cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Obfuscated Keystore password not getting decrypted in LLS 2024.06 onwards

Obfuscated Keystore password not getting decrypted in LLS 2024.06 onwards

Summary

LLS set up in HTTPS mode is unable to start when an obfuscated keystore password is used in local-configuration.yaml configuration file. 

The issue is being observed in LLS 2024.06 version onwards.

Symptoms

When LLS is configured to run in HTTPS mode with a certificate , the keystore password needs to be passed on to the local configuration.yaml config file. The keystore password can be obfuscated/hashed using the below 
java -jar flexnetls.jar -password <password>

If the obfuscated keystone password is used on the local-configuration.yaml , the LLS is unable to start or install as a service. The issue occurs in both console mode and running as a service. 

Below error is thrown by LLS : 

2024-08-06T07:54:55,974Z WARN  - Exception encountered during context initialization - cancelling refresh attempt: org.springframework.context.ApplicationContextException: Unable to start web server; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'undertowServletWebServerFactory' defined in com.flexnet.glservice.UllsConfiguration: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate

Steps to Reproduce

  1. Produce producer-settings.xml and configure local-configuration.yaml to run LLS in HTTPs mode.
  2. Obfuscate the keystore password using java -jar flexnetls.jar -password <password>
  3. Use the obfuscated password as the keystore password in the local-configuration.yaml HTTPS in section. Attaching a screenshot of the configuration.

     
    local-configuration.yaml HTTPS-in configurationlocal-configuration.yaml HTTPS-in configuration 

Start LLS in console mode or install it as a service. LLS will throw an error of "Unable to start web server"

 

 

Workaround

  1. Currently workaround for running LLS in HTTPS mode is to use the keystore-password as plaintext and not obfuscated in the local-configuration.yaml config file.
    example :
     keystore-password: keystorepassword
  2. start the LLS in console mode or installs as a service. 
  3. Otherwise, LLS 2024.05 can be used.

Fix Version and Resolution

The bug is fixed in the 2024.08 release of LLS. 

Was this article helpful? Yes No
No ratings
Version history
Last update:
‎Aug 21, 2024 02:55 AM
Updated by:
Contributors