yanyizhong and Mark,
On 10/27/23 04:44, Mark Thomas wrote:
On 26/10/2023 11:05, yanyizhong wrote:
Hi Tomcat team,
Version: Tomcat 10.1.15
I am trying to upgrade Tomcat from version 9.0.56 into 10.1.15, and
found that there is no setKeystorePass(String) method in tomcat 10.1.15.
As we want to use the custom keystore encryption password in
server.xml like this:
<Connector prt="8080" protocol="test.CustomHttp11Nio2Protocol"
chiphhers="TLS_ECDHE_RSA_WITH_AES_123_GCM_SHA256"
keystoreFile="E:\tes.jks"
keystorePass="xsdfdfdsfdfxdf(encryption password)"
keystoreType"JKS" />
And this "encrypted" password is "decrypted" how?
https://cwiki.apache.org/confluence/display/TOMCAT/Password
(Hint: this is a waste of time from a security perspective.)
If you can find a way to make this work then you are welcome to use it
but I am sure as I can be that if source code changes are required in
Tomcat to make this work they won't be happening.
I suspect the way to do this (if you really must) would be via a custom
PropertySource. If you look at the existing implementations then you
should have enough hints to put together an implementation that looks
for "enc:...." and "decrypts" what it finds.
Note that org.apache.tomcat.util.digester.PROPERTY_SOURCE multiple
values, separated by commas.
I've been experimenting with the ServiceBindingPropertySource lately
and, IMHO, improving it. It was contributed to the project some time ago
and is woefully under-documented. I'm looking to change that. At first,
I was thinking about a full hour-ish presentation, but it looks like
it's better as a short webinar or even just patches to the existing
documentation.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
