Quarkus SSL配置的KeyCloak 18无法将PKCS12用作密钥库(*。p12)
使用JBOSS发行版,我能够在下面的standalone.xml中为ssl配置keystore,并且
<tls>
<key-stores>
<key-store name="applicationKS">
<credential-reference clear-text="Xxxxxx!"/>
<implementation type="PKCS12"/>
<file path="my-keystore.p12" relative-to="jboss.server.config.dir"/>
</key-store>
</key-stores>
<key-managers>
<key-manager name="applicationKM" key-store="applicationKS" alias-filter="my-keystore">
<credential-reference clear-text="Xxxxxx!"/>
</key-manager>
</key-managers>
<server-ssl-contexts>
<server-ssl-context name="applicationSSC" key-manager="applicationKM" />
</server-ssl-contexts>
</tls>
在按下文档按照文档使用quarkus发行时工作正常,
bin/kc.bat start --https-port=8180 --http-host=xxx.xxx.xx.xx --hostname=mymachine --https-key-store-file=my-keystore.p12 --https-key-store-password=Xxxxxx! --https-key-store-type=PKCS12 --https-protocols=TLSv1.3
我会遇到错误,因为
2022-06-13 16:52:58,717 ERROR [io.netty.util.concurrent.DefaultPromise.rejectedExecution] (vert.x-eventloop-thread-16) Failed to submit a listener notification task. Event loop shut down?: java.util.concurrent.RejectedExecutionException: event executor terminated
at io.netty.util.concurrent.SingleThreadEventExecutor.reject(SingleThreadEventExecutor.java:923)
at io.netty.util.concurrent.SingleThreadEventExecutor.offerTask(SingleThreadEventExecutor.java:350)
at io.netty.util.concurrent.SingleThreadEventExecutor.addTask(SingleThreadEventExecutor.java:343)
at io.netty.util.concurrent.SingleThreadEventExecutor.execute(SingleThreadEventExecutor.java:825)
at io.netty.util.concurrent.SingleThreadEventExecutor.execute(SingleThreadEventExecutor.java:815)
at io.netty.util.concurrent.DefaultPromise.safeExecute(DefaultPromise.java:841)
at io.netty.util.concurrent.DefaultPromise.notifyListenerWithStackOverFlowProtection(DefaultPromise.java:529)
at io.netty.util.concurrent.DefaultPromise.notifyListener(DefaultPromise.java:477)
at io.netty.util.concurrent.CompleteFuture.addListener(CompleteFuture.java:48)
at io.vertx.core.net.impl.TCPServerBase.bind(TCPServerBase.java:103)
at io.vertx.core.http.impl.HttpServerImpl.listen(HttpServerImpl.java:217)
at io.vertx.core.http.impl.HttpServerImpl.listen(HttpServerImpl.java:149)
at io.vertx.core.http.impl.HttpServerImpl.listen(HttpServerImpl.java:154)
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$WebDeploymentVerticle.setupTcpHttpServer(VertxHttpRecorder.java:1075)
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$WebDeploymentVerticle.start(VertxHttpRecorder.java:1029)
at io.vertx.core.impl.DeploymentManager.lambda$doDeploy$5(DeploymentManager.java:196)
at io.vertx.core.impl.AbstractContext.dispatch(AbstractContext.java:100)
at io.vertx.core.impl.AbstractContext.dispatch(AbstractContext.java:63)
at io.vertx.core.impl.EventLoopContext.lambda$runOnContext$0(EventLoopContext.java:38)
at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:164)
at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:469)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:503)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:986)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:834)
2022-06-13 16:52:58,720 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Failed to start server in (production) mode
2022-06-13 16:52:58,720 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Unable to start HTTP server
2022-06-13 16:52:58,721 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: io.vertx.core.VertxException: java.io.IOException: keystore password was incorrect
2022-06-13 16:52:58,721 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: java.io.IOException: keystore password was incorrect
2022-06-13 16:52:58,721 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: keystore password was incorrect
2022-06-13 16:52:58,722 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
我看不到一个参数可以通过我的密钥的别名名称(能够在standalone.xml中给出slias-filter)。因此,有人请建议我在这种配置中做错了什么。
With jboss distribution I was able to configure keystore for SSL in standalone.xml as below and it is working fine
<tls>
<key-stores>
<key-store name="applicationKS">
