问题描述
我正在尝试使用 jasypt 在 yml 文件中为 ssl 密钥库和信任库存储加密密码。注意到 Spring Cloud 流的一个非常奇怪的行为。加密密码适用于 Kafka 流绑定,但不适用于 Apache Kafka 绑定。我检查了普通密码,它正在连接。下面是我的配置:
########## Kafka Streams binder configs ##########
spring.cloud.stream.kafka.streams:
binder:
brokers: <brokers>
configuration:
security.protocol: SSL
ssl.endpoint.identification.algorithm:
ssl.truststore.location: pathToFile/<filename>.jks
ssl.truststore.password: ENC(lzqSndFB9fy2R+blpqOW2X8BNgZJZX/8) // working
ssl.truststore.type: jks
ssl.keystore.location: pathToFile/<filename>.p12
ssl.keystore.password: ENC(Sf2xm5Tks2Dok2oPg4mHYqvkkryglhCj) // working
ssl.keystore.type: pkcs12
########## Apache Kafka binder configs ##########
spring.cloud.stream.kafka:
binder:
brokers: <brokers>
configuration:
security.protocol: SSL
ssl.endpoint.identification.algorithm:
ssl.truststore.location: pathToFile/<filename>.jks
ssl.truststore.password: ENC(lzqSndFB9fy2R+blpqOW2X8BNgZJZX/8) // failing,working with plain password
ssl.truststore.type: jks
ssl.keystore.location: pathToFile/<filename>.p12
ssl.keystore.password: ENC(Sf2xm5Tks2Dok2oPg4mHYqvkkryglhCj) // failing,working with plain password
ssl.keystore.type: pkcs12
以下是错误:
ERROR 16780 --- [ main] o.s.cloud.stream.binding.BindingService : Failed to create producer binding; retrying in 30 seconds
org.springframework.cloud.stream.binder.BinderException: Exception thrown while building outbound endpoint
Caused by: org.apache.kafka.common.KafkaException: org.apache.kafka.common.KafkaException: Failed to load SSL keystore <keystorefile>.p12 of type pkcs12
at org.apache.kafka.common.security.ssl.SslEngineBuilder.createSSLContext(SslEngineBuilder.java:160) ~[kafka-clients-2.3.1.jar:na]
at org.apache.kafka.common.security.ssl.SslEngineBuilder.<init>(SslEngineBuilder.java:102) ~[kafka-clients-2.3.1.jar:na]
at org.apache.kafka.common.security.ssl.SslFactory.configure(SslFactory.java:93) ~[kafka-clients-2.3.1.jar:na]
at org.apache.kafka.common.network.SslChannelBuilder.configure(SslChannelBuilder.java:71) ~[kafka-clients-2.3.1.jar:na]
... 33 common frames omitted
Caused by: org.apache.kafka.common.KafkaException: Failed to load SSL keystore <keystorefile>.p12 of type pkcs12
at org.apache.kafka.common.security.ssl.SslEngineBuilder$SecurityStore.load(SslEngineBuilder.java:289) ~[kafka-clients-2.3.1.jar:na]
at org.apache.kafka.common.security.ssl.SslEngineBuilder.createSSLContext(SslEngineBuilder.java:142) ~[kafka-clients-2.3.1.jar:na]
... 36 common frames omitted
Caused by: java.io.IOException: keystore password was incorrect
at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2068) ~[na:1.8.0_271]
at java.security.KeyStore.load(KeyStore.java:1445) ~[na:1.8.0_271]
at org.apache.kafka.common.security.ssl.SslEngineBuilder$SecurityStore.load(SslEngineBuilder.java:286) ~[kafka-clients-2.3.1.jar:na]
... 37 common frames omitted
Caused by: java.security.UnrecoverableKeyException: Failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
... 40 common frames omitted
Spring Boot 版本 2.2.5.RELEASE,摘自 pom.xml
<spring-cloud.version>Hoxton.SR5</spring-cloud.version>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-stream-binder-kafka-streams</artifactId>
</dependency>
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>3.0.3</version>
</dependency>
有人可以帮忙吗?
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)