Comments (4)
If the signature and the private key do not match, then this indicates a configuration issue. It seems that you use a key that isn't compatible with the server certificate. In any case, this is an infrastructure issue that we cannot solve for you.
from spring-vault.
Earlier we were using Java-Vault-Driver with the same configuration and it was working fine. Later when we migrated to Spring-Vault-C0ore we found the issue. With further dive-in issue was found that Spring-Vault-Code does not have similar code as Java-Vault-Driver has. below is the code snipet.
try {
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
TrustManager[] trustManagers = null;
clientPemUTF8 = inputStreamToUTF8(clientResource.getInputStream());
clientKeyPemUTF8 = inputStreamToUTF8(resource.getInputStream());
KeyManager[] keyManagers = null;
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
ByteArrayInputStream pem = new ByteArrayInputStream(clientPemUTF8.getBytes(StandardCharsets.UTF_8));
X509Certificate clientCertificate;
try {
clientCertificate = (X509Certificate) certificateFactory.generateCertificate(pem);
} catch (Throwable var14) {
try {
pem.close();
} catch (Throwable var12) {
var14.addSuppressed(var12);
}
throw var14;
}
pem.close();
String strippedKey = clientKeyPemUTF8.replace("-----BEGIN PRIVATE KEY-----", "").replace("-----END PRIVATE KEY-----", "");
byte[] keyBytes = Base64.getMimeDecoder().decode(strippedKey);
PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory var9 = KeyFactory.getInstance("RSA");
PrivateKey privateKey = var9.generatePrivate(pkcs8EncodedKeySpec);
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load((InputStream) null, "password".toCharArray());
keyStore.setCertificateEntry("clientCert", clientCertificate);
keyStore.setKeyEntry("key", privateKey, "password".toCharArray(), new Certificate[]{clientCertificate});
keyManagerFactory.init(keyStore, "password".toCharArray());
keyManagers = keyManagerFactory.getKeyManagers();
SslConfiguration.KeyConfiguration.of("".toCharArray(), keyStore.getCertificateAlias(clientCertificate));
return SslConfiguration.forTrustStore(SslConfiguration.KeyStoreConfiguration.of(clientResource).withStoreType( PEM_KEYSTORE_TYPE)).forKeyStore(new FileSystemResource(System.getProperty("weblogic.security.CustomTrustKeyStoreFileName")),
"changeit".toCharArray(),
SslConfiguration.KeyConfiguration.of("password".toCharArray(),
keyStore.getCertificateAlias(clientCertificate)));
} catch (Exception e) {
e.printStackTrace();
return SslConfiguration.unconfigured();
}
from spring-vault.
The code above isn't Spring Vault code. You might find PemObject
and CertificateBundle
utils useful to parse your keys. With the KeyStore
being configured on your side, there isn't much we can do here. You might want to have a look at ClientHttpConnectorFactory
to see how we configure the HTTP client to verify your settings are correct.
from spring-vault.
Thanks for your update. Is there any documentation/example which I can follow for PemObject, CertificateBundle and ClientHttpConnectorFactory.
from spring-vault.
Related Issues (20)
- EnvironmentVaultConfiguration does not check for spring.cloud prefix by default. HOT 3
- Leases no longer revoked after stopping `SecretLeaseContainer` HOT 3
- Refresh authentication token and leases related to it after expire of authentication token HOT 3
- Release Spring Vault 3.1.1
- Upgrade to Spring Data 2023.1.2
- Upgrade to Spring Framework 6.1.3
- Upgrade to Project Reactor 2023.0.2
- Upgrade dependencies
- Extend copyright license headers to 2024
- Leases no longer revoked after stopping SecretLeaseContainer HOT 3
- Assistance Needed with Dynamic Vault Template Creation Using RoleID and SecretID HOT 1
- Private Key is `null` in `CertificateBundle` using `of(String serialNumber, String certificate, String issuingCaCertificate, String privateKey)` HOT 2
- Page not found for 2.3.3 reference doc HOT 2
- Dynamically Configure Cipher Suites for Vault Communication HOT 3
- Read-Timeout not applied with Apache Http Components and no-SSL HOT 3
- Leases no longer revoked after stopping SecretLeaseContainer #855 HOT 2
- Update `SessionManager` implementation for non-renewable tokens HOT 6
- What is the property value to set for certificate authentication name? HOT 1
- Add support for IMDSv2 on EC2 instances HOT 4
- Secret rotation failing after LoginTokenExpiredEvent HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spring-vault.