Encrypting passwords in CXF crypto property files - Cloud - 8.0

Talend ESB Container Administration Guide

Version
Cloud
8.0
Language
English
Product
Talend Cloud
Talend Data Fabric
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Open Studio for ESB
Talend Real-Time Big Data Platform
Module
Talend ESB
Talend Runtime
Content
Administration and Monitoring
Design and Development
Installation and Upgrade

About this task

Since CXF version 3.X, CXF uses Apache WSS4J 2.X which according to http://ws.apache.org/wss4j/migration/newfeatures20.html supports encrypting passwords in Crypto properties files using Jasypt.

In http://stackoverflow.com/questions/31023223/encrypting-passwords-in-crypto-property-files, a more detailed description can be found:

Procedure

  1. Download the jasypt-1.9.2-dist.zip (or newer) from http://www.jasypt.org/download.html.
  2. Get an Encoded password with this command encrypt input=real_keystore_password password=master_password algorithm=PBEWithMD5AndTripeDES
  3. Copy the OUTPUT (For example: 0laAaRahTQJzlsDu771tYi)
  4. As you are using this algorithm, you need the Java Cryptography Extension (JCE) Unlimited Strength in your JDK.
  5. Put the encoded OUTPUT in the properties.
    org.apache.wss4j.crypto.provider=org.apache.wss4j.common.crypto.Merlin
    org.apache.wss4j.crypto.merlin.keystore.type=jks
    org.apache.wss4j.crypto.merlin.keystore.password=ENC(0laAaRahTQJzlsDu771
    tYi)
    org.apache.wss4j.crypto.merlin.keystore.alias=my_alias
    org.apache.wss4j.crypto.merlin.keystore.file=/etc/cert/my_keystore.jks
  6. In the CallbackHandler, put the master_password that you used to generated the encoded one:
    public class WsPasswordHandler implements CallbackHandler {
      @Override
      public void handle(Callback[] callbacks) throws IOException,
            UnsupportedCallbackException {
        for (Callback callback: callbacks){
            WSPasswordCallback pwdCallback= (WSPasswordCallback) callback;
            final int usage=pwdCallback.getUsage();
            if (usage==WSPasswordCallback.SIGNATURE||usage==WSPasswordCallback.DECRYPT){
                pwdCallback.setPassword("parKeyPassword");
            }
            if (usage==WSPasswordCallback.PASSWORD_ENCRYPTOR_PASSWORD){
                pwdCallback.setPassword("master_password");
            }
        }
      }
    }