Add better message when decryption fails in config

3 files changed, 28 insertions, 13 deletions

diff --git a/src/rabbit.erl b/src/rabbit.erl
index 75425e1a95..9624aca184 100644
--- a/src/rabbit.erl
+++ b/src/rabbit.erl
@@ -444,8 +444,10 @@ start_apps(Apps) ->
     app_utils:load_applications(Apps),
 
     DecoderConfig = case application:get_env(rabbit, decoder_config) of
-        undefined -> [];
-        {ok, Val} -> Val
+        undefined ->
+            [];
+        {ok, Val} ->
+            Val
     end,
     PassPhrase = case proplists:get_value(passphrase, DecoderConfig) of
         prompt ->
@@ -465,9 +467,9 @@ start_apps(Apps) ->
             PP
     end,
     Algo = {
-        proplists:get_value(cipher, DecoderConfig, aes_cbc256),
-        proplists:get_value(hash, DecoderConfig, sha512),
-        proplists:get_value(iterations, DecoderConfig, 1000),
+        proplists:get_value(cipher, DecoderConfig, rabbit_pbe:default_cipher()),
+        proplists:get_value(hash, DecoderConfig, rabbit_pbe:default_hash()),
+        proplists:get_value(iterations, DecoderConfig, rabbit_pbe:default_iterations()),
         PassPhrase
     },
     decrypt_config(Apps, Algo),
@@ -516,9 +518,20 @@ decrypt_config([App|Apps], Algo) ->
 decrypt_app(_, [], _) ->
     ok;
 decrypt_app(App, [{Key, Value}|Tail], Algo) ->
-    case decrypt(Value, Algo) of
-        Value -> ok;
-        NewValue -> application:set_env(App, Key, NewValue)
+    try begin
+            case decrypt(Value, Algo) of
+                Value ->
+                    ok;
+                NewValue ->
+                    application:set_env(App, Key, NewValue)
+            end
+        end
+    catch
+        exit:{bad_configuration, decoder_config} ->
+            exit({bad_configuration, decoder_config});
+        _:Msg ->
+            rabbit_log:info("Error while decrypting key '~p'. Please check encrypted value, passphrase, and encryption configuration~n", [Key]),
+            exit({decryption_error, {key, Key}, Msg})
     end,
     decrypt_app(App, Tail, Algo).
 
diff --git a/src/rabbit_control_main.erl b/src/rabbit_control_main.erl
index ce242c9f91..8c245892b7 100644
--- a/src/rabbit_control_main.erl
+++ b/src/rabbit_control_main.erl
@@ -20,8 +20,8 @@
 -include("rabbit_misc.hrl").
 
 -export([start/0, stop/0, parse_arguments/2, action/5, action/6,
-    sync_queue/1, cancel_sync_queue/1, become/1,
-    purge_queue/1]).
+         sync_queue/1, cancel_sync_queue/1, become/1,
+         purge_queue/1]).
 
 -import(rabbit_misc, [rpc_call/4, rpc_call/5, rpc_call/7]).
 
diff --git a/src/rabbit_control_pbe.erl b/src/rabbit_control_pbe.erl
index dd4f9efa28..2fa2c90a6e 100644
--- a/src/rabbit_control_pbe.erl
+++ b/src/rabbit_control_pbe.erl
@@ -57,9 +57,11 @@ encode_encrypt_decrypt(_CipherExists, _HashExists, Decode, Cipher, Hash, Iterati
     try begin
             TermValue = evaluate_input_as_term(Value),
             TermToDecrypt = case TermValue of
-                                {encrypted, EncryptedTerm} -> EncryptedTerm;
-                                _ -> TermValue
-                            end,
+                {encrypted, EncryptedTerm} ->
+                    EncryptedTerm;
+                _ ->
+                    TermValue
+            end,
             Result = rabbit_pbe:decrypt_term(Cipher, Hash, Iterations, list_to_binary(PassPhrase), TermToDecrypt),
             {ok, io_lib:format("~p", [Result])}
         end