WSO2 Identity Server 5.3.0 CipherTool错误
[英]WSO2 Identity Server 5.3.0 CipherTool Bug
问题描述
Identity server 5.3.0. 
身份服务器5.3.0。 Recently patched. 最近打补丁。 I've replaced the default keystore and keys with my own. 我已经用我自己的替换了默认的密钥库和密钥。 Utilizing the ciphertool to remove plain text passwords from various config files. 利用ciphertool从各种配置文件中删除纯文本密码。 I've successfully replaced the database password inside of repository/conf/datasources files using the ciphertool. 我已经使用ciphertool成功替换了repository / conf / datasources文件中的数据库密码。 Restarted the IS successfully. 成功重启IS。 Was moving on to the keystore values inside of the carbon.xml file and I keep getting the following error: 移到carbon.xml文件内部的密钥库值中,我不断收到以下错误:
TID: [-1234] [] [2017-10-16 21:39:44,322] ERROR {org.wso2.carbon.core.deployment.DeploymentInterceptor} - Error while pdating wso2carbon-sts in STSDeploymentInterceptor
java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
at java.security.KeyStore.load(KeyStore.java:1445)
... ...
Caused by: java.security.UnrecoverableKeyException: Password verification failed
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778)
... 53 more
I've confirmed the password is correct. 我已确认密码正确。 I even re-replaced the ciphertool reference inside of carbon.xml with the clear text value and restart successfully, again. 我什至用明文值替换了carbon.xml内部的ciphertool引用,并再次成功重启。 My only guess at this point is that ciphertool is not handling special characters correctly. 我目前唯一的猜测是ciphertool无法正确处理特殊字符。 My pass has an ampersand (@). 我的通行证有&符号(@)。 Any help would be appreciated. 任何帮助,将不胜感激。
Update: Went through the effort of recreating a brand new key store and key with a simple password... no special characters. 更新:通过重新创建全新的密钥存储区和带有简单密码的密钥(没有特殊字符)进行了努力。 Same results. 结果相同。 After running ciphertool.bat -Dconfigure my carbon.xml entries looks good (see below). 运行ciphertool.bat -Dconfigure之后,我的carbon.xml条目看起来不错(请参见下文)。 Which indicates the Xpath in cipher-tool.properties is correct. 这表明cipher-tool.properties中的Xpath是正确的。 And I've triple checked the password in cipher-text.properties. 我已经三重检查了cipher-text.properties中的密码。
<KeyStore>
<!-- Keystore file location-->
<Location>${carbon.home}/repository/resources/security/KeyStore.jks</Location>
<!-- Keystore type (JKS/PKCS12 etc.)-->
<Type>JKS</Type>
<!-- Keystore password-->
<Password svns:secretAlias="Conf.Carbon.KeyStore.Password">password</Password>
<!-- Private Key alias-->
<KeyAlias>QaCert</KeyAlias>
<!-- Private Key password-->
<KeyPassword svns:secretAlias="Conf.Carbon.KeyPassword">password</KeyPassword>
</KeyStore>
1 个解决方案
解决方案1
0 2017-10-26 15:52:13
John, I would submit this bug to WSO2's GitHub or JIRA instance : 约翰,我将此错误提交到WSO2的GitHub或JIRA实例 :
On a side note, I noticed WSO2's use of encrypted passwords has an issue with special characters. 附带一提,我注意到WSO2使用加密密码存在特殊字符问题。 This could be a general problem if WSO2 IS is using CipherTool to automatically encrypt passwords in the WebUI. 如果WSO2 IS使用CipherTool自动加密WebUI中的密码,则这可能是一个普遍的问题。 See my comment at the bottom of this post: 请参阅这篇文章底部的评论:
Connection issues after turning off embedded LDAP 关闭嵌入式LDAP后的连接问题
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.