Encrypt keystore password in server.xml

Question

Tried to encrypt the keystorepass by following the steps mentioned in this link - Encrypt tomcat keystore password

My server.xml looks like this

<Connector port="8443" protocol="<my custom class>"
           maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS" 
          keystoreFile="conf/.ssl/keystore.jks"        
           keystorePass="<encrypted_password>"/>

I also setup my password decoder as mentioned here

public class Http11Nio2Protocol extends org.apache.coyote.http11.Http11Nio2Protocol {

@Override
public void setKeystorePass(String s) {
    try {
        super.setKeystorePass(new EncryptService().decrypt(s));
    } catch (final Exception e){
        super.setKeystorePass("");
    }
}

The problem is the tomcat doesnt start with these changes and i get the following error

**org.apache.catalina.LifecycleException: Failed to initialize component [Connector[MyCustomClass-8443]]**
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
    at org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
    at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
    at org.apache.catalina.startup.Catalina.load(Catalina.java:606)
    at org.apache.catalina.startup.Catalina.start(Catalina.java:643)
    at com.adventnet.mfw.service.WebService.start(WebService.java:86)
    at com.adventnet.mfw.service.ServiceStarter.initServices(ServiceStarter.java:170)
    at com.zoho.mickey.startup.MEServer.startServer(MEServer.java:328)
    at com.adventnet.mfw.Starter.start(Starter.java:367)
    at com.adventnet.mfw.Starter.main(Starter.java:603)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:497)
    at org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:290)
    at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
    at org.apache.catalina.connector.Connector.initInternal(Connector.java:970)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
    ... 17 more
Caused by: java.lang.IllegalArgumentException: java.security.UnrecoverableKeyException: Cannot recover key
    at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:107)
    at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:85)
    at org.apache.tomcat.util.net.Nio2Endpoint.bind(Nio2Endpoint.java:163)
    at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:941)
    at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:237)
    at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:558)
    at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:65)
    at org.apache.catalina.connector.Connector.initInternal(Connector.java:968)
    ... 18 more
Caused by: java.security.UnrecoverableKeyException: Cannot recover key
    at sun.security.provider.KeyProtector.recover(KeyProtector.java:328)
    at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:146)
    at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:56)
    at sun.security.provider.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:96)
    at sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetKey(JavaKeyStore.java:70)
    at java.security.KeyStore.getKey(KeyStore.java:1023)
    at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:133)
    at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:70)
    at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256)
    at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:216)
    at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:105)
    ... 25 more

Help me on how to proceed with this.

Thanks in advance.

Answer 1

You have to put the custom class as a jar inside the tomcat\lib folder. Also check the keystore is in the right location - "conf/.ssl/keystore.jks"