Encoding cypher broken in URL
I've got a email verification system that sends an encrypted link for the user to click. I had one user tell me it wasn't working and I found a very strange error that I can't explain.
This is a local URL which works fine
This is the remote URL which doesn't work
My application is running struts2 on a tomcat server but I don't think that matters. On the remote request the variable cypher is null. I can't understand why. It's running the exact same code
Turns out that bad logging was hiding the real problem. The issue is that on the server it is getting a BadPaddingException
javax.crypto.BadPaddingException: Given final block not properly padded at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) at com.sun.crypto.provider.DESCipher.engineDoFinal(DashoA13*..) at javax.crypto.Cipher.doFinal(DashoA13*..) at service.DesEncrypterService.decrypt(DesEncrypterService.java:80) at action.LoginAction.cypherLogin(LoginAction.java:93) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
Now to find out why that is happening on the server and not locally
It seems that it is a similar issue as this person is having Exception: "Given final block not properly padded" in Linux, but it works in Windows
Some encoding difference on Linux?
Your keys are different on the two machines. You need to trace through the key processing on both machines so you can pinpoint where the differences are being generated. Always check for byte-to-byte matching; character matching can be deceptive. For example, end-of-line can differ invisibly between different systems.
First check that what is received after transmission is exactly what was sent. Then put in byte dumps to logs after every piece of processing on the serialized key/parameters. Do this on both home and away machines and compare. That will pinpoint where the change happens from "same on both machines" to "different between machines". That should pinpoint the method or code section where the problem is happening. Repeat the byte dumps inside that piece of code until you have the problem isolated. Again, you will need to dump on both machines so you have a known target from the home machine to compare against.
Do an URL encoding of the cyphered key before setting it. That will avoid adding extra characters.