Documentation can be found at https://docs.wso2.com/display/Carbon440/Enabling+Cipher+Tool+for+Password+Encryption
wso2 / cipher-tool Goto Github PK
View Code? Open in Web Editor NEWLicense: Apache License 2.0
cipher-tool's Introduction
cipher-tool's People
Contributors
Stargazers
Watchers
Forkers
pubudu08 nirmal070125 niranjan-k manoj-kristhombu jsdjayanga txedo digiwes sumedhassk zamria billhu422 lakshangamage chamarasilva sinthuja bsenduran manuri milanperera emswbandara mathieubouchard krishanx92 aglaianwoman niveathika test-coverage-enforce-bot nilasini dushaniw malinthaprasan gdrdabarera nirothipan malakaganga rushmin dmxunlimit shyabithd winmah grainier isharailanga shakila rksk rmsamitha tharindu1st iloshinik chcsdickerson madushadhanushka somindatommy madurangasiriwardena rameshakaru codeturbine senthalan vathsan milindaperera nipunich sajithaliyanage crowleyrajapakse piraveena sajiniekavindya sachithkay sdkottegoda arunans23 shagihan dilini-muthumala sumedhe hisanhunais senthuran16 sanjulamadurapperuma maliesha janithcmw hwupathum salimshivani dulithsenanayake shilmyhasan dilshanfa lashinijay kirishikesan yoshani prasa7 thisara-welmilla seralahthan chanikag asha15 piyumaldk dulanjalidilmi gdlmadushankacipher-tool's Issues
File path for deployement.toml file getting null in windows
Description:
Steps to re-produce
- Execute the ciphertool.bat -Dconfigure in the windows environment
- Deployment path for the deployment.toml file getting null from the following code segment.
public static String getDeploymentFilePath() {
String configFilePath = System.getProperty(Constants.DEPLOYMENT_CONFIG_FILE_PATH);
if (StringUtils.isEmpty(configFilePath)) {
configFilePath = Paths.get(System.getProperty(Constants.CARBON_CONFIG_DIR_PATH),
Constants.DEPLOYMENT_TOML_FILE).toString();
}
return configFilePath;
}
The system property is getting null and executing the default encryption flow.
getting a NULL pointer exception when encrypting passwords in deployement.toml file
Description:
Getting the following exception when running cipher tool for the first time with the -Dconfigure parameter
[wso2student@ip-172-31-39-130 bin]$ ./ciphertool.sh -Dconfigure
Encrypting using Internal KeyStore.
{type: JKS, alias: wso2carbon, path: /opt/wso2/Desktop/c3/wso2am-3.0.0/repository/resources/security/wso2carbon.jks}
[Please Enter Internal KeyStore Password of Carbon Server : ]
Internal KeyStore of Carbon Server is initialized Successfully
Encryption is done Successfully
Exception in thread "main" java.lang.NullPointerException
at java.lang.String.concat(String.java:2027)
at org.wso2.ciphertool.CipherTool.updateDeploymentConfigurationWithEncryptedKeys(CipherTool.java:381)
at org.wso2.ciphertool.CipherTool.main(CipherTool.java:75)
Suggested Labels:
cipher-tool,toml
Steps to reproduce:
- Run the ciphertool.sh file in the APIM-3.0.0 with the -Dconfigre command.
Xpath for the Datasource in the cipher-tool.properties file is incorrect
Description:
The Xpath available for the following property in the default cipher-tool.properties file is incorrect.
Datasources.WSO2_CARBON_DB.Configuration.Password=repository/conf/datasources/master-datasources.xml//datasources-configuration/datasources/datasource[name='WSO2_CARBON_DB']/definition[@type='RDBMS']/configuration/password,false
The correct Xpath should be corrected as follows.
repository/conf/datasources/master-datasources.xml//datasources/datasource[name='WSO2_CARBON_DB']/definition[@type='RDBMS']/configuration/password,false
Affected Product Version:
Multiple product versions including IS-5.7.0, APIM-2.5.0
Steps to reproduce:
Impacts the encryption process.
Cannot run the cipher tool from the /bin directory
The below exception is thrown when executing the cipher tool from the bin directory.
