Intellij How override (spring) multiline configuration properties - spring-boot

In my spring application i have to provide an certificate with format
-----BEGIN CERTIFICATE-----
...
ZSBJb1QgSHViIENBIENlcnQgVGVzdCBPbmx5MB4XDTIyMDgwNDEzMjg1MVoXDTIy
MDkwMzEzMjg1MVowFDESMBAGA1UEAwwJamF2YS1zaW0xMIICIjANBgkqhkiG9w0B
AQEFAAOCAg8AMIICCgKCAgEA1BHjgtcqmFP+TUdfBYmGU/CqYfEEtD6XaVI8BpJI
yx7y58aSnoPWxek8iM86PL8E8RtMKGZkB29JSLp7BIWuEAgkSZYbtN/cmTCT0r9c
...
-----END CERTIFICATE-----
While i can set this in application properties by adding \n\ at all line ends
it is not working (BouncyCastle is not able to create certificate from it) if i set this as value in overridden properties:
i also tried to replace lineending by
\n
\\n
So how to override this property correctly.

Related

How to read/write SSH Private key (id_rsa)

As part of an automated Cloud Init setup, I am auto generating public/private keys for users, reading them from file and then saving them in bash variables like so
public_key=$(cat /path/to/id_rsa.pub)
private_key=$(cat /path/to/id_rsa)
Then I write them to the target machine through Cloud Init like so
- sudo -H -u aryan bash -c 'echo "$public_key" > ~/.ssh/id_rsa.pub'
- sudo -H -u aryan bash -c 'echo "$private_key" > ~/.ssh/id_rsa'
The public key is written correctly, but the private key is written to a single line and then SSH complains that it is the wrong format. I am expecting this
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCpOipW5Xyjc9jLE6AX/0HktpZtyokJap9k5njJl3uw7VpcUITW
3UzHHZor4b4N1x8wp17Y0udPsrcPtfJR+pVSr0s6ZMkjX0B7J5jE64iPlVOkO+ww
b4CMlonViWeTJ/+gSLkfC2EDfSqPTEOWx44Vs7Mt2qi5Rvq/Po81NDrK2QIDAQAB
AoGAcklZ9r2dYzYFn4BtikdVVQUKqrMxwS5E33vW7y5i1qY1dErcq89g3shbKm+W
TvqNkeo23+/vT5++idmzATJeTQ+uhRidPrU6XTWd4I8LvHB6dYIGKpGuciv4NWG0
3CLDt5IRLpAJ8qAl3tmitWadZw7lJtGAWg+7zdbIoP07XhECQQD32vBAwePlB/ZY
CsRNeIDUWtAGaxqBvssmbh4wfCYZDH+3BJbyMG0AWycE0YLZLlACKzTUu5PC8CKu
zQBKb02LAkEArsnGdJ7ipDTZZWl1Q42M494SfQUA9+he12WU6O2o2BJqr8cVRG2V
BJHHXvdHB+xWRMpo0vxTiGdDIDqPwfPdqwJBAMBpkgvjuYSqur48lYpC21h/q3Dg
IrLIqDMMV5lyN61Ie7lb8cbQez5EhTUDZN4vSuN0IU5o1FwIShSDhw9B+uMCQFwN
UiJLJ0uZtcCOCL76BnBfnVcQUpE9ZO2FxyXhPGIHWP6YF6BBIhEVAW4HRvZqRojW
HNy5HPkigRyxGtLnrx8CQFWZtrGiBIrYRsrf9fwXv4DTB5z7sQLEf8x2dwvif34O
+bYMoDJPewr3ti88KJP4rubmIS9PTCAJxEfMBPkZHvE=
-----END RSA PRIVATE KEY-----
But instead I have this (truncated)
-----BEGIN RSA PRIVATE KEY-----MIICXAIBAAKBgQCpOipW5Xyjc9jLE6AX/0HktpZtyokJ...
