Reputation: 374
How to debug jasypt
I currently have three java applications that I want to encrypt the DB passwords for. For my first app, the following syntax for jasypt works. I have an encrypted password and it can login to the db with no issues. However, my other two apps fail with an invalid/username password error. My main question: Is there a way to debug jasypt so I can see whether or not it tried to decrypt the password specified below? Im guessing the decrypt is failing and it is trying to log in using the encrypted password. If I change the persistence.xml back to the un-encrypted password it works just fine. Thanks for any thoughts anyone might have!
Here are my files:
jasypt password gen:
c:\jasypt-1.9.2\bin\encrypt input=mydbpassword password=password algorithm=PBEWithMD5AndTripleDES
----ENVIRONMENT----------------
Runtime: Oracle Corporation Java HotSpot(TM) 64-Bit Server VM 24.45-b08
-----ARGUMENTS-----------------
input: mydbpassword
password: password
algorithm: PBEWithMD5AndTripleDES
------OUTPUT-------------------
h+RqHWpovo5q390ID9+dTTs/9k0bmwlI
persistence.xml
<persistence-unit name="localDB" transaction-type="RESOURCE_LOCAL">
<provider>org.hibernate.ejb.HibernatePersistence</provider>
<properties>
<property name="connection.provider_class" value="org.jasypt.hibernate.connectionprovider.EncryptedPasswordDriverManagerConnectionProvider" />
<property name="connection.encryptor_registered_name" value="strongHibernateStringEncryptor" />
<property name="hibernate.dialect" value="org.hibernate.dialect.Oracle10gDialect" />
<property name="hibernate.connection.driver_class" value="oracle.jdbc.driver.OracleDriver" />
<!-- DEV -->
<property name="hibernate.connection.url" value="jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=foo.com)(PORT=1521))(CONNECT_DATA=(SERVER=DEDICATED)(SID=db2)))" />
<property name="hibernate.connection.username" value="db2" />
<property name="hibernate.connection.password" value="ENC(h+RqHWpovo5q390ID9+dTTs/9k0bmwlI)" />
spring bean:
<bean id="hibernateStringEncryptor" class="org.jasypt.hibernate3.encryptor.HibernatePBEStringEncryptor">
<property name="registeredName">
<value>strongHibernateStringEncryptor</value>
</property>
<property name="algorithm">
<value>PBEWithMD5AndTripleDES</value>
</property>
<property name="password>
<value>password</value>
</property>
</bean>
Error I received when I deploy the app:
2016-05-09 16:37:29,149 INFO [STDOUT] INFO [DriverManagerConnectionProvider] using driver: oracle.jdbc.driver.OracleDriver at URL: jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=foo.com)(PORT=1521))(CONNECT_DATA=(SERVER=DEDICATED)(SID=db2)))
2016-05-09 16:37:29,149 INFO [STDOUT] INFO [DriverManagerConnectionProvider] connection properties: {user=db2, password=****,autocommit=true,release_mode=auto}
2016-05-09 16:37:29,149 INFO [STDOUT] WARN [SettingsFactory] Could not obtain conection metadata java.sql.SQLException: ORA-01017: Invalid username/password; logon denied
Upvotes: 1
Views: 2488
Answers (2)
Reputation: 569
I'd recommend you do the following to encrypt the applications
Download jasypt-1.9.3.jar you can use Maven Jar collects
Access the jasypt-1.9.3.jar from maven .m folder and place it where you can run the below command.
java -cp jasypt-1.9.3.jar org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI input="XYZ" password=ABC algorithm=PBEWithMD5AndDES
NOTE:
- XYZ - Is your application password
- ABC - Is your jasypt encryptor password
Below will the result of the above command
Store the output as it will be used in our application.properties file.
In your pom.xml file add the below dependency
com.github.ulisesbocchiojasypt-spring-boot2.0.0
Add @EnableEncryptableProperties annotation to your SpringBoot startup class file as shown below.
@SpringBootApplication @EnableEncryptableProperties
public class App { public static void main(String[] args) { SpringApplication.run(IBpsAppApplication.class, args); }}
Finally in your application.properties add the following properties.
spring.datasource.password=ENC(/pmc1gJQHo3zEM2faLtMsw==)
jasypt.encryptor.password=ABC
Upvotes: 0
Reputation: 939
I suppose you've solved it by now. But you asked for "...any thoughts anyone might have!" In case someone else has the same problem, here are some tips.
Attach the jasypt source code and trace it when it throws an exception related to failed authentication. Look for the section where the password is decoded.
If the buffer is empty, you'll know that it can't find the password.Rather then revealing the encrypted Oracle password as clear text in persistence.xml, you could inject your decrypting password ("password1") into the runtime environment, which jasypt will use to decrypt the encrypted Oracle password ("password2") stored in a property file installed on the classpath:
password2=ENC(h+RqHWpovo5q390ID9+dTTs/9k0bmwlI)
Note that jasypt can clear the decrypted password from memory after decryption.
See:
org.jasypt.spring31.properties.EncryptablePropertyPlaceholderConfigurer
...which reads encrypted Oracle password2 from the property file, passes it to a jasypt decryptor bean which uses env var ${password1} to decode password2, placing the decrypted result into an env var ${password2}, which can then be referenced in persistence.xml:
<property name="hibernate.connection.password" value="${password2}" />
So, password2 begins encrypted in the property file, and ends decrypted in env var ${password2}.
You'll also need org.jasypt.encryption.pbe.StandardPBEStringEncryptor and org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig which declares the algorithm and the name of the environment variable containing the decrypting password ("password1").
The scheme is described in detail here: Encrypting Properties With Jasypt
Once you think you have all this working, you should find in the log:
EncryptablePropertyPlaceholderConfigurer -Loading properties file from class path resource [your.file.properties]
You can break it to prove the concept by adding a single character to password1. Restart the app, and in the log you should find:
EncryptablePropertyPlaceholderConfigurer -Loading properties file from class path resource [your.file.properties]
Then EncryptionOperationNotPossibleException.
Reset password1 to what it ought to be and restart. Decryption should work again.
Upvotes: 1
Related Questions
- How do I avoid checking for nulls in Java?
- How do I read / convert an InputStream into a String in Java?
- How can I fix 'android.os.NetworkOnMainThreadException'?
- How do I efficiently iterate over each entry in a Java Map?
- How can I create a memory leak in Java?
- How do I generate random integers within a specific range in Java?
- How do I convert a String to an int in Java?
- How do I call one constructor from another in Java?
- How do I determine whether an array contains a particular value in Java?
- How do I test a class that has private methods, fields or inner classes?