Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-20136

Performing AES password Encryption gives NoClassDefFoundError on Bitbucket v 9.4.7 and 9.4.8

XMLWordPrintable

      Issue Summary

      When attempting Password Encryption as detailed in the KB Article : AES Encryption on Bitbucket Version 9.4.7 and 9.4.8, we see the below error:

      SLF4J(W): No SLF4J providers were found.
SLF4J(W): Defaulting to no-operation (NOP) logger implementation
SLF4J(W): See https://www.slf4j.org/codes.html#noProviders for further details.
SLF4J(W): Class path contains SLF4J bindings targeting slf4j-api versions 1.7.x or earlier.
SLF4J(W): Ignoring binding found at [jar:file:/home/parallels/Downloads/bb_new/atlassian-bitbucket-9.4.7/tools/atlassian-password/atlassian-password-cli.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J(W): See https://www.slf4j.org/codes.html#ignoredBindings for an explanation.
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/juli/logging/LogFactory
	at com.atlassian.secrets.store.algorithm.serialization.SerializationFile.<clinit>(SerializationFile.java:15)
	at com.atlassian.secrets.store.algorithm.serialization.SerializationFileFactory.getSerializationFile(SerializationFileFactory.java:6)
	at com.atlassian.secrets.store.algorithm.AlgorithmSecretStore.getKeyOrGenerateNewAndGet(AlgorithmSecretStore.java:250)
	at com.atlassian.secrets.store.algorithm.AlgorithmSecretStore.encrypt(AlgorithmSecretStore.java:182)
	at com.atlassian.secrets.store.algorithm.AlgorithmSecretStore.store(AlgorithmSecretStore.java:115)
	at com.atlassian.secrets.cli.db.DbCipherTool.lambda$getOutputData$1(DbCipherTool.java:65)
	at java.base/java.util.Optional.map(Optional.java:260)
	at com.atlassian.secrets.cli.db.DbCipherTool.getOutputData(DbCipherTool.java:65)
	at com.atlassian.secrets.cli.db.DbCipherTool.main(DbCipherTool.java:37)
Caused by: java.lang.ClassNotFoundException: org.apache.juli.logging.LogFactory
	at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:641)
	at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188)
	at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:526)
	... 9 more

      Steps to Reproduce

      1. On a Bitbucket instance of version 9.4.7 or 9.4.8, follow the steps in the KB Article : AES Encryption
      2. After running the below code: 
        java -cp "./*" com.atlassian.secrets.cli.db.DbCipherTool -c com.atlassian.secrets.store.algorithm.AlgorithmSecretStore

        and entering password JSON into the prompt, we see the error.

      Expected Results

      We expect the operation to be successful and return a Success message as below:

      SLF4J(W): No SLF4J providers were found.
SLF4J(W): Defaulting to no-operation (NOP) logger implementation
SLF4J(W): See https://www.slf4j.org/codes.html#noProviders for further details.
SLF4J(W): Class path contains SLF4J bindings targeting slf4j-api versions 1.7.x or earlier.
SLF4J(W): Ignoring binding found at [jar:file:/home/parallels/Downloads/bb_new/atlassian-bitbucket-9.4.7/tools/atlassian-password/atlassian-password-cli.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J(W): See https://www.slf4j.org/codes.html#ignoredBindings for an explanation.
Success!
For Jira, set the following properties in dbconfig.xml:

<atlassian-password-cipher-provider>com.atlassian.secrets.store.algorithm.AlgorithmSecretStore</atlassian-password-cipher-provider>
<password>{"sealedObjectFilePath":"javax.crypto.SealedObject_1753278260575","keyFilePath":"javax.crypto.spec.SecretKeySpec_1753278260559"}</password>

For Bitbucket, set the following properties in bitbucket.properties:

encrypted-property.cipher.classname=com.atlassian.secrets.store.algorithm.AlgorithmSecretStore
jdbc.password={"sealedObjectFilePath":"javax.crypto.SealedObject_1753278260575","keyFilePath":"javax.crypto.spec.SecretKeySpec_1753278260559"}

For Bamboo, set the following properties in bamboo.cfg.xml:

<property name="jdbc.password.decrypter.classname">com.atlassian.secrets.store.algorithm.AlgorithmSecretStore</property>
<property name="hibernate.connection.password">{"sealedObjectFilePath":"javax.crypto.SealedObject_1753278260575","keyFilePath":"javax.crypto.spec.SecretKeySpec_1753278260559"}</property>

For Confluence, set the following properties in confluence.cfg.xml:

<property name="jdbc.password.decrypter.classname">com.atlassian.secrets.store.algorithm.AlgorithmSecretStore</property>
<property name="hibernate.connection.password">{"sealedObjectFilePath":"javax.crypto.SealedObject_1753278260575","keyFilePath":"javax.crypto.spec.SecretKeySpec_1753278260559"}</property>

This password cannot be used in Crowd as Crowd only accepts passwords provided by one of the following secret stores: [com.atlassian.secrets.store.algorithm.AesOnlyAlgorithmSecretStore]

      Actual Results

      The below exception is observed :

      SLF4J(W): No SLF4J providers were found.
SLF4J(W): Defaulting to no-operation (NOP) logger implementation
SLF4J(W): See https://www.slf4j.org/codes.html#noProviders for further details.
SLF4J(W): Class path contains SLF4J bindings targeting slf4j-api versions 1.7.x or earlier.
SLF4J(W): Ignoring binding found at [jar:file:/home/parallels/Downloads/bb_new/atlassian-bitbucket-9.4.7/tools/atlassian-password/atlassian-password-cli.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J(W): See https://www.slf4j.org/codes.html#ignoredBindings for an explanation.
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/juli/logging/LogFactory
	at com.atlassian.secrets.store.algorithm.serialization.SerializationFile.<clinit>(SerializationFile.java:15)
	at com.atlassian.secrets.store.algorithm.serialization.SerializationFileFactory.getSerializationFile(SerializationFileFactory.java:6)
	at com.atlassian.secrets.store.algorithm.AlgorithmSecretStore.getKeyOrGenerateNewAndGet(AlgorithmSecretStore.java:250)
	at com.atlassian.secrets.store.algorithm.AlgorithmSecretStore.encrypt(AlgorithmSecretStore.java:182)
	at com.atlassian.secrets.store.algorithm.AlgorithmSecretStore.store(AlgorithmSecretStore.java:115)
	at com.atlassian.secrets.cli.db.DbCipherTool.lambda$getOutputData$1(DbCipherTool.java:65)
	at java.base/java.util.Optional.map(Optional.java:260)
	at com.atlassian.secrets.cli.db.DbCipherTool.getOutputData(DbCipherTool.java:65)
	at com.atlassian.secrets.cli.db.DbCipherTool.main(DbCipherTool.java:37)
Caused by: java.lang.ClassNotFoundException: org.apache.juli.logging.LogFactory
	at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:641)
	at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188)
	at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:526)

      Workaround

      1. Copy tomcat-embed-core-9.0.104.jar file from your <INSTALLATION_DIRECTORY>/app/WEB-INF/lib to your <INSTALLATION_DIRECTORY>/tools/atlassian-password
      2. Execute the below command as mentioned in the AES Encryption Document: 
        java -cp "./*" com.atlassian.secrets.cli.db.DbCipherTool -c com.atlassian.secrets.store.algorithm.AlgorithmSecretStore

              75fca8d6bc6b Hong Huynh
              937eee68b131 Deepti Srivastava
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: