Symantec Access Management

  • Private Community
Back to Library

CA Adv. Auth : Encrypt State Manager Password 

Jun 27, 2018 01:38 AM

Download the Library

  • DOwnload the attached library "secure-tomcat-datasourcefactory-0.2.jar".

Generate Key and Encrypted Password

  • Generate a new random encryption key to a file e.g to create a new 128-bit AES key run the command:
    $ java -jar secure-tomcat-datasourcefactory-0.2.jar generateKey AES 128 ./testkeyfile

 

  • Generate the encrypted password in Base64 encoding e.g. using AES/ECB/PKCS5PADDING
    $ java -jar secure-tomcat-datasourcefactory-0.2.jar encryptPassword mypassword AES ECB PKCS5PADDING ./testkeyfile

 

Configure Tomcat

  1. Copy the JAR file to the folder ${TOMCAT_HOME}/lib

  2. Make the following changes to your JNDI datasource in ${TOMCAT_HOME}/conf/context.xml

    • Add factory="com.github.ncredinburgh.tomcat.SecureDataSourceFactory"

    • Replace existing clear text password value with Base64 encoded encrypted password e.g. password="O+JXajIzZS5Hi2+3vpdeqw=="

    • Add algorithm details to connectionProperties e.g. algorithm=AES;mode=ECB;padding=PKCS5PADDING

    • Add location of keyfile to connectionProperties e.g.keyFilename=/some/super/secure/location/keyfile

  3. Congratulations your done!

 

Example:

Before Password Encryption:

<Resource name="OLDAA90DBJNDI" auth="Container"
type="javax.sql.DataSource" 
username="TESTUSER" 
password="TESTPASSWORD"
driverClassName="oracle.jdbc.driver.OracleDriver" 
url="jdbc:oracle:thin:@localhost:1521:xe" 
maxWaitMillis="30000"
maxTotal="32" 
maxIdle="4" 
initialSize="4"
connectionProperties="SetBigStringTryClob=true"
accessToUnderlyingConnectionAllowed="true" 
timeBetweenEvictionRunsMillis="600000"
minEvictableIdleTimeMillis="600000"
/>

 

After Password Encryption

<Resource name="AA90DBJNDI" auth="Container"
factory="com.github.ncredinburgh.tomcat.SecureDataSourceFactory"
type="javax.sql.DataSource" 
username="TESTUSER" 
password="F0EV2niaAO2gnUB1/0SKXw=="
driverClassName="oracle.jdbc.driver.OracleDriver" 
url="jdbc:oracle:thin:@localhost:1521:xe" 
maxWaitMillis="30000"
maxTotal="32" 
maxIdle="4" 
initialSize="4"
accessToUnderlyingConnectionAllowed="true" 
timeBetweenEvictionRunsMillis="600000"
minEvictableIdleTimeMillis="600000"
connectionProperties="algorithm=AES;mode=ECB;padding=PKCS5PADDING;keyFilename=./conf/testkeyfile"
/>

 

Reference:

GitHub - ncredinburgh/secure-tomcat-datasourcefactory: A drop in replacement for the standard Tomcat DataSourceFactory t… 

Statistics
0 Favorited
2 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.