The optional "keystore" element enables you to specify the keystore parameters to use to encode sensitive wagon.xml data.
The element is optional, a wagon.key private key is provided by default in the application's /conf directory.
This file can be externalised in the form of a URL-type JNDI resource via the url/adeliaWagonKey alias.
<keystore file="java:comp/env/url/wagonKeystore"> <parameters> <item key="keyStoreType" value="jks" /> <item key="keystorePassword" value="kspass" /> <item key="keyAlias" value="test" /> <item key="keyPassword" value="keypass" /> </parameters> </keystore>
The "file" attribute indicates:
- either a file name (if the path is not provided, the file is looked up in the application's "conf" directory),
- or a JNDI URL and enables the key file to be used to be located.
The keystore parameters are provided via a list of parameters ("parameters" section) and can take the following values:
Parameter |
Description |
Default value |
keystoreType |
Keystore type. The possible values are jks, pkcs12 and jceks. |
jks |
keystorePassword |
Keystore password. |
wagon |
| keyAlias | Key alias in the keystore |
wagonkey |
keyPassword |
Key password. |
wagon |
Please note that, by definition, "keystore" element data cannot be encoded, the prefix {RSA} cannot appear in the specified values.
All the keystore parameters may be specified via Java system properties (-Dxxx).
When the system properties are present, they systematically take priority over the wagon.xml configuration.
Parameter |
Description |
Default value |
-DWagonKeystoreType |
Keystore type. The possible values are jks, pkcs12 and jceks. |
jks |
-DWagonKeystorePassword |
Keystore password. |
wagon |
| -DWagonKeyAlias | Key alias in the keystore |
wagonkey |
-DWagonKeyPassword |
Key password. |
wagon |
The data can be configured in the command line using the WagonKeyUtils utility.
The utility parameters are:
Parameter |
Description |
Default value |
||||||
-[action] |
Action to execute. The available actions are as follows:
Mandatory parameter. |
- |
||||||
-keyfile <file_name> |
Key file name (java keystore). Mandatory parameter |
- |
||||||
| -keystoreType <type> | Keystore type. The possible values are jks, pkcs12 and jceks. |
jks |
||||||
| -keystorePassword <mdp> | Keystore password. |
wagon | ||||||
| -keyAlias | Key alias in the keystore |
wagonkey | ||||||
-DWagonKeyPassword |
Key password. |
wagon |
||||||
| [Text] | Text to encode (if -encode) or check (-check). Mandatory if the action is -encode or -check. |
- | ||||||
| [EncodedText] | Encoded text to check. Mandatory if the action is -check. |
- |
For example :
To encode a password with the default parameters:
java -cp "%ADELIWS%\javarun\*" com.hardis.wagon.runtime.tools.WagonKeyUtils -encode -keyfile pathto\wagon.key textToEncode
Response received:
NbuFLotGif3x84tycbzsT995n14WYsJssouQSO1/fQcSzyHR4TyFnJXH2m6Xg3cz7hodUcPJYSBawUyg9y4jx8hIXGcy+3HAgg+4HaOleeZOEgF9CIaxu6RxOLZbaqSzfz0e2fSLxzTvSYnVVam8Q1DzVXFZZ5GycxPChDWhRs6TYE1jDnedPoouh5k7c2Yt3OAM/ygZp+tsF8XHuL7i5iMW1Y1pDfU9zNIl5VFaO5kNvvTgWs8Vl9v+2+uJOtgyIFIi/mg4ryy89ylMM7pcfleMGlfxkSN95vh/1+/+wtv/lMly03MuFOZfvAJ1vmifgUd6JApBieOV+bCVCuf9YQ==
To use an encoded value in wagon.xml it needs to be prefixed by the {RSA} block:
<userConfiguration driverClassName="oracle.jdbc.driver.OracleDriver" url="jdbc:oracle:thin:@hostname:1521:SID" username="MyUser" password="MyPwd" tableName="WGNSETTINGS"/>
becomes
<userConfiguration driverClassName="oracle.jdbc.driver.OracleDriver" url="jdbc:oracle:thin:@hostname:1521:SID" username="MyUser" password="{RSA}NbuFLotGif3x84tycbzsT995n14WYsJssouQSO1/fQcSzyHR4TyFnJXH2m6Xg3cz7hodUcPJYSBawUyg9y4jx8hIXGcy+3HAgg+4HaOleeZOEgF9CIaxu6RxOLZbaqSzfz0e2fSLxzTvSYnV
Vam8Q1DzVXFZZ5GycxPChDWhRs6TYE1jDnedPoouh5k7c2Yt3OAM/ygZp+tsF8XHuL7i5iMW1Y1pDfU9zNIl5VFaO5kNvvTgWs8Vl9v+2+uJOtgyIFIi/mg4ryy89ylMM7pcfleMGlfxkSN95vh/1+/+wtv/lMly03MuFOZfvAJ1vmifgUd6JApBieOV+bCVCuf9YQ==" tableName="WGNSETTINGS"/>
A new private key can be generated with the -generate command for example:
java -cp "%ADELIWS%\javarun\*" com.hardis.wagon.runtime.tools.WagonKeyUtils -generate pathto\wagon.key