It is soloved by implement the PropertySource, thank you very much for all your help.
At 2023-10-28 01:06:03, "Mcalexander, Jon J." <jonmcalexan...@wellsfargo.com.INVALID> wrote: >You could look at how TC Server does this. Their tcserver.jar has an >encoder/decoder in it and the class is loaded as a digester in the >Catalina.properties. It relies on having a prefix on the encoded value that >would subsequently be decoded and the property value replaced with the decoded >value. The passwords have to be encoded prior to adding them to your >configuration files. It's fairly easy to do. > >You might be able to come up with something similar on your own. > >Thanks, > >Dream * Excel * Explore * Inspire >Jon McAlexander >Senior Infrastructure Engineer >Asst. Vice President >He/His > >Middleware Product Engineering >Enterprise CIO | EAS | Middleware | Infrastructure Solutions > >8080 Cobblestone Rd | Urbandale, IA 50322 >MAC: F4469-010 >Tel 515-988-2508 | Cell 515-988-2508 > >jonmcalexan...@wellsfargo.com >This message may contain confidential and/or privileged information. If you >are not the addressee or authorized to receive this for the addressee, you >must not use, copy, disclose, or take any action based on this message or any >information herein. If you have received this message in error, please advise >the sender immediately by reply e-mail and delete this message. Thank you for >your cooperation. > >> -----Original Message----- >> From: Mark Thomas <ma...@apache.org> >> Sent: Friday, October 27, 2023 3:45 AM >> To: users@tomcat.apache.org >> Subject: Re: How to custom java program to decrypt keystore password in >> Tomcat 10.1.15 >> >> On 26/10/2023 11:05, yanyizhong wrote: >> > >> > >> > Hi Tomcat team, >> > Version: Tomcat 10.1.15 >> > >> > >> > I am trying to upgrade Tomcat from version 9.0.56 into 10.1.15, and found >> that there is no setKeystorePass(String) method in tomcat 10.1.15. >> > >> > >> > As we want to use the custom keystore encryption password in server.xml >> like this: >> > >> > >> > <Connector prt="8080" protocol="test.CustomHttp11Nio2Protocol" >> chiphhers="TLS_ECDHE_RSA_WITH_AES_123_GCM_SHA256" >> > keystoreFile="E:\tes.jks" >> > keystorePass="xsdfdfdsfdfxdf(encryption password)" >> > keystoreType"JKS" /> >> >> And this "encrypted" password is "decrypted" how? >> https://urldefense.com/v3/__https://cwiki.apache.org/confluence/display/ >> TOMCAT/Password__;!!F9svGWnIaVPGSwU!sJRkxJv4qdFjO7jusA2u0eRFDEx >> Wji3SkfxRWuu9WY0xWKUWAu8p7qwvQkIU9PHtKGKlG4BOPViaYubUO15UL >> g$ >> (Hint: this is a waste of time from a security perspective.) >> >> If you can find a way to make this work then you are welcome to use it but I >> am sure as I can be that if source code changes are required in Tomcat to >> make this work they won't be happening. >> >> I suspect the way to do this (if you really must) would be via a custom >> PropertySource. If you look at the existing implementations then you should >> have enough hints to put together an implementation that looks for "enc:...." >> and "decrypts" what it finds. >> >> Note that org.apache.tomcat.util.digester.PROPERTY_SOURCE multiple >> values, separated by commas. >> >> Mark >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >For additional commands, e-mail: users-h...@tomcat.apache.org >
