Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
401 views
in Technique[技术] by (71.8m points)

apache kafka - Jasypt is not working with Spring Cloud Stream

I am trying to store encrypted passwords in yml files for ssl keystore & truststore using jasypt. Noticed a very strange behavior with Spring cloud stream. Encrypted passwords work fine for Kafka streams binding but failing for Apache Kafka binding. I checked with plain passwords and it is getting connected. Below is my config:

########## Kafka Streams binder configs ##########
spring.cloud.stream.kafka.streams:
  binder:
    brokers: <brokers>
    configuration:
      security.protocol: SSL
      ssl.endpoint.identification.algorithm:
      ssl.truststore.location: pathToFile/<filename>.jks
      ssl.truststore.password: ENC(lzqSndFB9fy2R+blpqOW2X8BNgZJZX/8)   // working
      ssl.truststore.type: jks
      ssl.keystore.location: pathToFile/<filename>.p12
      ssl.keystore.password: ENC(Sf2xm5Tks2Dok2oPg4mHYqvkkryglhCj)   // working
      ssl.keystore.type: pkcs12

########## Apache Kafka binder configs ##########
spring.cloud.stream.kafka:
  binder:
    brokers: <brokers>
    configuration:
      security.protocol: SSL
      ssl.endpoint.identification.algorithm:
      ssl.truststore.location: pathToFile/<filename>.jks
      ssl.truststore.password: ENC(lzqSndFB9fy2R+blpqOW2X8BNgZJZX/8) // failing, working with plain password
      ssl.truststore.type: jks
      ssl.keystore.location: pathToFile/<filename>.p12
      ssl.keystore.password: ENC(Sf2xm5Tks2Dok2oPg4mHYqvkkryglhCj)  // failing, working with plain password
      ssl.keystore.type: pkcs12

below is the error:

ERROR 16780 --- [           main] o.s.cloud.stream.binding.BindingService  : Failed to create producer binding; retrying in 30 seconds  
org.springframework.cloud.stream.binder.BinderException: Exception thrown while building outbound endpoint
Caused by: org.apache.kafka.common.KafkaException: org.apache.kafka.common.KafkaException: Failed to load SSL keystore <keystorefile>.p12 of type pkcs12
    at org.apache.kafka.common.security.ssl.SslEngineBuilder.createSSLContext(SslEngineBuilder.java:160) ~[kafka-clients-2.3.1.jar:na]
    at org.apache.kafka.common.security.ssl.SslEngineBuilder.<init>(SslEngineBuilder.java:102) ~[kafka-clients-2.3.1.jar:na]
    at org.apache.kafka.common.security.ssl.SslFactory.configure(SslFactory.java:93) ~[kafka-clients-2.3.1.jar:na]
    at org.apache.kafka.common.network.SslChannelBuilder.configure(SslChannelBuilder.java:71) ~[kafka-clients-2.3.1.jar:na]
    ... 33 common frames omitted
Caused by: org.apache.kafka.common.KafkaException: Failed to load SSL keystore <keystorefile>.p12 of type pkcs12
    at org.apache.kafka.common.security.ssl.SslEngineBuilder$SecurityStore.load(SslEngineBuilder.java:289) ~[kafka-clients-2.3.1.jar:na]
    at org.apache.kafka.common.security.ssl.SslEngineBuilder.createSSLContext(SslEngineBuilder.java:142) ~[kafka-clients-2.3.1.jar:na]
    ... 36 common frames omitted
Caused by: java.io.IOException: keystore password was incorrect
    at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2068) ~[na:1.8.0_271]
    at java.security.KeyStore.load(KeyStore.java:1445) ~[na:1.8.0_271]
    at org.apache.kafka.common.security.ssl.SslEngineBuilder$SecurityStore.load(SslEngineBuilder.java:286) ~[kafka-clients-2.3.1.jar:na]
    ... 37 common frames omitted
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
    ... 40 common frames omitted

Spring boot version 2.2.5.RELEASE, excerpt from pom.xml

<spring-cloud.version>Hoxton.SR5</spring-cloud.version>
<dependency>
    <groupId>org.springframework.cloud</groupId>
    <artifactId>spring-cloud-stream-binder-kafka-streams</artifactId>
</dependency>
<dependency>
    <groupId>com.github.ulisesbocchio</groupId>
    <artifactId>jasypt-spring-boot-starter</artifactId>
    <version>3.0.3</version>
</dependency>

Could someone help please?

question from:https://stackoverflow.com/questions/65829183/jasypt-is-not-working-with-spring-cloud-stream

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)
Waitting for answers

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

2.1m questions

2.1m answers

60 comments

57.0k users

...