Fix IV handling for ClearPass in clustered environments
Description
Required in clustered environments where CAS Server B is unable to decrypt ciphertext generated on CAS Server A where the original Initialization Vector remains in a local ConcurrentHashMap.
Patch details:
Prepends ciphertext with IV (16 bytes); mandatory for proper decryption.
Derives IV length from Cipher#getBlockSize
Prepends ciphertext (and IV) with IV length to handle dynamic IV length case.
Required in clustered environments where CAS Server B is unable to decrypt ciphertext generated on CAS Server A where the original Initialization Vector remains in a local ConcurrentHashMap.
Patch details:
Prepends ciphertext with IV (16 bytes); mandatory for proper decryption.
Derives IV length from Cipher#getBlockSize
Prepends ciphertext (and IV) with IV length to handle dynamic IV length case.
Affects:
https://wiki.jasig.org/display/CASUM/ClearPass+and+Multiple+Server+Configurations
Fixes:
NullPointerException
BadPaddingException
Reference:
https://gist.github.com/rdev5/7570750/
GitHub Pull Request:
https://github.com/Jasig/cas/pull/359