IOT_HOME/bin$ ./ciphertool.sh -Dconfigure
Exception in thread "main" org.wso2.ciphertool.exception.CipherToolException: File, cipher-standalone-config.properties does not exist.
at org.wso2.ciphertool.utils.Utils.setSystemProperties(Utils.java:247)
at org.wso2.ciphertool.CipherTool.initialize(CipherTool.java:93)
at org.wso2.ciphertool.CipherTool.main(CipherTool.java:52)
Use Paths instead of file.separate
Description:
Change the location where file path is constructed using file.separator with Paths.get()
example : ad13cf4
Suggested Labels:
Type/Improvement
Remove CARBON_HOME from secure file location property
The secure file location property of the "secret-conf.properties" contains the CARBON_HOME which is unnecessary since secure vault code appends the CARBON_HOME from the code itself.
Cipher Tool throws java.nio.file.InvalidPathException: Illegal char <:> in Windows
Description:
Cipher Tool v1.0.0-wso2v3 throws java.nio.file.InvalidPathException: Illegal char <:> in Windows environment.
Affected Product Version:
APIM-Analytics-2.1.0
OS, DB, other environment details and versions:
Steps to reproduce:
Unzip the any of product mentioned above in a windows environment.
Goto <carbon_home>/bin direcotry.
run the command "ciphertool.bat -Dconfigure"
Custom key store not detected in a plain, unused product pack
Description:
When using custom key stores (not with the default wso2carbon.jks file name) for the secret encryption process (using -Dconfigure option), the Cipher tool overrides the key store configurations set in the <PRODUCT_HOME>/repository/conf/security/secret-conf.properties file using the configurations set in the <PRODUCT_HOME>/repository/conf/carbon.xml at the given time.
Thus, any custom key store location path set in the <PRODUCT_HOME>/repository/conf/security/secret-conf.properties in a fresh pack which has not been used before fails, as the initial application of customized key store configurations set in the <PRODUCT_HOME>/repository/conf/deployment.toml to the <PRODUCT_HOME>/repository/conf/carbon.xml happens during the initial execution of the server startup script for the product.
Current workaround:
- Set the custom key store configurations in the product's main configuration file
<PRODUCT_HOME>/repository/conf/deployment.toml - Add the custom key stores to the
<PRODUCT_HOME>/repository/resources/securitydirectory - Execute the product server startup script
- Set the secrets in the
<PRODUCT_HOME>/repository/conf/deployment.tomlfile - Encrypt the secrets using the Cipher tool
Used Product and Version:
WSO2 Identity Server version 5.11.0 Release Candidate 1
Cannot run ciphertool.sh -Dconfigure from WSO2_EI/bin directory
Getting below exception while running ciphertool.sh with -Dconfigure option from the WSO2 EI bin directory.
chamara@Chamaras-MBP:~/wso2/products/ei/wso2ei-6.1.1/bin$ sh ciphertool.sh -Dconfigure Exception in thread "main" org.wso2.ciphertool.exception.CipherToolException: File, cipher-standalone-config.properties does not exist. at org.wso2.ciphertool.utils.Utils.setSystemProperties(Utils.java:247) at org.wso2.ciphertool.CipherTool.initialize(CipherTool.java:93) at org.wso2.ciphertool.CipherTool.main(CipherTool.java:52)
According to my analysis "setSystemProperties" method having "homeFolder = currentPath.toAbsolutePath().toString();" instead of "System.getProperty(Constants.CARBON_HOME);" and same issue there on "getKeyStore" in "KeyStoreUtil" class.
In addition to that files are searched through the "<EI_HOME>/repository/conf/security" file path instead of <EI_HOME>/conf/security directory.
Cipher-Tool : Provide support for cipher algorithms
Reading a keys-store file outside <WSO2_HOME>
Description:
Currently the Cipher-tool reads key-stores inside the <WSO2_HOME>. Tool should be modified to read a keystore outside the product-home.
Suggested Assignees:
@isharailanga
Encrypting passwords in non-xml files with -Dconfigure option
Description:
The improvement required is to make Cipher Tool capable of generating the encrypted string for all the secret aliases in cipher-text.properties file without checking the secret alias in cipher-tool.properties file.
Encryption is done by ./bin/ciphertool.sh -Dconfigure command. But as above mentioned, it will throw an error when, running this command, when there is an alias and relevant password mentioned in cipher-text.properties file in below format, but no relevant entry within cipher-tool.properties file with a path.
mycustom.secret.alias=[SamplePassword]
The error thrown is,
Exception in thread "main" org.wso2.ciphertool.exception.CipherToolException: XPath value for secret alias 'Samitha.Secret.Alias.Testing' cannot be found.
at org.wso2.ciphertool.CipherTool.loadXpathValuesAndPasswordDetails(CipherTool.java:174)
at org.wso2.ciphertool.CipherTool.main(CipherTool.java:56)
This is an improvement that will be useful to encrypt passwords which are not in xml files.
