to provide correctly encrypted password. See also <a href="https://jira.opendaylight.org/browse/NETCONF-1216" title="Input length must be multiple of 16 when decrypting with padded cipher" class="issue-link" data-issue-key="NETCONF-1216"><del>NETCONF-1216</del></a>.</p> Blocks NETCONF-1115 Development Rank 0|i0474n: