Re: Enable to "json stringify" access logs
Le jeu. 23 déc. 2021 à 22:53, Christopher Schultz <
ch...@christopherschultz.net> a écrit :
> Romain,
>
> On 12/18/21 14:28, Romain Manni-Bucau wrote:
> > I wonder if you would be interested in an access log "function" enabling
> to
> > make an access log element a valid json string.
> >
> > Idea is to enable to have access logs patterns producing valid JSON
> > whatever the dynamic string content, maybe something like
> >
> > "key":"jsonEscaped(%r)",
> >
> > or more tomcat style:
> >
> > "key":"%{json}r)",
>
> If you tried that today, you'd get the value of the request attribute
> named "json". I think we need a different syntax.
>
> The closest thing to this I see in the current configuration is
> specifying the date-format of a timestamp like this:
>
> %{pattern}t where %{...}t gets you the end-of-request timestamp.
>
> I think it's going to be ugly no matter what we do.
>
> Maybe instead of putting the escaping in the pattern, we could put the
> type of escaping into another attribute like this:
>
> ...
> escaping="json"
> pattern="..." />
>
> Then, when any %{...}? replacement will be done, it can be JSON-escaped.
This has a perf drawback (several %{} dont need it) I'd like to avoid if
possible and some %x would need escaping so fear it is not precise enough,
no?
> Any literal text in the pattern itself is up to the admin; specifically,
> it will not have any escaping applied to the pattern text, only the
> replacements.
>
> > What do you think? Is it worth proposing something or is it always
> handled
> > differently in your opinion (I tend to workaround it today so not 100%
> sure
> > it would be accepted if I do a PR)?
>
> Actually, this could easily be done by subclassing AccessLogValve and
> overriding AbstractAccessLogValve.escapeAndAppend to provide the proper
> escaping.
>
> I'd be +1 on accepting a JSONAccessLogValve class.
>
Let me try to PoC it after Xmas, sounds like a good option avoiding the
identification issue of enhancing current valve.
Thanks Chris
> -chris
>
> > Another location which would benefit from some json encoding
> > is org.apache.catalina.valves.JsonErrorReportValve#report since currently
> > it produces invalid json depending the message value.
> >
> > Romain Manni-Bucau
> > @rmannibucau | Blog
> > | Github <
> https://github.com/rmannibucau> |
> > LinkedIn | Book
> > <
> https://www.packtpub.com/application-development/java-ee-8-high-performance
> >
> >
>
[Bug 65767] New: Add support for password-based encryption scheme 2 params (PBES2)
https://bz.apache.org/bugzilla/show_bug.cgi?id=65767 Bug ID: 65767 Summary: Add support for password-based encryption scheme 2 params (PBES2) Product: Tomcat 10 Version: unspecified Hardware: All OS: All Status: NEW Severity: normal Priority: P2 Component: Connectors Assignee: dev@tomcat.apache.org Reporter: 1016340...@qq.com Target Milestone: -- Created attachment 38142 --> https://bz.apache.org/bugzilla/attachment.cgi?id=38142&action=edit The RSA key and certificate Failed to resolve private key PEM encrypted with AES-CBC, the exception message as follows: 25-Dec-2021 10:57:48.133 SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[org.apache.coyote.http11.Http11NioProtocol-8443]] org.apache.catalina.LifecycleException: Protocol handler initialization failed at org.apache.catalina.connector.Connector.initInternal(Connector.java:1059) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:556) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1012) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) at org.apache.catalina.startup.Catalina.load(Catalina.java:747) at org.apache.catalina.startup.Catalina.load(Catalina.java:769) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475) Caused by: java.lang.IllegalArgumentException: 1.2.840.113549.1.5.13 SecretKeyFactory not available at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:98) at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:70) at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:204) at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1174) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1187) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:574) at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:82) at org.apache.catalina.connector.Connector.initInternal(Connector.java:1056) ... 13 more Caused by: java.security.NoSuchAlgorithmException: 1.2.840.113549.1.5.13 SecretKeyFactory not available at java.base/javax.crypto.SecretKeyFactory.(SecretKeyFactory.java:122) at java.base/javax.crypto.SecretKeyFactory.getInstance(SecretKeyFactory.java:168) at org.apache.tomcat.util.net.jsse.PEMFile$Part.toPrivateKey(PEMFile.java:184) at org.apache.tomcat.util.net.jsse.PEMFile.(PEMFile.java:126) at org.apache.tomcat.util.net.jsse.PEMFile.(PEMFile.java:90) at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:314) at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:245) at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:96) ... 20 more server.xml Command: openssl genrsa -out rsa.key openssl req -new -key rsa.key -out rsa.csr openssl x509 -req -days 3650 -in rsa.csr -signkey rsa.key -out rsa.crt openssl pkcs8 -topk8 -inform PEM -in rsa.key -outform pem -out rsa_enc_pkcs8.key -v2 aes-256-cbc -passin pass:12345678 -passout pass:12345678 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] xiezhaokun opened a new pull request #462: Add support for password-based encryption scheme 2 params (PBES2)
xiezhaokun opened a new pull request #462: URL: https://github.com/apache/tomcat/pull/462 Add support for password-based encryption scheme 2 params (PBES2) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] xiezhaokun commented on pull request #462: Add support for password-based encryption scheme 2 params (PBES2)
xiezhaokun commented on pull request #462: URL: https://github.com/apache/tomcat/pull/462#issuecomment-1000969013 https://bz.apache.org/bugzilla/show_bug.cgi?id=65767 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] xiezhaokun removed a comment on pull request #462: Add support for password-based encryption scheme 2 params (PBES2)
xiezhaokun removed a comment on pull request #462: URL: https://github.com/apache/tomcat/pull/462#issuecomment-1000969013 https://bz.apache.org/bugzilla/show_bug.cgi?id=65767 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65767] Add support for password-based encryption scheme 2 params (PBES2)
https://bz.apache.org/bugzilla/show_bug.cgi?id=65767 --- Comment #1 from xiezhaokun <1016340...@qq.com> --- AES-CBC is used to encrypt the key or certificate of pkcs12 keystore. The same error is reported when Tomcat is started -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
