Issue
For EOP installations 3.9.4, 3.9.5 the edit-properties command fails with the following exception.
sudo bin/edit-properties -e data/esapi/ -f data/conf/database.properties Jul 22, 2022 2:14:59 PM org.owasp.esapi.reference.JavaLogFactory$JavaLogger log INFO: [SECURITY SUCCESS -> /Contrast TeamServer/com.aspectsecurity.contrast.tool.propertyeditor.ESAPIEncryptedProperties] Encrypted properties loaded successfully Jul 22, 2022 2:14:59 PM org.owasp.esapi.reference.JavaLogFactory$JavaLogger log OFF: [SECURITY AUDIT -> /Contrast TeamServer/SecurityProviderLoader] No Encryptor.PreferredJCEProvider specified. Jul 22, 2022 2:15:00 PM org.owasp.esapi.reference.JavaLogFactory$JavaLogger log SEVERE: [SECURITY FAILURE -> /Contrast TeamServer/JavaEncryptor] Programming error: unexpected progress mark == 0 org.owasp.esapi.errors.EncryptionRuntimeException: Property retrieval failure at com.aspectsecurity.contrast.tool.propertyeditor.ESAPIEncryptedProperties.getProperty(ESAPIEncryptedProperties.java:58) at com.aspectsecurity.contrast.tool.propertyeditor.PropertyEditor.printProperties(PropertyEditor.java:165) at com.aspectsecurity.contrast.tool.propertyeditor.PropertyEditor.run(PropertyEditor.java:120) at com.aspectsecurity.contrast.tool.propertyeditor.PropertyEditor.main(PropertyEditor.java:61) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at com.exe4j.runtime.LauncherEngine.launch(LauncherEngine.java:84) at com.install4j.runtime.launcher.UnixLauncher.start(UnixLauncher.java:66) at install4j.com.aspectsecurity.contrast.tool.propertyeditor.PropertyEditor.main(Unknown Source) Caused by: org.owasp.esapi.errors.EncryptionException: Decryption failed; see logs for details. at org.owasp.esapi.reference.crypto.JavaEncryptor.decrypt(JavaEncryptor.java:612) at org.owasp.esapi.reference.crypto.JavaEncryptor.decrypt(JavaEncryptor.java:560) at com.aspectsecurity.contrast.tool.propertyeditor.ESAPIEncryptedProperties.getProperty(ESAPIEncryptedProperties.java:54) ... 10 more
Cause
Version 3.9.4 and some versions of 3.9.5 of the EOP installers were missing the correct encrypted-properties-editor jar file.
Resolution
Upgrading to the latest version 3.9.5 or above will address this issue. If upgrading is not an option please contact support@contrastsecurity.com or open a ticket directly in our portal to request the correct encrypted-properties-editor-1.2.0.jar file.