[jira] Created: (MNG-4612) Password escpaping doesn't work

[Benjamin Bentmann (JIRA)]

Password escpaping doesn't work
-------------------------------

                 Key: MNG-4612
                 URL: http://jira.codehaus.org/browse/MNG-4612
             Project: Maven 2 & 3
          Issue Type: Bug
          Components: Settings
    Affects Versions: 3.0-alpha-7, 2.2.1
            Reporter: Benjamin Bentmann
            Priority: Minor


In MNG-4611 some user presented a *cleartext* password of the form
{noformat}
{DESede}y+qq...==
{noformat}
Given the presence of braces, this password needs to be escaped to be used as a 
cleartext password. However, the escaping syntax documented in [Maven Password 
Encryption|http://maven.apache.org/guides/mini/guide-encryption.html#Tips] is 
broken. Trying the documented way of putting in backslashes and embedding the 
entire string again in braces like
{noformat}
{\{DESede\}y+qq...==}
{noformat}
yields
{noformat}
[WARNING] Not decrypting password for server 'maven-core-it' due to exception 
in security handler.
Cause: null
[DEBUG] Full trace follows
org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException: 
org.sonatype.plexus.components.cipher.PlexusCipherException: 
java.lang.ArrayIndexOutOfBoun
dsException
        at 
org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher.decrypt(DefaultSecDispatcher.java:121)
        at 
org.apache.maven.DefaultMaven.resolveParameters(DefaultMaven.java:738)
        at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:250)
        at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:138)
        at org.apache.maven.cli.MavenCli.main(MavenCli.java:362)
        at 
org.apache.maven.cli.compat.CompatibleMain.main(CompatibleMain.java:60)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:592)
        at org.codehaus.classworlds.Launcher.launchEnhanced(Launcher.java:315)
        at org.codehaus.classworlds.Launcher.launch(Launcher.java:255)
        at org.codehaus.classworlds.Launcher.mainWithExitCode(Launcher.java:430)
        at org.codehaus.classworlds.Launcher.main(Launcher.java:375)
Caused by: org.sonatype.plexus.components.cipher.PlexusCipherException: 
java.lang.ArrayIndexOutOfBoundsException
        at 
org.sonatype.plexus.components.cipher.PBECipher.decrypt64(PBECipher.java:193)
        at 
org.sonatype.plexus.components.cipher.DefaultPlexusCipher.decrypt(DefaultPlexusCipher.java:72)
        at 
org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher.decrypt(DefaultSecDispatcher.java:96)
        ... 13 more
Caused by: java.lang.ArrayIndexOutOfBoundsException
        at java.lang.System.arraycopy(Native Method)
        at 
org.sonatype.plexus.components.cipher.PBECipher.decrypt64(PBECipher.java:175)
        ... 15 more
{noformat}
Trying without the surrounding braces as suggested by the source code
{noformat}
\{DESede\}y+qq...==
{noformat}
successfully prevents decryption, but the string isn't unescaped either, making 
Maven use a wrong password.


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira