api-manager icon indicating copy to clipboard operation
api-manager copied to clipboard
verified publisher icon wso2

Unable to use cipher tool encrypted truststore password in jdbc url when connecting through SSL

Open NishanthiWi opened this issue 1 year ago • 0 comments

Description

Description: When we are connecting with JDBC databases and SSL is enabled, the JDBC URL is as follows.

jdbc:mysql://<IS_HOME>:3306/<DB_NAME>?useSSL=true&requireSSL=true&autoReconnect=true&clientCertificateKeyStoreUrl=file:./repository/resources/security/client-truststore.jks&clientCertificateKeyStorePassword=***********

However, it's not possible to keep the cipher tool encrypted clientCertificateKeyStorePassword as $secret{truststore_password} instead of a plain text password. When adding the encrypted password in the URL as follows, it fails with an error in the server startup or when calling the database operations.

url = "jdbc:mysql://$env{WSO2_DB_HOSTNAME}/apimgtdb?autoReconnect=true&useSSL=true&requireSSL=true&clientCertificateKeyStoreUrl=file:repository/resources/security/client-truststore.jks&clientCertificateKeyStorePassword=$secret{client_truststore_password}"

Caused by: java.sql.SQLException: Driver:com.mysql.jdbc.Driver@1ff840c1 returned null for URL:wso2carbon at org.apache.tomcat.jdbc.pool.PooledConnection.connectUsingDriver(PooledConnection.java:338) at org.apache.tomcat.jdbc.pool.PooledConnection.connect(PooledConnection.java:212) at org.apache.tomcat.jdbc.pool.ConnectionPool.createConnection(ConnectionPool.java:744) at org.apache.tomcat.jdbc.pool.ConnectionPool.borrowConnection(ConnectionPool.java:676) at org.apache.tomcat.jdbc.pool.ConnectionPool.getConnection(ConnectionPool.java:198) at org.apache.tomcat.jdbc.pool.DataSourceProxy.getConnection(DataSourceProxy.java:131) at org.wso2.carbon.identity.core.persistence.JDBCPersistenceManager.getDBConnection(JDBCPersistenceManager.java:147) ... 32 more

Expected behavior: JDBC URL should work with cipher tool encrypted clientCertificateKeyStorePassword.

Environment information

Product Version: [APIM 4.0.0] Userstore: [JDBC]

Steps to Reproduce

  1. Enable secure vault
  2. Use the security place holder of the client trust store in the db connection url

Affected Component

APIM

Version

4.0.0.302

Environment Details (with versions)

No response

Relevant Log Output

No response

Related Issues

https://github.com/wso2/product-is/issues/14109

Suggested Labels

No response

NishanthiWi avatar Aug 16 '24 17:08 NishanthiWi