You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by yanyizhong <15...@163.com> on 2023/11/01 13:48:03 UTC
Re:RE: How to custom java program to decrypt keystore password in Tomcat 10.1.15
It is soloved by implement the PropertySource, thank you very much for all your help.
At 2023-10-28 01:06:03, "Mcalexander, Jon J." <jo...@wellsfargo.com.INVALID> wrote:
>You could look at how TC Server does this. Their tcserver.jar has an encoder/decoder in it and the class is loaded as a digester in the Catalina.properties. It relies on having a prefix on the encoded value that would subsequently be decoded and the property value replaced with the decoded value. The passwords have to be encoded prior to adding them to your configuration files. It's fairly easy to do.
>
>You might be able to come up with something similar on your own.
>
>Thanks,
>
>Dream * Excel * Explore * Inspire
>Jon McAlexander
>Senior Infrastructure Engineer
>Asst. Vice President
>He/His
>
>Middleware Product Engineering
>Enterprise CIO | EAS | Middleware | Infrastructure Solutions
>
>8080 Cobblestone Rd | Urbandale, IA 50322
>MAC: F4469-010
>Tel 515-988-2508 | Cell 515-988-2508
>
>jonmcalexander@wellsfargo.com
>This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.
>
>> -----Original Message-----
>> From: Mark Thomas <ma...@apache.org>
>> Sent: Friday, October 27, 2023 3:45 AM
>> To: users@tomcat.apache.org
>> Subject: Re: How to custom java program to decrypt keystore password in
>> Tomcat 10.1.15
>>
>> On 26/10/2023 11:05, yanyizhong wrote:
>> >
>> >
>> > Hi Tomcat team,
>> > Version: Tomcat 10.1.15
>> >
>> >
>> > I am trying to upgrade Tomcat from version 9.0.56 into 10.1.15, and found
>> that there is no setKeystorePass(String) method in tomcat 10.1.15.
>> >
>> >
>> > As we want to use the custom keystore encryption password in server.xml
>> like this:
>> >
>> >
>> > <Connector prt="8080" protocol="test.CustomHttp11Nio2Protocol"
>> chiphhers="TLS_ECDHE_RSA_WITH_AES_123_GCM_SHA256"
>> > keystoreFile="E:\tes.jks"
>> > keystorePass="xsdfdfdsfdfxdf(encryption password)"
>> > keystoreType"JKS" />
>>
>> And this "encrypted" password is "decrypted" how?
>> https://urldefense.com/v3/__https://cwiki.apache.org/confluence/display/
>> TOMCAT/Password__;!!F9svGWnIaVPGSwU!sJRkxJv4qdFjO7jusA2u0eRFDEx
>> Wji3SkfxRWuu9WY0xWKUWAu8p7qwvQkIU9PHtKGKlG4BOPViaYubUO15UL
>> g$
>> (Hint: this is a waste of time from a security perspective.)
>>
>> If you can find a way to make this work then you are welcome to use it but I
>> am sure as I can be that if source code changes are required in Tomcat to
>> make this work they won't be happening.
>>
>> I suspect the way to do this (if you really must) would be via a custom
>> PropertySource. If you look at the existing implementations then you should
>> have enough hints to put together an implementation that looks for "enc:...."
>> and "decrypts" what it finds.
>>
>> Note that org.apache.tomcat.util.digester.PROPERTY_SOURCE multiple
>> values, separated by commas.
>>
>> Mark
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>For additional commands, e-mail: users-help@tomcat.apache.org
>