"Input length must be multiple of 16 when decrypting wi

Posted by jbeisch on 30-Jun-2014 13:46

We had previously been running fine behind Apache 2.2 redirecting to tomcat 7 and Rollbase under http.

We changed the configuration to run SSL and were able to access the pages via https but when I try to log in I get the error but am not sure if it's something in Rollbase I need to adjust or something with our Apache configuration.

Our SSL is being accomplished by a "Rewrite" of the http URLs to https and then a "proxypass" to our AJP connector.

Any suggestions about what may be the issue?  Thanks everyone!

All Replies

Posted by Orchid Corpin on 30-Jun-2014 16:30

Hi Jbeisch,

Can you try using Apache's Base64 for encoding/decoding?

Hope this will help.



Posted by jbeisch on 30-Jun-2014 20:40

Orchid, sorry if I'm not understanding but is this a setting in Rollbase or Apache?

Posted by Orchid Corpin on 01-Jul-2014 08:09

Hi Jbeisch,

This is not something to do with Rollbase settings but we still tried to address this issue.

Found something similar to your issue and hope this may help, please refer on the link below.




Posted by jbeisch on 01-Jul-2014 12:17

I actually had reviewed that link and many like it yesterday but they all point to changing the code which I take to mean Rollbase to use the lib.  That's something I cannot change, either Apache or Rollbase as far as I know.  I did drop this the commons-codec lib file into Rollbase's lib directory as there's no mention of putting the lib into Apache.  Not sure where to go next though.  Is there something I can change in Rollbase to get it to use the Base64 library?

Posted by jbeisch on 01-Jul-2014 13:20

In the main.log I see this so maybe it's Tomcat that's the one which can be adjusted:

[2014-07-01 13:49:21,443] ===> Error in thread ajp-bio-8009-exec-8 at 07/01/2014 01:49 PM

[2014-07-01 13:49:21,444] javax.crypto.IllegalBlockSizeException: Input length must be multiple of 16 when decrypting with padded cipher

       at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:750)

       at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)

       at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:313)

       at javax.crypto.Cipher.doFinal(Cipher.java:1922)

       at com.rb.util.system.a158.decryptNew(a158.java:107)

       at com.rb.util.system.a158.decrypt(a158.java:92)

       at p4.LoginController.login(LoginController.java:51)

       at com.rb.core.logics.servlet.LoginServlet.doGet(LoginServlet.java:53)

       at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)

       at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)

       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)

       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)

       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)

       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)

       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)

       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)

       at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)

       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)

       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)

       at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:200)

       at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)

       at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)

       at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

       at java.lang.Thread.run(Thread.java:744)

Posted by Orchid Corpin on 01-Jul-2014 16:58

Yes most probably it was tomcat.

Just in case it is not yet fixed, please send us the steps to replicate on how you adjust your configuration to help us investigate further.



Posted by jbeisch on 03-Jul-2014 00:31

I cannot find a way to tell Tomcat to pad or unpad the encryption unless Tomcat is told to do SSL.  From our configuration and reading we should not have to have Tomcat do any SSL as Apache has is handling all that.  Can you convert this into a case so I can send you our httpd.conf, ssl.com, workers.properties, and Tomcat's server.xml and index.html to see how we have this setup?

Posted by Orchid Corpin on 03-Jul-2014 15:23

Hi Jeff,

Here is a link where you can file/find support cases, there you can attach file(s) for further investigation.


Let me know if you have any concerns, so I can help.



Posted by jbeisch on 05-Jul-2014 00:20

Orchid, my apologies, I thought you worked for a "progress" company like a former Rollbase Philippines guy seems now and that's why I asked you to convert the thread.  A coworker of min already did that.  Thanks for your input!

This thread is closed