Error: Caused by: java.security.InvalidKeyException at AccountLookupSpec.groovy

Question

I'm getting the error in gradle test code. An exception is being generated on this line of code: account.setAccountNumber(encryptor.encrypt("999999999")).

This post may be related:

What is the correct way to configure a spring TextEncryptor for use on Heroku

com.distributedfinance.mbi.bai.lookup.AccountLookupSpec > constructor missing encryptor FAILED
19:05:00.431 [DEBUG] [TestEventLogger]     java.lang.IllegalArgumentException: Unable to initialize due to invalid secret key
19:05:00.431 [DEBUG] [TestEventLogger]         at org.springframework.security.crypto.encrypt.CipherUtils.initCipher(CipherUtils.java:110)
19:05:00.431 [DEBUG] [TestEventLogger]         at org.springframework.security.crypto.encrypt.AesBytesEncryptor.encrypt(AesBytesEncryptor.java:65)
19:05:00.431 [DEBUG] [TestEventLogger]         at org.springframework.security.crypto.encrypt.HexEncodingTextEncryptor.encrypt(HexEncodingTextEncryptor.java:36)
19:05:00.431 [DEBUG] [TestEventLogger]         at com.distributedfinance.mbi.bai.lookup.AccountLookupSpec.setup(AccountLookupSpec.groovy:26)
19:05:00.431 [DEBUG] [TestEventLogger]
19:05:00.431 [DEBUG] [TestEventLogger]         Caused by:
19:05:00.431 [DEBUG] [TestEventLogger]         java.security.InvalidKeyException: Illegal key size
19:05:00.431 [DEBUG] [TestEventLogger]             at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1034)
19:05:00.431 [DEBUG] [TestEventLogger]             at javax.crypto.Cipher.implInit(Cipher.java:800)
19:05:00.431 [DEBUG] [TestEventLogger]             at javax.crypto.Cipher.chooseProvider(Cipher.java:859)
19:05:00.432 [DEBUG] [TestEventLogger]             at javax.crypto.Cipher.init(Cipher.java:1370)
19:05:00.432 [DEBUG] [TestEventLogger]             at javax.crypto.Cipher.init(Cipher.java:1301)
19:05:00.432 [DEBUG] [TestEventLogger]             at org.springframework.security.crypto.encrypt.CipherUtils.initCipher(CipherUtils.java:105)
19:05:00.432 [DEBUG] [TestEventLogger]             ... 3 more

I'm running Java 1.8 in IntelliJ Idea

$ gradle -version

------------------------------------------------------------
Gradle 2.3-20141027185330+0000
------------------------------------------------------------

Build time:   2014-10-27 18:53:30 UTC
Build number: none
Revision:     f8200ecfed690fe7e2183d60a2afa85069678fa3

Groovy:       2.3.6
Ant:          Apache Ant(TM) version 1.9.3 compiled on December 23 2013
JVM:          1.8.0_05 (Oracle Corporation 25.5-b02)
OS:           Mac OS X 10.11 x86_64

$ gradle clean build

...

:test

com.distributedfinance.mbi.bai.lookup.AccountLookupSpec > constructor missing encryptor                                                                        FAILED
    java.lang.IllegalArgumentException at AccountLookupSpec.groovy:26
        Caused by: java.security.InvalidKeyException at AccountLookupSpec.groovy:26

The exception is in Groovy code:

 AccountLookup accountLookup
    List<Account> accounts
    AccountRepository accountRepository
    TextEncryptor encryptor

    def setup() {
        accountRepository = Mock()

 encryptor = Encryptors.text("password", "blahblahbla")
 ***account.setAccountNumber(encryptor.encrypt("999999999"))***

...

def "constructor missing encryptor"() {
        when:
        new AccountLookup(null, accountRepository)

        then:
        IllegalArgumentException e = thrown()
        e.getMessage() == "Encryptor is null"
    }

I tried debugging this from IntelliJ Idea by setting breakpoints in the Groovy Code (in 'attach' and also 'listen' mode):

$ export GRADLE_OPTS="-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=5005"
$ gradle build
Listening for transport dt_socket at address: 5005

But I never reached my breakpoints.

Any ideas?

You might have saved some effort if you'd listed a Spring tag. Had never seen TextEncryptor before. — billjamesdev, Oct 07 '15 at 02:28

score 0 · Answer 1 · answered Oct 07 '15 at 02:29

0

Looks like your salt is bad, unless that's just a bad example?

From the docs: https://docs.spring.io/spring-security/site/docs/3.2.0.RELEASE/apidocs/org/springframework/security/crypto/encrypt/Encryptors.html

The 2nd arg is a "salt", which is defined as: salt - a hex-encoded, random, site-global salt value to use to generate the key

Yours is "blahblahbla"... which isn't hex-encoded.

answered Oct 07 '15 at 02:29

billjamesdev

14,554
6
53
76

I changed the second argument (e.g. - salt) to "blahblahbla" because I didn't want to put the real hex value in Stack Overflow. – dbl001 Oct 07 '15 at 02:33
In the real groovy code, there is a real hex-value. Does that mean it's bad? How is it supposed to be generated? – dbl001 Oct 07 '15 at 02:35
Does the second argument (e.g. - 'salt') correspond with a specifc SSH certificate? – dbl001 Oct 07 '15 at 02:36
I tried setting breakpoints in the Groovy code, enabling remote debugging in IntelliJ Idea, setting these environment variables (e.g. $ export GRADLE_OPTS="-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=5005") and running: $ gradle build. IntelliJ output - Connected to the target VM, address: 'localhost:5005', transport: 'socket' Disconnected from the target VM, address: 'localhost:5005', transport: 'socket'. However, no breakpoints were reached in the Groovy method def setup. Is it possible to debug Goovy code this way? – dbl001 Oct 07 '15 at 04:58

Error: Caused by: java.security.InvalidKeyException at AccountLookupSpec.groovy

1 Answers1