Encrypt Keystore password in server.xml

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Encrypt Keystore password in server.xml

S Abirami
Hi All,

  I have to encrypt keystore password in server.xml. For decrypting ,I have inherited the class Http11Nio2Protocol[Http11Nio2ProtocolDecryptProp extends Http11Nio2Protocol] and decrypted in setKeyStorePass overridden method then set that to endpoint keystorePass and super class setKeyStorePass .I could see the encryption happened successfully. But I am getting following error and server is not opening

@Override
       public void setKeystorePass(String s)
       {      try    {
                     System.out.println( "This method called" + s );
                     byte[] encrypted = s.getBytes();
                     byte[] data = OpenSSL.decrypt( "aes-256-cbc", key, encrypted );
                     super.setKeystorePass( new String( data, "UTF-8" ) );
              super.endpoint.setKeystorePass( new String( data, "UTF-8" ) );


              }

Please share your input

Sep 11, 2017 10:51:16 AM org.apache.coyote.AbstractProtocol init
SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-nio2-2309"]
java.io.IOException: Keystore was tampered with, or password was incorrect
        at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780)
        at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
        at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
        at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
       at java.security.KeyStore.load(KeyStore.java:1445)
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:449)
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:353)
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:606)
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:546)
        at org.apache.tomcat.util.net.Nio2Endpoint.bind(Nio2Endpoint.java:313)
        at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:810)
        at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:476)
        at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:120)
        at org.apache.catalina.connector.Connector.initInternal(Connector.java:960)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
        at org.apache.catalina.core.StandardService.initInternal(StandardService.java:568)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
        at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:871)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:581)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:604)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:310)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:484)
Caused by: java.security.UnrecoverableKeyException: Password verification failed
        at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778)
        ... 26 more

Sep 11, 2017 10:51:16 AM org.apache.catalina.core.StandardService initInternal
SEVERE: Failed to initialize connector [Connector[com.ericsson.http.protocol.Http11Nio2ProtocolDecryptProp-2309]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[com.ericsson.http.protocol.Http11Nio2ProtocolDecryptProp-2309]]
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
        at org.apache.catalina.core.StandardService.initInternal(StandardService.java:568)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
        at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:871)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)