[Bug 65767] New: Add support for password-based encryption scheme 2 params (PBES2)

Fri, 24 Dec 2021 19:05:55 -0800 

https://bz.apache.org/bugzilla/show_bug.cgi?id=65767

            Bug ID: 65767
           Summary: Add support for password-based encryption scheme 2
                    params (PBES2)
           Product: Tomcat 10
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Connectors
          Assignee: dev@tomcat.apache.org
          Reporter: 1016340...@qq.com
  Target Milestone: ------

Created attachment 38142
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=38142&action=edit
The RSA key and certificate

Failed to resolve private key PEM encrypted with AES-CBC, the exception message
as follows:

25-Dec-2021 10:57:48.133 SEVERE [main]
org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to
initialize component
[Connector[org.apache.coyote.http11.Http11NioProtocol-8443]]
        org.apache.catalina.LifecycleException: Protocol handler initialization
failed
                at
org.apache.catalina.connector.Connector.initInternal(Connector.java:1059)
                at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
                at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:556)
                at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
                at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1012)
                at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
                at org.apache.catalina.startup.Catalina.load(Catalina.java:747)
                at org.apache.catalina.startup.Catalina.load(Catalina.java:769)
                at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
                at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                at java.base/java.lang.reflect.Method.invoke(Method.java:566)
                at
org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305)
                at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
        Caused by: java.lang.IllegalArgumentException: 1.2.840.113549.1.5.13
SecretKeyFactory not available
                at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:98)
                at
org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:70)
                at
org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:204)
                at
org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1174)
                at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1187)
                at
org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:574)
                at
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:82)
                at
org.apache.catalina.connector.Connector.initInternal(Connector.java:1056)
                ... 13 more
        Caused by: java.security.NoSuchAlgorithmException:
1.2.840.113549.1.5.13 SecretKeyFactory not available
                at
java.base/javax.crypto.SecretKeyFactory.<init>(SecretKeyFactory.java:122)
                at
java.base/javax.crypto.SecretKeyFactory.getInstance(SecretKeyFactory.java:168)
                at
org.apache.tomcat.util.net.jsse.PEMFile$Part.toPrivateKey(PEMFile.java:184)
                at
org.apache.tomcat.util.net.jsse.PEMFile.<init>(PEMFile.java:126)
                at
org.apache.tomcat.util.net.jsse.PEMFile.<init>(PEMFile.java:90)
                at
org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:314)
                at
org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:245)
                at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:96)
                ... 20 more


server.xml

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true">
        <SSLHostConfig>
           <Certificate certificateFile="conf/rsa.crt"
                        certificateKeyFile="conf/rsa_enc_pkcs8.key"
                        certificateKeyPassword="12345678"
                        certificateKeyAlias="test" >
           </Certificate>
       </SSLHostConfig>

</Connector>


Command:

openssl genrsa -out rsa.key
openssl req -new -key rsa.key -out rsa.csr 
openssl x509 -req -days 3650 -in rsa.csr -signkey rsa.key -out rsa.crt
openssl pkcs8 -topk8 -inform PEM -in rsa.key -outform pem -out
rsa_enc_pkcs8.key -v2 aes-256-cbc -passin pass:12345678 -passout pass:12345678

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to