在server.xml中加密密钥库密码

时间:2019-01-22 13:04:15

标签: tomcat server.xml

尝试按照此链接中提到的步骤-Encrypt tomcat keystore password

来加密密钥库密码

我的server.xml看起来像这样

<Connector port="8443" protocol="<my custom class>"
           maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS" 
          keystoreFile="conf/.ssl/keystore.jks"        
           keystorePass="<encrypted_password>"/>

我还按照此处所述设置了密码解码器

public class Http11Nio2Protocol extends org.apache.coyote.http11.Http11Nio2Protocol {

@Override
public void setKeystorePass(String s) {
    try {
        super.setKeystorePass(new EncryptService().decrypt(s));
    } catch (final Exception e){
        super.setKeystorePass("");
    }
}

问题是tomcat不能以这些更改开始,并且出现以下错误

  

**org.apache.catalina.LifecycleException: Failed to initialize component [Connector[MyCustomClass-8443]]**
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
    at org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
    at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
    at org.apache.catalina.startup.Catalina.load(Catalina.java:606)
    at org.apache.catalina.startup.Catalina.start(Catalina.java:643)
    at com.adventnet.mfw.service.WebService.start(WebService.java:86)
    at com.adventnet.mfw.service.ServiceStarter.initServices(ServiceStarter.java:170)
    at com.zoho.mickey.startup.MEServer.startServer(MEServer.java:328)
    at com.adventnet.mfw.Starter.start(Starter.java:367)
    at com.adventnet.mfw.Starter.main(Starter.java:603)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:497)
    at org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:290)
    at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
    at org.apache.catalina.connector.Connector.initInternal(Connector.java:970)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
    ... 17 more
Caused by: java.lang.IllegalArgumentException: java.security.UnrecoverableKeyException: Cannot recover key
    at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:107)
    at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:85)
    at org.apache.tomcat.util.net.Nio2Endpoint.bind(Nio2Endpoint.java:163)
    at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:941)
    at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:237)
    at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:558)
    at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:65)
    at org.apache.catalina.connector.Connector.initInternal(Connector.java:968)
    ... 18 more
Caused by: java.security.UnrecoverableKeyException: Cannot recover key
    at sun.security.provider.KeyProtector.recover(KeyProtector.java:328)
    at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:146)
    at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:56)
    at sun.security.provider.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:96)
    at sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetKey(JavaKeyStore.java:70)
    at java.security.KeyStore.getKey(KeyStore.java:1023)
    at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:133)
    at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:70)
    at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256)
    at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:216)
    at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:105)
    ... 25 more

请帮助我进行此操作。

谢谢。

1 个答案:

答案 0 :(得分:1)

您必须将custom class作为jar放入 tomcat \ lib 文件夹中。还要检查密钥库在正确的位置-“ conf/.ssl/keystore.jks