Encryption using Cipher Tool ( ESB 4.8.1 )
1) Create the configuration xml. Here it is enc_test.xml and copy it to ESB_HOME/repository/conf.
2) Go to <esb_home>/repository/conf/security/cipher-tool.properties and add the below:ajanthan batticaloa
testenc.password=enc_test.xml//testenc/password,false3) Go to <esb_home>/repository/conf/security/cipher-text.properties and take a backup of it and comment out all the other entries and add the below entry.
testenc.password=[batticaloa]4) Execute the ciphertool.sh inside <esb_home>/bin
sh ciphertool.sh -Dconfigure
ajanthan@ajanthan-ThinkPad-T440p:~/wso2/blog/wso2esb-4.8.1/bin$ sh ciphertool.sh -Dconfigure [Please Enter Primary KeyStore Password of Carbon Server : ] Primary KeyStore of Carbon Server is initialized Successfully Protected Token [testenc.password] is updated in enc_test.xml successfully Encryption is done Successfully Secret Configurations are written to the property file successfully
5) You can see that in cipher-text.properties file that the record we entered as plain text is encrypted and the configuration file enc_test.xml will be converted with alias.
#Sun May 15 00:35:27 IST 2016 testenc.password=GF+b6kjk0e95DJh29rGEkGteOE/bjDoVPUxB1LU1SpEafNEPght5FqpinmR8ONO+ NHk4v9AFs+SX\nYbmpuAHmgLLXw9Gfj7SpdUIIF+iR087R8WwX/IzVJgLBfCUxfNb7b2UlH6MPtBMZX6o 2n+25XaPr\n2SCfhIptAXQNHrqxIHY\=enc_test.xml:
ajanthan password
Encryption using Cipher Tool ( ESB 4.9.0 )
1) Create the configuration xml. Here it is enc_test.xml and copy it to ESB_HOME/repository/conf.
2) Go toajanthan batticaloa
Server.Service.Connector.keystorePass=repository/conf/tomcat/catalina-server.xml//Server/Service/Connector[@keystorePass],trueadd the below:
testenc.password=repository/conf/enc_test.xml//testenc/password,false3) Go to
Server.Service.Connector.keystorePass=[wso2carbon]and add the below entry.
testenc.password=[batticaloa]4) Execute the ciphertool.sh inside
sh ciphertool.sh -Dconfigure
ajanthan@ajanthan-ThinkPad-T440p:~/wso2/blog/wso2esb-4.9.0/bin$ sh ciphertool.sh -Dconfigure [Please Enter Primary KeyStore Password of Carbon Server : ] Primary KeyStore of Carbon Server is initialized Successfully Protected Token [Server.Service.Connector.keystorePass] is updated in repository/conf/tomcat/catalina-server.xml successfully Protected Token [testenc.password] is updated in repository/conf/enc_test.xml successfully Encryption is done Successfully Encryption is done Successfully Secret Configurations are written to the property file successfully
5) You can see that in cipher-text.properties file that the record we entered as plain text is encrypted and the configuration file enc_test.xml will be converted with alias.
#Sun May 15 01:18:51 IST 2016 Server.Service.Connector.keystorePass=A12Ui9TAcnZ4O51CyCwEnTCfRNkteE3oLr6Y syHDud8faxeuCHl7Cr1HKEwIA44stUt64yhs4PoxS59v2tP/qoYNdjgnuXujXAjWfb9KcmhppH jrUzPvyVmimM+lgVu+92qju19MUXk22KjA1MEJZ7c/n+ji5EpBSFgjSyrEgMM\= testenc.password=HKudcxPNgNPhApsYJoHW47VLMeXxLy6oKgWwVMPZJ2IIw36BlUalTdsrd lDW7Cw40kA7EivPKOJ+rKJ33R/SscVr4RreKXg5y5KqcN1i5swzzAy5gFMLq7z4trGG0B/ YlRIGWeeesUPpAg6tKGvZrsCjHGM1mlrqL1LtKeOk+os\=
ajanthan password
Custom Java Class to Retrieve Encrypted Password
Below is a sample java class, which can be used retrieve the pass from the above encrypted enc_test.xml.
package com.custom.password.vault;
import java.io.File;
import java.io.FileInputStream;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.synapse.MessageContext;
import org.apache.synapse.mediators.AbstractMediator;
import org.wso2.carbon.utils.CarbonUtils;
import org.wso2.securevault.SecretResolver;
import org.wso2.securevault.SecretResolverFactory;
public class PasswordFromVault extends AbstractMediator {
public boolean mediate(MessageContext context) {
log.info("----------------PasswordFromVault Invoked---------------------");
FileInputStream fileInputStream = null;
String retrievePassword = null;
String configurationPath = CarbonUtils.getCarbonHome() + File.separator
+ "repository" + File.separator + "conf" + File.separator
+ "enc_test.xml";
File file = new File(configurationPath);
if (file.exists()) {
try {
fileInputStream = new FileInputStream(file);
StAXOMBuilder e = new StAXOMBuilder(fileInputStream);
OMElement configElement = e.getDocumentElement();
// Retrieve the password
SecretResolver secretResolver = SecretResolverFactory.create(
configElement, false);
String secretAlias = "testenc.password";
if (secretResolver != null && secretResolver.isInitialized()) {
if (secretResolver.isTokenProtected(secretAlias)) {
retrievePassword = secretResolver.resolve(secretAlias);
log.info("Retrieve Password Inside Secret Resolver: " + retrievePassword );
}
}
} catch (Exception e) {
}
}
// Set Password to the context
//context.setProperty("retrieved_password", retrievePassword);
log.info("Retrieve Password: " + retrievePassword );
return true;
}
}
Test Results
[2016-05-15 02:07:24,429] INFO - StartupFinalizerServiceComponent WSO2 Carbon started in 42 sec [2016-05-15 02:07:24,644] INFO - CarbonUIServiceComponent Mgt Console URL : https://192.168.1.3:9443/carbon/ [2016-05-15 02:07:48,296] INFO - LogMediator STATUS: = ------------Test Invoked------------------------------ [2016-05-15 02:07:48,296] INFO - PasswordFromVault ----------------PasswordFromVault Invoked--------------------- [2016-05-15 02:07:48,298] INFO - PasswordFromVault Retrieve Password Inside Secret Resolver: batticaloa [2016-05-15 02:07:48,298] INFO - PasswordFromVault Retrieve Password: batticaloa
Thank you so much Ajanthan. This is what I was looking for.
ReplyDeleteFacing the below issue:: {org.wso2.securevault.secret.handler.SecretManagerSecretCallbackHandler} - SecretManager has not been initialized.Cannot collect secrets. {org.wso2.securevault.secret.handler.SecretManagerSecretCallbackHandler}
ReplyDeleteCan you help me with this
Hi Saurabh,
DeleteAble to resolve it? If not please share how you input the password when start the ESB?
Thanks.
Ajanthan.