Likitha Shetty created CLOUDSTACK-2552: ------------------------------------------
Summary: AWSAPI: Cannot register/use EC2 API when the setup uses encryption - EncryptionOperationNotPossibleException Key: CLOUDSTACK-2552 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2552 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Components: AWSAPI Affects Versions: 4.1.0 Reporter: Likitha Shetty Assignee: Likitha Shetty Fix For: 4.2.0 REPRO STEPS ============= Setup: ----------- 1. Setup encrytion while running cloud-setup-databases cloud-setup-databases cloud:cloud@localhost --deploy-as=root:<password> -e file -m <management-key> -k <database-key> Make sure that values for <management-key> and <database-key> are different 2. Create a user under root domain and generate api/secret key 3. Generate a private key and a self-signed X.509 certificate and try to register the user CloudStack using cloudstack-aws-api-register script. $ cloudstack-aws-api-register --apikey=<User’s Cloudstack API key> --secretkey=<User’s CloudStack Secret key> --cert=</path/to/cert.pem> --url=http://127.0.0.1:7080/awsapi 4. $User registration failed with http error code: 500 5. Also try any EC2 Query API calls - they fail too awsapi.log shows: 2013-05-03 16:35:39,772 ERROR [bridge.service.EC2RestServlet] (catalina-exec-int-9:null) Unexpected exception: null org.jasypt.exceptions.EncryptionOperationNotPossibleException at org.jasypt.encryption.pbe.StandardPBEByteEncryptor.decrypt(StandardPBEByteEncryptor.java:981) at org.jasypt.encryption.pbe.StandardPBEStringEncryptor.decrypt(StandardPBEStringEncryptor.java:717) at com.cloud.bridge.persist.dao.UserCredentialsDao.getByAccessKeyFromCloudDB(UserCredentialsDao.java:127) -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira