Code Monkey home page Code Monkey logo

Comments (4)

mp911de avatar mp911de commented on July 19, 2024

If the signature and the private key do not match, then this indicates a configuration issue. It seems that you use a key that isn't compatible with the server certificate. In any case, this is an infrastructure issue that we cannot solve for you.

from spring-vault.

sethvarun avatar sethvarun commented on July 19, 2024

Earlier we were using Java-Vault-Driver with the same configuration and it was working fine. Later when we migrated to Spring-Vault-C0ore we found the issue. With further dive-in issue was found that Spring-Vault-Code does not have similar code as Java-Vault-Driver has. below is the code snipet.

try {
                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                    TrustManager[] trustManagers = null;
                    clientPemUTF8 = inputStreamToUTF8(clientResource.getInputStream());
                    clientKeyPemUTF8 = inputStreamToUTF8(resource.getInputStream());
                    KeyManager[] keyManagers = null;

                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                    ByteArrayInputStream pem = new ByteArrayInputStream(clientPemUTF8.getBytes(StandardCharsets.UTF_8));

                    X509Certificate clientCertificate;
                    try {
                        clientCertificate = (X509Certificate) certificateFactory.generateCertificate(pem);
                    } catch (Throwable var14) {
                        try {
                            pem.close();
                        } catch (Throwable var12) {
                            var14.addSuppressed(var12);
                        }

                        throw var14;
                    }

                    pem.close();
                    String strippedKey = clientKeyPemUTF8.replace("-----BEGIN PRIVATE KEY-----", "").replace("-----END PRIVATE KEY-----", "");
                    byte[] keyBytes = Base64.getMimeDecoder().decode(strippedKey);
                    PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(keyBytes);
                    KeyFactory var9 = KeyFactory.getInstance("RSA");
                    PrivateKey privateKey = var9.generatePrivate(pkcs8EncodedKeySpec);
                    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    keyStore.load((InputStream) null, "password".toCharArray());
                    keyStore.setCertificateEntry("clientCert", clientCertificate);
                    keyStore.setKeyEntry("key", privateKey, "password".toCharArray(), new Certificate[]{clientCertificate});
                    keyManagerFactory.init(keyStore, "password".toCharArray());
                    keyManagers = keyManagerFactory.getKeyManagers();

                    SslConfiguration.KeyConfiguration.of("".toCharArray(), keyStore.getCertificateAlias(clientCertificate));
                    return SslConfiguration.forTrustStore(SslConfiguration.KeyStoreConfiguration.of(clientResource).withStoreType( PEM_KEYSTORE_TYPE)).forKeyStore(new FileSystemResource(System.getProperty("weblogic.security.CustomTrustKeyStoreFileName")),
                            "changeit".toCharArray(),
                            SslConfiguration.KeyConfiguration.of("password".toCharArray(),
                                    keyStore.getCertificateAlias(clientCertificate)));
                } catch (Exception e) {
                    e.printStackTrace();

                    return SslConfiguration.unconfigured();
                }

from spring-vault.

mp911de avatar mp911de commented on July 19, 2024

The code above isn't Spring Vault code. You might find PemObject and CertificateBundle utils useful to parse your keys. With the KeyStore being configured on your side, there isn't much we can do here. You might want to have a look at ClientHttpConnectorFactory to see how we configure the HTTP client to verify your settings are correct.

from spring-vault.

sethvarun avatar sethvarun commented on July 19, 2024

Thanks for your update. Is there any documentation/example which I can follow for PemObject, CertificateBundle and ClientHttpConnectorFactory.

from spring-vault.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.