Affected Product Version:
APIM 2.6.0 (and all products shipped with Cipher Tool version 1.0.0-wso2v8 or less.)
Cipher tool properties for PassThroughHttpSSLListener/PassThroughHttpSSLSender to be there in default product pack.
In APIM 2.0.0 and ESB 5.0.0 doest have below properties by default. Since this is a most common property uses for the secure vault, It is good to be there in default pack.
## cipher-tool.properties
Axis2.Https.Listener.TrustStore.Password=repository/conf/axis2/axis2.xml//axisconfig/transportReceiver[@name='https']/parameter[@name='truststore']/TrustStore/Password,false`
Axis2.Https.Listener.KeyStore.Password=repository/conf/axis2/axis2.xml//axisconfig/transportReceiver[@name='https']/parameter[@name='keystore']/KeyStore/Password,false
Axis2.Https.Listener.KeyStore.KeyPassword=repository/conf/axis2/axis2.xml//axisconfig/transportReceiver[@name='https']/parameter[@name='keystore']/KeyStore/KeyPassword,false
Axis2.Https.Sender.TrustStore.Password=repository/conf/axis2/axis2.xml//axisconfig/transportSender[@name='https']/parameter[@name='truststore']/TrustStore/Password,false
Axis2.Https.Sender.KeyStore.Password=repository/conf/axis2/axis2.xml//axisconfig/transportSender[@name='https']/parameter[@name='keystore']/KeyStore/Password,false
Axis2.Https.Sender.KeyStore.KeyPassword=repository/conf/axis2/axis2.xml//axisconfig/transportSender[@name='https']/parameter[@name='keystore']/KeyStore/KeyPassword,false
Above properties already in the APIM 2.0.0. But related cipher test properties (below) not found in default pack.
## cipher-text.properties
Axis2.Https.Listener.TrustStore.Password=[wso2carbon]
Axis2.Https.Listener.KeyStore.Password=[wso2carbon]
Axis2.Https.Listener.KeyStore.KeyPassword=[wso2carbon]
Axis2.Https.Sender.TrustStore.Password=[wso2carbon]
Axis2.Https.Sender.KeyStore.Password=[wso2carbon]
Axis2.Https.Sender.KeyStore.KeyPassword=[wso2carbon]
Thanks,
Chamara Silva
Cipher Tool throws java.nio.file.InvalidPathException: Illegal char <:> in Windows
Description:
Cipher Tool v1.0.0-wso2v8 throws java.nio.file.InvalidPathException: Illegal char <:> in Windows environment.
Affected Product Version:
EI 640
ISKM 570
IS 570
AM 260
OS, DB, other environment details and versions:
Windows
Steps to reproduce:
Unzip the any of product mentioned above in a windows environment.
Goto <carbon_home>/bin direcotry.
run the command "ciphertool.bat -Dconfigure"
Exception
Using JAVA_HOME: C:\Program Files\Java\jre1.8.0_181
Exception in thread "main" java.nio.file.InvalidPathException: Illegal char <:> at index 25: C:\wso2\wso2ob-ei-6.4.0\C:\wso2\wso2ob-ei-6.4.0\/repository
/resources/security/wso2carbon.jks
at sun.nio.fs.WindowsPathParser.normalize(Unknown Source)
at sun.nio.fs.WindowsPathParser.parse(Unknown Source)
at sun.nio.fs.WindowsPathParser.parse(Unknown Source)
at sun.nio.fs.WindowsPath.parse(Unknown Source)
at sun.nio.fs.WindowsFileSystem.getPath(Unknown Source)
at java.nio.file.Paths.get(Unknown Source)
at org.wso2.ciphertool.utils.Utils.getConfigFilePath(Utils.java:98)
at org.wso2.ciphertool.utils.Utils.setSystemProperties(Utils.java:289)
at org.wso2.ciphertool.CipherTool.initialize(CipherTool.java:93)
at org.wso2.ciphertool.CipherTool.main(CipherTool.java:52)
Related Issues:
CARBON_HOME is not cleared after ciphertool batch file execution in windows
Because of this if we run cipher tool for server A and then run cipher tool for server B in the same environment(same command prompt), CARBON_HOME of server A will be used for server B as well. So passwords will not be encrypted for server B.
If the user has globally defined CARBON_HOME in Windows that is fine but persisting the environment variables set in the batch file is not correct.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.