11
votes

I'm trying to encrypt a server password in my settings.xml and I'm getting this exception when trying to deploy an artifact.

Caused by: javax.crypto.BadPaddingException: Given final block not properly padded
    at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811)
    at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)
    at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:313)
    at javax.crypto.Cipher.doFinal(Cipher.java:2087)
    at org.sonatype.plexus.components.cipher.PBECipher.decrypt64(PBECipher.java:185)
    ... 18 more

here's the excerpt from the xml

<server>
            <id>server</id>
            <username>username</username>
            <password>{N8AF8BmQ5x8HZX/yrlrP1QiKNMEdoXWyBFZd/*zIabY=}</password> 
        </server>

the same exception is also happening for my master password, I just followed the instructions here https://maven.apache.org/guides/mini/guide-encryption.html created a security-settings.xml like in the guide, executed these two commands and copied the encrypted passwords into the appropriate xml files.

mvn --encrypt-master-password <password>
mvn --encrypt-password <password>
4
In rare cases there's an escaping issue, not sure if that's happening here. Consider regenerating both emp and ep (their values will be different every time) - Robert Scholte
I'm assuming emp and ep mean the master and server password? - gary69
-emp = --encrypt-master-password, -ep = --encrypt-password (see mvn -h or mvn --help :) ) - Robert Scholte
@RobertScholte Could you please insert your comment as an answer so it can be marked as accepted? Your solution is useful but could not be noticed as a comment - abarisone

4 Answers

6
votes

In rare cases there's an escaping issue, that's probably happening here. Consider regenerating the masterpassword (with -emp or --encrypt-master-password) and/or password ( with -ep or --encrypt-password) . Their values will be different every time.

5
votes

Or maybe by accident you copy-pasted the wrong parameter:

--encrypt-master-password 

and put the output in settings.xml instead of:

--encrypt-password

which got me into trouble. (Darn password expiration policies)

1
votes

Let's understand the problem here.

mvn encryption password is used to ensure secured access to the protected repository servers (possible Nexus or JFrog).

This access is based on 2 settings.

  1. Common settings available in <MAVEN_HOME>/conf/settings.xml which will define the list of repositories and required username password for them. A typical entry would look like below

<server>
      <id>my.server</id>
      <username>foo</username>
      <password>{COQLCE6DU6GtcS5P=}</password>
 </server>

To have a password for this file, the command is

mvn --encrypt-password <password>
  1. User specific settings available in local repo path (can be found in the <MAVEN_HOME>/conf/settings.xml) something like C:/Users/user/.m2/settings-security.xml which looks like below

<settingsSecurity>
  <master>{jSMOWnoPFgsHVpMvz5VrIt5kRbzGpI8u+9EF1iFQyJQ=}</master>
</settingsSecurity>

To have a password for this file the mvn command is

mvn --encrypt-master-password <password>

Now the exception mentioned in the question is mostly the potential side effect of accidentally copying the password generated by mvn --encrypt-password <password> in the settings-security.file instead of using password generated by mvn --encrypt-master-password <password>

So double check your steps and it should solve the issue.

For detailed reference visit Maven - Password Encryption

0
votes

Came across the same issue. Solved it by:

1) generating encrypted password using quotes around my password as opposed to no quotes (this seemed to remove the +)

e.g. mvn -emp "myPassword123" and mvn -ep "myPassword123"

instead of mvn -emp myPassword123 and mvn -ep myPassword123

2) making sure my settings.xml and settings-security.xml were in the correct directories. (i have my settings.xml in the maven install directory and the settings-security.xml in the .m2 directory)

This worked for me anyway

ps. i had to close terminal after editing settings file as i think it was doing some sort of caching