Question: How do I correctly read a private key into a variable and then write it to a text file
Note: The easiest way would be to simply copy the file but I don't think Cloudinit supports cp/scp. If it does, please do let me know how
You need to quote your command substitution to preserve newlines:
private_key="$(cat /path/to/id_rsa)"
What you can do for cloud-init ssh setup, is to generate the private and public key before the deployment and then use cloud-init to deploy the servers with those ssh keys.
This way, you will always have the same private key on your computer and be able to ssh into the new servers.
Also it might be a security issue if the wrong people have access to the cloud-config file
Sample code:
ssh_authorized_keys:
- ssh-rsa AAA... user#server
ssh_keys:
rsa_private: |
-----BEGIN RSA PRIVATE KEY-----
MIIEpwIBAAKCAQIA3FurAzWIiBuNd1ew2sM3s/eOg+Sf9nSQPcEzNyNTkhxSwkxf
3fgNlSpoBc1s7XD9DefpzGT/lxZzVQcQGJ7NnxddRKOH8Uhhp75L3Q18L4z4bZNM
zX5ngtZopa4SoFWiMCVljXeWy4CpuQdpD8N9Bpb+9IYCVOzitnrD2UM2ubf6imOq
Saeiyi3/SdftcUO3uhjemLkg9d2nwvfbJUqSFR4NGR5nsOxxMC4tnxylDRN88qE3
fSrSQHY+qTu+3mKQ6J7VKUM7e0jRD/vQK64V0f6AqKLxta7XFeA8sIa0qbGNQHBk
Zg+OOFYUz4x0qbwmwuQR9RS6HnBLXvdcZb36nXkCAwEAAQKCAQEfx+jGMbZbSv4A
NFmBc55ZCl83joWzmeQjw/WLAkFPVV5qP3GkJd5voQoXrCUFqcIVe1kw7XAfblF7
9eTQaDbntwrwl1VH61SKSNvQKd27Tf2WgCQXjx+Gsz2sh4qQLUmTABHBcXoCJ7BS
y0rPxzYE+UoUIi+7595ayyHr99Gwv1/N78xw7PS+oyxmn4rsbFYfWbkKWKgbizAm
oxM5EE1g1Mn9m0ocruYzTiPIHLGMsfeqMDzHG7lK0rTL0nqFP/QegZkSE0hQ/fJm
gS44NnFQ1HeQB3GCbgJlQFNVNHPueZevEemZ5QEuPIhYmG8+GlGRl9aFto9BGDa7
z0Ct29HeAQKBgQ95Z86CIZIsSWhjt0ZjW0DzFd6JQC+gKxmxcaELZPL+M0jh2zMV
9jCIPERV4RKwzttKm/tGz2Zh+FsToi0Ie1TW4uVArGcFeX+XsTIrcIyIwzoFixR1
k2Rv9ZwJGQgapTokhoVidAMRUIZfN/2HH4y2ZnIdOUDpP8FpknFiTXFoEQKBgQ49
hWHFwKFB6sprKq+dJkFgNEhtdn4q0K5NrBgwHm6h2sO3tyIwVMCmhwHtBnEQOovg
W7dM/GYqpxE76qaJBoHFht0RGPxt1wbQRbjwZ78KdMrLa+RZlFRVdPU5QXEcYu+H
jqIiTf/aDl69cdQ8dkJoGwjjT80R4t2zy+7iKqqG6QKBgQbqYhsniytRgYkWr2zU
sI6pVMe3nSPrt/dmlvq7JeV296Kf1bnSAdGUwSJlIw6AWCInCOjWr4/5Ds5dSuhH
Vx8GXibIrYPpLXB5caaTRVx5Lo66tXpyRWnoo2KVqks15UvD0R7BbkmErnEvEs3K
Wq4/Qi+Toe3Blk2xCdKEdUnOkQKfgQLZXC5LmlapEYieGFQ6ZMT/snYrMGHdvxKg
h6XvOqd3yoUN5J36fXpt1uUTvw4v6QbDRJZP2M+4COTxz+ix0ZN1KZ5hJVabw0Gh
udFeh+M4/FT2jgeJxJt63YOSiP1QaJrzzB20L1bZEbbywCtuTVrL6VzF3dlxkqo4
pryMk2y6wQKBgQ3MpmrMTRS3bA7h6qMvaZep6Pke6gsXSgGpbU9mFB2ja8IKIVLZ
iVLjmcN1ItqKtYbD01WURkcV3ne+E9bbDYrBQmPDfaO+VbUgBVTjmybLpamrci5k
DcDQVCymHy0EwAqGOuWKM8EgbxuTKDGuUX9Q0TI23fwTc9rB6j3FEAnyvQ==
-----END RSA PRIVATE KEY-----

