Colin,

Maybe add your certificate to the java ketstore. 
https://docs.oracle.com/cd/E54932_01/doc.705/e54936/cssg_create_ssl_cert.htm#CSVSG180

Ray

On Mon, 2020-08-24 at 15:25 -0400, Colin Ryan wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.


Folks,

So I've still not managed to move past this. Even even started from scratch.

git clone https://github.com/apereo/cas-management-overlay.git

git checkout 6.0.x

./build.sh clean

./build.sh run - breaks because it can't seem to find some of the required 
components for the 6.0.x gradle.properties of 6.0.2-SNAPSHOT

So I go fine, old branch, I'll try master.

git checkout master

./build.sh clean

./build.sh run


gives again the whole dialog below. It cannot open my keystore file. But the 
keystore file is fine. In fact as mentioned below if I change reference to the 
file it errors out appropriately, indicating it's consuming the correct 
configuration.

At this point I  can't seem to get the Management Interface to function. As you 
can see also below I even created a new self signed keystore with a basic 
password thinking that maybe special characters were the issue. Not go, again 
was working before my development environment blew up. I have a backup of it, 
but build and run for that can't find components (old branch?).

Any idea what stupidity I'm missing.

Thanks


On 8/12/20 12:43 PM, Colin Ryan wrote:

Folks,

I'm nearly embarrassed having to ask this but I'm having issues starting up the 
Management Interface in the embedded Tomcat scenario.

The error is technically obvious:

Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe 
contents entry: javax.crypto.BadPaddingException: Given final block not 
properly padded. Such issues can arise if a bad key is used during decryption.



Environment is:

CAS Version: 6.1.0-RC4
CAS Commit Id: caabdd579ab6190a896de03ceeeb1b26d0bab81a
CAS Build Date/Time: 2020-08-12T16:06:56.197Z
Spring Boot Version: 2.2.0.M3
Spring Version: 5.2.0.M2
Java Home: /Library/Java/JavaVirtualMachines/jdk-11.0.7.jdk/Contents/Home
Java Vendor: Oracle Corporation
Java Version: 11.0.7
JVM Free Memory: 240 MB
JVM Maximum Memory: 2 GB
JVM Total Memory: 378 MB
JCE Installed: Yes
OS Architecture: x86_64
OS Name: Mac OS X
OS Version: 10.15.5


Now this isn't my first rodeo ride with certificates so  here is what I've done 
so far trying to solve this.


* Confirmed the the management.properties file being picked up by the run-time 
is correct (put in incorrect directive and it complained).

* Confirmed Syntax for the Certificate Directives via examples and the CAS 
interactive Shell.

management.server.ssl.key-store: file:/Users/colinr/DevTree/devkeystore.jks
management.server.ssl.key-store-password: <password>

It should be noted that the keystore is of type PKCS12 and it's the exact same 
keystore as being used by my standalone Tomcat 9.0.26 environment that CAS 
itself runs on successfully. Said tomcat environment is started by the same 
users that runs the embedded one.

* I've opened up permissions to the file totally.

* I'm able to "keytool -list" the certificate in this keystore directly via 
"keytool" and responds properly to the correct and incorrect keystore password.

* I'm able to view details of certificate via keytool

* Certificate alias is tomcat

* Certificate is NOT expired.

* Certificate is loaded in the the Java's truststore via the InstallCert tool.

* I tried generating a new keystore via "keytool -genkeypair -alias tomcat 
-keyalg RSA -keysize 2048 -keystore managementkeystore.jks -validity 3650  
-storepass testadmin" same result.

* keytool and activated Java environment for the run time is from the same 
distribution.

* I've run the overlay before like this without issues, however that was 
6.0.2-SNAPSHOT on 10.15.4.


Frankly I'm totally stumped but expect the issue to be an embarrassingly 
obvious one.

Cheers


Colin




--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/71606001-1c08-d1a9-962d-4f725e8dd42a%40caveo.ca<https://groups.google.com/a/apereo.org/d/msgid/cas-user/71606001-1c08-d1a9-962d-4f725e8dd42a%40caveo.ca?utm_medium=email&utm_source=footer>.

--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca>

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/429341d0d6b1d2f4aad38cc6411e8245df13ab70.camel%40uvic.ca.

Reply via email to