Fix IV handling for ClearPass in clustered environments

Description

Required in clustered environments where CAS Server B is unable to decrypt ciphertext generated on CAS Server A where the original Initialization Vector remains in a local ConcurrentHashMap.

Patch details:

  • Prepends ciphertext with IV (16 bytes); mandatory for proper decryption.

  • Derives IV length from Cipher#getBlockSize

  • Prepends ciphertext (and IV) with IV length to handle dynamic IV length case.

Affects:

Fixes:

  • NullPointerException

  • BadPaddingException

Reference:

GitHub Pull Request:

Environment

None

Status

Assignee

Misagh Moayyed

Reporter

Matt Borja

Labels

None

Estimated End Date

None

Audience

None

Components

Fix versions

Affects versions

3.5.0

Priority

Blocker