Add-AzVMSshPublicKey to vmConfig fails when calling New-AzVM

I'm following the windows quickstart for creating a VM in azure powershell
I'm stuck here:
# Configure the SSH key
$sshPublicKey = cat ~/.ssh/id_rsa.pub
Add-AzVMSshPublicKey `
-VM $vmconfig `
-KeyData $sshPublicKey `
-Path "/home/azureuser/.ssh/authorized_keys"
First of all I think the following code is wrong, as cat returns System.String[] and running this verbatim results in
Add-AzVMSshPublicKey : Cannot convert 'System.Object[]' to the type 'System.String'
So... I instead use Get-Content "./path/to/file" -raw which just returns a string and the command runs without errors
Now when I run
New-AzVM `
-ResourceGroupName $resourceGroupName `
-Location $location -VM $vmConfig
I get the following error, meaning the keyData I set earlier wasn't set correctly.
New-AzVM : The value of parameter linuxConfiguration.ssh.publicKeys.keyData is invalid.
I've found the issue - So Azure key vault gives me a PEM public key in the form
-----BEGIN PUBLIC KEY-----
MIIBojANBgkqhkiG9w0BAQEFAAO...
...
...
...
...0CS94AFAgMBAAE=
-----END PUBLIC KEY-----
Whereas the VM is expecting it in OpenSSH format
ssh-rsa ..........
I've tried to convert it with
ssh-keygen -i -m PKCS8 -f ./key.pem
but nothing gets output
UPDATE
Aaaand it's a powershell issue
First, the tutorial is a guide to create Linux VM via Azure PowerShell, not Windows. Second, the command cat just outputs the content of the file. And command $sshPublicKey = cat ~/.ssh/id_rsa.pub creates a variable in string:
The parameter -KeyData of the command Add-AzVMSshPublicKey also expect a string:
So there is no problem with the PowerShell command and all the commands work fine on my side. And the error shows the value of the key data is invalid, what you need to do is to make sure if the SSH public key is no problem.
To get this key from an Azure Key vault,
Get-AzKeyVaultKey -OutFile *filename* returns a public key in PEM Form
-----BEGIN PUBLIC KEY------
....
-----END PUBLIC KEY-----
The vm requires the key data to be a one-liner in OpenSSH format
ssh-rsa ....... mykeylabel
But Powershell's ssh-keygen, unlike its UNIX counterpart, cannot convert between these formats as it has an open bug

Setting CF environment variable with multiline value

I want to set a RSA token in environment variable of CF App.
I try to set it with below commands
export var1=`cat key.pem`
cf set-env app KEY "$var1"
If I console the env variable(cf env app), I get the expected output:
.
.
User-Provided:
KEY: -----BEGIN RSA PRIVATE KEY-----
.
. multi-line key contents
.
-----END RSA PRIVATE KEY-----
However, if I run the app, it fails in the authentication.
I also tried applying quotes:
cf set-env app KEY "'$var1'"
It was the token issue.
The first approach mentioned in the question worked.