<credential-reference clear-text="Xxxxxx!"/>
<implementation type="PKCS12"/>
<file path="my-keystore.p12" relative-to="jboss.server.config.dir"/>
</key-store>
</key-stores>
<key-managers>
<key-manager name="applicationKM" key-store="applicationKS" alias-filter="my-keystore">
<credential-reference clear-text="Xxxxxx!"/>
</key-manager>
</key-managers>
<server-ssl-contexts>
<server-ssl-context name="applicationSSC" key-manager="applicationKM" />
</server-ssl-contexts>
</tls>
But when using Quarkus distribution as per the documentation as below,
bin/kc.bat start --https-port=8180 --http-host=xxx.xxx.xx.xx --hostname=mymachine --https-key-store-file=my-keystore.p12 --https-key-store-password=Xxxxxx! --https-key-store-type=PKCS12 --https-protocols=TLSv1.3
I am getting the error as
2022-06-13 16:52:58,717 ERROR [io.netty.util.concurrent.DefaultPromise.rejectedExecution] (vert.x-eventloop-thread-16) Failed to submit a listener notification task. Event loop shut down?: java.util.concurrent.RejectedExecutionException: event executor terminated
at io.netty.util.concurrent.SingleThreadEventExecutor.reject(SingleThreadEventExecutor.java:923)
at io.netty.util.concurrent.SingleThreadEventExecutor.offerTask(SingleThreadEventExecutor.java:350)
at io.netty.util.concurrent.SingleThreadEventExecutor.addTask(SingleThreadEventExecutor.java:343)
at io.netty.util.concurrent.SingleThreadEventExecutor.execute(SingleThreadEventExecutor.java:825)
at io.netty.util.concurrent.SingleThreadEventExecutor.execute(SingleThreadEventExecutor.java:815)
at io.netty.util.concurrent.DefaultPromise.safeExecute(DefaultPromise.java:841)
at io.netty.util.concurrent.DefaultPromise.notifyListenerWithStackOverFlowProtection(DefaultPromise.java:529)
at io.netty.util.concurrent.DefaultPromise.notifyListener(DefaultPromise.java:477)
at io.netty.util.concurrent.CompleteFuture.addListener(CompleteFuture.java:48)
at io.vertx.core.net.impl.TCPServerBase.bind(TCPServerBase.java:103)
at io.vertx.core.http.impl.HttpServerImpl.listen(HttpServerImpl.java:217)
at io.vertx.core.http.impl.HttpServerImpl.listen(HttpServerImpl.java:149)
at io.vertx.core.http.impl.HttpServerImpl.listen(HttpServerImpl.java:154)
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$WebDeploymentVerticle.setupTcpHttpServer(VertxHttpRecorder.java:1075)
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$WebDeploymentVerticle.start(VertxHttpRecorder.java:1029)
at io.vertx.core.impl.DeploymentManager.lambda$doDeploy$5(DeploymentManager.java:196)
at io.vertx.core.impl.AbstractContext.dispatch(AbstractContext.java:100)
at io.vertx.core.impl.AbstractContext.dispatch(AbstractContext.java:63)
at io.vertx.core.impl.EventLoopContext.lambda$runOnContext$0(EventLoopContext.java:38)
at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:164)
at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:469)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:503)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:986)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:834)
2022-06-13 16:52:58,720 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Failed to start server in (production) mode
2022-06-13 16:52:58,720 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Unable to start HTTP server
2022-06-13 16:52:58,721 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: io.vertx.core.VertxException: java.io.IOException: keystore password was incorrect
2022-06-13 16:52:58,721 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: java.io.IOException: keystore password was incorrect
2022-06-13 16:52:58,721 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: keystore password was incorrect
2022-06-13 16:52:58,722 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
I couldn't see an argument to pass the alias name for my key(was able to given in standalone.xml as alias-filter). So someone please suggest where I am doing wrong in this configuration.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
问题是在密码中使用感叹号(!),需要在命令中逃脱,例如 ^^!
Issue was with exclamation mark(!) in password which needs to be escaped in command like ^^!