解密BPEL配置文件embeded_bps的密码时出错

时间:2017-02-18 19:39:55

标签: wso2 wso2is wso2-am wso2carbon

我为WSO2 Identity Server配置了新的CA证书。 我使用了GREP并替换了wso2carbon.jks并替换为我的新.jks。

我认为我错误地取代了一些我不应该拥有的地方。 有人可以告诉我哪个地方可能导致以下异常? 还是因为其他一些问题?

org.wso2.carbon.identity.workflow.impl.WorkflowImplException: Error while decrypting the password for BPEL Profile embeded_bps
        at org.wso2.carbon.identity.workflow.impl.dao.BPSProfileDAO.getBPSProfile(BPSProfileDAO.java:158)
        at org.wso2.carbon.identity.workflow.impl.WorkflowImplServiceImpl.getBPSProfile(WorkflowImplServiceImpl.j

  at java.lang.Thread.run(Thread.java:745)
Caused by: org.wso2.carbon.core.util.CryptoException: errorDuringDecryption
        at org.wso2.carbon.core.util.CryptoUtil.decrypt(CryptoUtil.java:186)
        at org.wso2.carbon.core.util.CryptoUtil.base64DecodeAndDecrypt(CryptoUtil.java:200)
        at org.wso2.carbon.identity.workflow.impl.dao.BPSProfileDAO.decryptPassword(BPSProfileDAO.java:264)
        at org.wso2.carbon.identity.workflow.impl.dao.BPSProfileDAO.getBPSProfile(BPSProfileDAO.java:156)
        ... 108 more
Caused by: java.security.InvalidKeyException: unknown key type passed to RSA
        at org.bouncycastle.jcajce.provider.asymmetric.rsa.CipherSpi.engineInit(Unknown Source)
        at org.bouncycastle.jcajce.provider.asymmetric.rsa.CipherSpi.engineInit(Unknown Source)
        at javax.crypto.Cipher.init(Cipher.java:1065)
        at javax.crypto.Cipher.init(Cipher.java:1009)
        at org.wso2.carbon.core.util.CryptoUtil.decrypt(CryptoUtil.java:181)

... 111更多

2 个答案:

答案 0 :(得分:1)

您需要找到此表:带有此列的WF_BPS_PROFILE: HOST_URL_MANAGER,HOST_URL_WORKER,USERNAME,PASSWORD

我认为PASSWORD中的值是使用wso2cabon.jks中的上一个键进行的,因此您需要用新值替换该值。

有关详细信息,请参阅BPSProfileDAO.java类

方法定义:

    /**
     * Retrieve details of a BPS profile
     *
     * @param profileName     Name of profile to retrieve
     * @param tenantId        Id of tenant domain
     * @param isWithPasswords Whether password to be retrieved or not
     * @return
     * @throws WorkflowImplException
     */
    public BPSProfile getBPSProfile(String profileName, int tenantId, boolean isWithPasswords) throws
                                                                                               WorkflowImplException
{

        BPSProfile bpsProfileDTO = null;
        Connection connection = IdentityDatabaseUtil.getDBConnection();
        PreparedStatement prepStmt = null;
        ResultSet rs;
        String query = SQLConstants.GET_BPS_PROFILE_FOR_TENANT_QUERY;

        try {
            prepStmt = connection.prepareStatement(query);
            prepStmt.setString(1, profileName);
            prepStmt.setInt(2, tenantId);
            rs = prepStmt.executeQuery();

            if (rs.next()) {
                String managerHostName = rs.getString(SQLConstants.HOST_URL_MANAGER_COLUMN);
                String workerHostName = rs.getString(SQLConstants.HOST_URL_WORKER_COLUMN);
                String user = rs.getString(SQLConstants.USERNAME_COLUMN);
                bpsProfileDTO = new BPSProfile();
                bpsProfileDTO.setProfileName(profileName);
                bpsProfileDTO.setManagerHostURL(managerHostName);
                bpsProfileDTO.setWorkerHostURL(workerHostName);
                bpsProfileDTO.setUsername(user);

                if (isWithPasswords) {
                    String password = rs.getString(SQLConstants.PASSWORD_COLUMN);
                    try {
                        bpsProfileDTO.setPassword(decryptPassword(password));
                    } catch (CryptoException | UnsupportedEncodingException e) {
                        throw new WorkflowImplException("Error while decrypting the password for BPEL Profile "
                                + profileName, e);
                    }
                }
            }
        } catch (SQLException e) {
            throw new WorkflowImplException("Error when executing the sql.", e);
        } finally {
            IdentityDatabaseUtil.closeAllConnections(connection, null, prepStmt);
        }
        return bpsProfileDTO;
    }

查询:

public static final String GET_BPS_PROFILE_FOR_TENANT_QUERY = "SELECT HOST_URL_MANAGER, HOST_URL_WORKER, " +
        "USERNAME,PASSWORD FROM WF_BPS_PROFILE WHERE PROFILE_NAME = ? AND " +
        "TENANT_ID = ? ";

一些util方法:

private String encryptPassword(char[] passwordValue) throws CryptoException {

    CryptoUtil cryptoUtil = CryptoUtil.getDefaultCryptoUtil();
    return cryptoUtil.encryptAndBase64Encode(toBytes(passwordValue));
}



private char[] decryptPassword(String passwordValue) throws UnsupportedEncodingException, CryptoException {

    CryptoUtil cryptoUtil = CryptoUtil.getDefaultCryptoUtil();
    byte[] decryptedPasswordBytes = cryptoUtil.base64DecodeAndDecrypt(passwordValue);
    return (new String(decryptedPasswordBytes, WFImplConstant.DEFAULT_CHARSET)).toCharArray();

}

/**
 * Convert a char array into a byte array
 *
 * @param chars
 * @return
 */
private byte[] toBytes(char[] chars) {
    CharBuffer charBuffer = CharBuffer.wrap(chars);
    ByteBuffer byteBuffer = Charset.forName(WFImplConstant.DEFAULT_CHARSET).encode(charBuffer);
    byte[] bytes = Arrays.copyOfRange(byteBuffer.array(),
            byteBuffer.position(), byteBuffer.limit());
    Arrays.fill(charBuffer.array(), '\u0000');
    Arrays.fill(byteBuffer.array(), (byte) 0);
    return bytes;
}

答案 1 :(得分:1)

通常,当服务器已经保存了使用默认密钥库中的公钥加密的某些数据(例如密码)时,可能会发生此类错误。因此,当您更改密钥库时,它无法再解密这些数据。理想情况下,您应该将密钥库更改为生产部署中的第一件事。

在您的情况下,您可以尝试相应更改<Credential>下的<ServerProfile>(目前可能设置securePassword="false")。

阅读thisthis了解详情。

相关问题
最新问题