在Spring Boot应用程序上不会覆盖特定属性

时间:2018-09-26 13:03:52

标签: java spring spring-boot

当我执行Spring Boot应用程序时,当我想设置某些特定属性(例如 server.ssl.key-store-password )时,我会覆盖生命周期中称为 postConstruct 的方法。 >和 server.ssl.trust-store-password 这是我的代码:

@PostConstruct
    private void postConstruct() {
        try {
            Map<String, String> encryptedPass = new HashMap<String,String>();

                System.getProperties().setProperty("server.ssl.key-store-password","decryptedpass1");
                System.getProperties().setProperty("server.ssl.trust-store-password","decryptedpass2");
                logger.info("########decryptedpass1 "+System.getProperty("server.ssl.key-store-password")); //return decryptedpass1
                logger.info("########decryptedpass2 "+System.getProperty("server.ssl.trust-store-password"));//return decryptedpass2
            } catch (Exception e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }

            }

控制台上的打印效果很好,但是我遇到了一个异常java.security.UnrecoverableKeyException: Password verification failed! 所以我该如何覆盖真实的(application.propoerties)

日志错误:

at org.springframework.boot.SpringApplication.run(SpringApplication.java:303) [spring-boot-1.5.10.RELEASE.jar!/:1.5.10.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1118) [spring-boot-1.5.10.RELEASE.jar!/:1.5.10.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1107) [spring-boot-1.5.10.RELEASE.jar!/:1.5.10.RELEASE]
at com.socgen.bapi.party.PartyApplication.main(PartyApplication.java:23) [classes!/:0.0.2-SNAPSHOT]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_144]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_144]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_144]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_144]
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48) [bapi-party-0.0.2-SNAPSHOT.jar:0.0.2-SNAPSHOT]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) [bapi-party-0.0.2-SNAPSHOT.jar:0.0.2-SNAPSHOT]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:50) [bapi-party-0.0.2-SNAPSHOT.jar:0.0.2-SNAPSHOT]
at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51) [bapi-party-0.0.2-SNAPSHOT.jar:0.0.2-SNAPSHOT]
Caused by: org.apache.catalina.LifecycleException: Protocol handler start failed
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1021) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
... 21 common frames omitted
Caused by: java.lang.IllegalArgumentException: java.io.IOException: Keystore was tampered with, or password was incorrect
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:116) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:87) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]

at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:225) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1150) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:591) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1018) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
... 22 common frames omitted
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780) ~[na:1.8.0_144]
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) ~[na:1.8.0_144]
at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) ~[na:1.8.0_144]
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) ~[na:1.8.0_144]
at java.security.KeyStore.load(KeyStore.java:1445) ~[na:1.8.0_144]
at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:139) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
at org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:204) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:184) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
... 27 common frames omitted
Caused by: java.security.UnrecoverableKeyException: Password verification failed
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778) ~[na:1.8.0_144]
... 35 common frames omitted
2018-09-26 15:08:21.673  INFO 23610 --- [           main] o.apache.catalina.core.StandardService   : Stopping service [Tomcat]
2018-09-26 15:08:21.696  INFO 23610 --- [           main] utoConfigurationReportLoggingInitializer :
Error starting ApplicationContext. To display the auto-configuration report re-run your application with 'debug' enabled.
2018-09-26 15:08:21.698 ERROR 23610 --- [           main] o.s.b.d.LoggingFailureAnalysisReporter   :

1 个答案:

答案 0 :(得分:1)

您必须使用相同的算法来加密/解密密码,为此,该算法可能对您有用:

//encrypt password
 String ALGORITHM = "PBKDF2WithHmacSHA256";
 String KEYPATH = "/home/apiuser/toto";
 String SECRET = "SECRET";
 int ITERATIONCOUNT = 65536;
 int KEYSIZE = 256;
 String password = "pass";
   SecretKeyFactory factory = SecretKeyFactory.getInstance(ALGORITHM);

    PBEKeySpec spec = new PBEKeySpec(SECRET.toCharArray(), salt.getBytes(), ITERATIONCOUNT, KEYSIZE);
    SecretKey secretKey = factory.generateSecret(spec);
    SecretKeySpec secret = new SecretKeySpec(secretKey.getEncoded(), "AES");
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
    cipher.init(Cipher.ENCRYPT_MODE, secret);
    byte[] ivBytes = cipher.getParameters().getParameterSpec(IvParameterSpec.class).getIV();
    Map<String,String> encryptedPasswords = new HashMap<String,String>();
    byte[] encryptedTextBytes = cipher.doFinal(password.getBytes("UTF-8"));
        byte[] finalByteArray = new byte[ivBytes.length + encryptedTextBytes.length];
        System.arraycopy(ivBytes, 0, finalByteArray, 0, ivBytes.length);
        System.arraycopy(encryptedTextBytes, 0, finalByteArray, ivBytes.length, encryptedTextBytes.length);
        String encryptedpass= DatatypeConverter.printBase64Binary(finalByteArray);

public static String generateSalt() {

        return KeyGenerators.string().generateKey();
    }

   //decrypt password
   String ALGORITHM = "PBKDF2WithHmacSHA256";
    String SECRET = "SECRET";
    String key = "salt_key";
    String encryptedPasswords = "encodedpass";
                    encryptedPassword = encryptedPasswords.get(key);
                if (encryptedPassword.length() <= IV_LENGTH) {
                    throw new Exception("The input string is not long enough to contain the initialisation bytes and data.");
                }
                byte[] byteArray = DatatypeConverter.parseBase64Binary(encryptedPassword);
                byte[] ivBytes = new byte[IV_LENGTH];
                System.arraycopy(byteArray, 0, ivBytes, 0, 16);
                byte[] encryptedTextBytes = new byte[byteArray.length - ivBytes.length];
                System.arraycopy(byteArray, IV_LENGTH, encryptedTextBytes, 0, encryptedTextBytes.length);
                SecretKeyFactory factory = SecretKeyFactory.getInstance(ALGORITHM);
                PBEKeySpec spec = new PBEKeySpec(SECRET.toCharArray(), key.getBytes(), 65536, 256);
                SecretKey secretKey = factory.generateSecret(spec);
                SecretKeySpec secret = new SecretKeySpec(secretKey.getEncoded(), "AES");
                Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
                cipher.init(Cipher.DECRYPT_MODE, secret, new IvParameterSpec(ivBytes));
                byte[] decryptedTextBytes = cipher.doFinal(encryptedTextBytes);