On Wed, Mar 11, 2015 at 10:07 PM, Niranjan Karunanandham <[email protected]>
wrote:
> Hi Kishanthan,
>
> The value that was in the catalina-server.xml for keystorePass will not be
> removed after running the cipher tool. The cipher tool will encrypt the
> value in cipher-text.properties and insert svns:secretAlias="Server.
> Service.Connector.keystorePass">password</Connector> to
> catalina-server.xml.
>
But the above is wrong, because the value "password" should be replaced on
the xml attribute - keystorePass. This is a limitation with the current
cipher-tool. This has to be improved.
> When the server starts the value for keystorePass will be retrieved from
> the cipher-text.properties (encrypted value) and not which is there in the
> catalina-server.xml.
>
Yes, this is currently working but the only concern is what you have
mentioned below.
> If required, the value in the catalina-server.xml can be removed:
>
> <Connector SSLEnabled="true" URIEncoding="UTF-8" acceptCount="200"
> acceptorThreadCount="2" bindOnInit="false" clientAuth="false"
> compressableMimeType="text/html,text/javascript,application/x-javascript,
> application/javascript,application/xml,text/css,
> application/xslt+xml,text/xsl,image/gif,image/jpg,image/jpeg"
> compression="on" compressionMinSize="2048" connectionUploadTimeout="120000"
> disableUploadTimeout="false" enableLookups="false"
> keystoreFile="${carbon.home}/repository/resources/security/wso2carbon.jks"
> *keystorePass="**"* maxHttpHeaderSize="8192" maxKeepAliveRequests="200"
> maxThreads="250" minSpareThreads="50" noCompressionUserAgents="gozilla,
> traviata" port="9443" protocol="org.apache.coyote.http11.Http11NioProtocol"
> scheme="https" secure="true" server="WSO2 Carbon Server" sslProtocol="TLS"
> svns:secretAlias="Server.Service.Connector.keystorePass">password</
> Connector>
>
> Shall we mention this in the carbon 4.3.0 doc?
>
IMO, we need to fix this properly with the new cipher-tool version :
https://wso2.org/jira/browse/WSAS-1917
>
>
> Regards,
> Nira
>
>
> On Wed, Mar 11, 2015 at 1:53 AM, Kishanthan Thangarajah <
> [email protected]> wrote:
>
>> Hi Folks,
>>
>> There is an issue with current support for $subject. Once we configure
>> this file using cipher-tool, we can see that the secret alias is being
>> added to it. But the value of keystorePass still remains as "wso2carbon".
>> This should get changed to "password".
>>
>> <Connector SSLEnabled="true" URIEncoding="UTF-8" acceptCount="200"
>> acceptorThreadCount="2" bindOnInit="false" clientAuth="false"
>> compressableMimeType="text/html,text/javascript,application/x-javascript,application/javascript,application/xml,text/css,application/xslt+xml,text/xsl,image/gif,image/jpg,image/jpeg"
>> compression="on" compressionMinSize="2048" connectionUploadTimeout="120000"
>> disableUploadTimeout="false" enableLookups="false"
>> keystoreFile="${carbon.home}/repository/resources/security/wso2carbon.jks"
>> keystorePass="*wso2carbon*" maxHttpHeaderSize="8192"
>> maxKeepAliveRequests="200" maxThreads="250" minSpareThreads="50"
>> noCompressionUserAgents="gozilla, traviata" port="9443"
>> protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
>> secure="true" server="WSO2 Carbon Server" sslProtocol="TLS"
>> svns:secretAlias="Server.Service.Connector.keystorePass">password</Connector>
>>
>> The actual reason is that this is the only file (may be the first one),
>> where we need to encrypt a value of an xml attribute. Other config files,
>> we had to encrypt the value of the xml node element.
>>
>> @Niranjan, IIRC, you did some testing on this area right? Did we notice
>> the above?
>>
>> Thanks,
>> Kishanthan.
>> --
>> *Kishanthan Thangarajah*
>> Senior Software Engineer,
>> Platform Technologies Team,
>> WSO2, Inc.
>> lean.enterprise.middleware
>>
>> Mobile - +94773426635
>> Blog - *http://kishanthan.wordpress.com
>> <http://kishanthan.wordpress.com>*
>> Twitter - *http://twitter.com/kishanthan <http://twitter.com/kishanthan>*
>>
>
>
>
> --
>
> *Niranjan Karunanandham*
> Senior Software Engineer - WSO2 Inc.
> WSO2 Inc.: http://www.wso2.com
>
--
*Kishanthan Thangarajah*
Senior Software Engineer,
Platform Technologies Team,
WSO2, Inc.
lean.enterprise.middleware
Mobile - +94773426635
Blog - *http://kishanthan.wordpress.com <http://kishanthan.wordpress.com>*
Twitter - *http://twitter.com/kishanthan <http://twitter.com/kishanthan>*
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
