unable to decrypt from spring config server / cleint

偶尔善良 提交于 2019-12-11 02:12:11

问题


I am trying to encrypt and decrypt config properties using Spring config server and client. I have spring boot applications (server and client), using server I have encrypted password property and at client I am trying to decrypt it using same key but getting error. I am trying to enable the config server client to decrypt these properties initially encrypted by config server. Here are the steps I followed:

  1. Install Full-strength JCE and replace 2 policy files in JRE lib/security

  2. generate a key using keytool

    keytool -genkeypair -alias config-server-key -keyalg RSA \
    -keysize 4096 -sigalg SHA512withRSA -dname "CN=*.domain.com,OU=EUS,O=eusdom,L=City,S=WA,C=US" \
    -keypass keyPass -keystore config-server.jks -storepass keys3crt
    
  3. Added cloud security dependency to the pom file (added these in both config server and client pom )

    <dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    
    <dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-rsa</artifactId>
    <version>1.0.1.RELEASE</version>
    </dependency>
    
  4. Added the encryption related configurations (the same values used by config server and client) to the bootstrap.yml also tried with application.yml

    encrypt:
    key-store:
        location: file:///D:/encrypt-server/config-server.jks
        password: keyPass
        alias: config-server-key
        secret: keys3crt
    
  5. My config server bootstrap looks like this

    spring:
      application:
        name: config-service
      cloud:
        config:
            server:
                git:
                    uri: https://github.com/<>/spring-config-repo
                encrypt:
                    enabled: false
    server:
      port: 8888
    
  6. Encrypt the passWord property using config server

    curl -X POST --data-urlencode d3v3L \  http://localhost:8888/encrypt
    
  7. Try to decrypt the property using config server

    curl  http://localhost:8888/decrypt  -d <encryptedVale>
    

I am getting below error

    {"timestamp":1472667297292,"status":500,"error":"Internal Server Error","exception":"java.lang.IllegalStateException","message":"Cannot decrypt","path":"/decrypt"}
  1. I try to print the encrypted property using config client (note : I have added the depenencies and encrypt key details as per 3,4)

    @RefreshScope
    @Component
    @RestController
    public class Greeter {
    
    @Value("${cassandra.hostnames}")
    String hostnames;
    
    @Value("${cassandra.username}")
    String userName;
    
    @Value("${cassandra.password}")
    String passWord;
    
    @RequestMapping(value = "/", produces = "application/json")
    public List<String> index(){
        List<String> env = Arrays.asList(
            "userName is: " + userName,
            "passWord is: " + passWord,
    );
    return env;
    }
    

    }

  2. I am getting java.lang.IllegalStateException: Cannot decrypt: key=cassandra.password error

  3. Note: I tried to decrypt in config server with out

     encrypt:
      enabled: false
    

    Please let me know if i am missing anything here. Appreciate any help.

来源:https://stackoverflow.com/questions/39256589/unable-to-decrypt-from-spring-config-server-cleint

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!