Unable to load Private Key

I am new to SSL/OpenSSL and I'm working on Windows 7. I'm trying to configure HTTPS for my ElasticBeanstalk environment following these instructions.
I'm at Step 2 in "Create a Private Key". After I issue the command to generate the key pair:
openssl genrsa 2048 > privatekey.pem
I get:
Generating RSA private key, 2048 bit long modulus
........................................+++
...............................+++
unable to write 'random state'
e is 65537 (0x10001)
However, it does write a key to my directory. But after the second command:
openssl req -new -key privatekey.pem -out csr.pem
I get:
unable to load Private Key
6312:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: ANY PRIVATE KEY
I've tried Googling this a bit, but none of the solutions I've found seem to be relevant for me. I checked the generated key and it looks like
-----BEGIN RSA PRIVATE KEY-----
{lots of characters}
-----END RSA PRIVATE KEY-----
What am I doing incorrectly?
unable to load Private Key
6312:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: ANY PRIVATE KEY
I ran your commands on OS X, and I could not reproduce the results.
I did use the -config option because I have an "OpenSSL server config template" that makes it easy to generate CSRs and self signed certificates:
$ mkdir test
$ cd test
$ openssl req -new -key privatekey.pem -out csr.pem -config example-com.conf
The configuration file is named example-com.conf, and you can find it at How do I edit a self signed certificate created using openssl xampp?. Edit it to suit your taste (in particular, the DNS names).
If interested, here's the OpenSSL man pages on the req sub-command.
I checked the generated key and it looks like
-----BEGIN RSA PRIVATE KEY----- {lots of characters}
-----END RSA PRIVATE KEY-----
You can validate the key you just created with:
$ openssl rsa -in privatekey.pem -inform PEM -text -noout
Private-Key: (2048 bit)
modulus:
00:b0:91:ce:57:28:0f:5c:3a:c3:29:d7:23:6a:71:
ca:64:49:fc:24:ea:69:a3:09:d6:49:94:17:b9:09:
65:fa:5a:10:47:a4:9b:b8:cd:6d:32:74:19:8d:5c:
79:92:f0:a6:43:9c:75:a3:7b:ef:c4:c3:d9:c2:db:
b9:bd:ec:14:a8:b1:52:73:8f:56:c8:5c:16:08:56:
ff:c2:2b:35:3c:0a:0f:34:d0:91:c1:54:7e:72:e8:
97:bf:ea:46:69:5f:e4:21:8d:7a:f5:a5:6b:6a:e8:
00:56:bc:02:f6:b4:ae:6e:89:a6:50:aa:5b:2f:d8:
7d:99:04:61:51:76:b3:5e:9e:30:52:99:54:26:e2:
3a:54:ec:78:34:e6:9a:b7:c2:58:5c:51:3d:39:52:
d4:6e:0c:6e:a1:a0:a5:f1:4d:5a:f5:0b:1a:6e:dc:
f3:bb:0d:d0:53:51:b0:1a:04:ee:86:35:d5:f3:8b:
0d:bc:19:61:6c:0c:b2:7b:a9:7c:47:97:01:bb:a2:
6a:74:d9:19:e9:df:60:07:d4:95:4c:83:f8:3b:84:
c2:b8:3d:b9:a7:34:0a:9b:a3:c6:70:cc:ef:de:f4:
64:88:f1:56:d3:2a:fd:5a:82:88:96:66:93:6c:a0:
b8:ec:e4:4c:e8:76:5c:9c:fc:c4:60:72:b6:9a:3f:
98:a3
publicExponent: 65537 (0x10001)
privateExponent:
00:87:ab:f1:65:ac:e5:68:93:ca:64:3a:e7:fe:a1:
62:c7:7e:c5:dc:c3:b5:d9:cd:f4:36:e3:30:fb:40:
0a:78:bc:7d:67:df:46:bc:50:34:88:a1:07:05:44:
ba:31:ba:f1:b6:5f:e1:50:76:29:bd:02:54:2f:d2:
cf:bc:ec:4a:cf:78:39:07:8c:6b:3d:56:ec:a3:09:
de:49:9f:13:af:87:77:39:b8:cd:56:45:0b:48:56:
0a:4c:2f:c2:5c:b3:8e:c2:6d:48:be:b9:95:79:36:
bd:13:e8:31:4a:c9:78:82:7d:08:2b:51:4a:f1:cf:
a2:6a:52:20:49:0d:31:34:10:88:02:d7:a7:07:70:
32:b5:f5:8c:cc:d4:b2:8d:b9:aa:bb:33:82:1a:74:
bd:4d:4f:e9:e0:cc:f2:27:fb:98:34:2c:77:56:6f:
88:3a:66:32:5d:7d:57:c6:5b:63:39:fa:32:04:9d:
e3:cc:a5:b6:44:91:fd:7d:d1:b6:2d:16:47:59:81:
3d:cf:d9:a7:58:2a:d6:61:5d:c6:69:3b:7a:70:50:
4f:80:f4:d9:fb:c8:7d:5e:44:9e:ac:c8:e6:aa:49:
c3:d6:df:6b:03:68:25:a3:2b:89:8f:9a:35:3a:58:
7d:71:b4:08:d9:04:7b:b9:96:17:f3:a5:19:c5:07:
4e:c1
prime1:
00:d7:d0:d8:8c:b5:86:ed:0e:06:70:c9:54:00:25:
d7:8c:e4:65:51:1b:c5:ba:33:c2:02:1a:dc:80:a6:
ae:8e:1e:e8:c0:b7:04:11:5a:e3:98:52:8f:4a:7a:
43:b8:e8:1b:c8:d6:d3:b2:dc:70:59:a5:ca:83:bb:
35:f1:6c:f5:cb:d0:f4:04:5e:aa:7c:d0:ec:d7:4a:
d5:1c:7c:e2:67:e4:e8:17:95:9b:4e:2b:a0:26:74:
61:d0:a0:15:27:18:e5:84:b5:54:ef:be:82:35:7e:
78:e0:49:6b:4e:ae:93:53:a0:81:a3:8e:de:d3:e5:
dc:c5:ba:03:36:14:47:97:03
prime2:
00:d1:72:3b:f5:34:b1:11:78:b2:79:f4:3e:d7:be:
bf:cc:b3:09:ea:24:a4:cc:7f:64:73:96:d2:48:9e:
55:bc:79:23:c2:d9:80:81:7d:a4:a5:4b:43:33:8e:
62:04:ec:8d:22:d7:43:5e:41:b6:4d:e9:b0:cc:70:
63:17:70:93:88:81:f5:84:a6:3f:2b:98:33:a3:69:
53:11:c7:95:8c:30:ea:e8:58:c7:77:10:b4:a8:f5:
bf:5e:cf:e1:99:bb:b3:4e:57:d2:4c:f7:73:de:8a:
98:8e:7c:26:37:6c:e4:77:c6:d2:ed:5d:53:a7:15:
c3:9c:67:61:d3:24:9a:f5:e1
exponent1:
00:83:34:59:e2:b9:9d:8c:d2:e1:01:82:b4:89:de:
77:bc:15:42:af:5b:c6:0a:dc:da:8e:f3:0b:a9:3f:
2c:92:04:a2:96:3e:ed:bf:2b:55:80:ce:78:84:db:
ed:fe:25:46:77:04:7b:f1:9a:68:c7:67:ae:c6:05:
73:d7:11:da:21:0e:28:bb:db:5d:a4:c2:53:aa:d3:
b8:da:37:e6:61:29:5e:1c:b0:7c:99:ba:96:03:aa:
ef:a8:a9:1a:13:09:e4:c7:98:82:49:ba:b5:68:96:
3a:20:89:22:2e:d4:9d:86:d2:e6:dd:ab:c7:36:65:
e1:a1:67:e3:f9:e5:bc:5c:47
exponent2:
00:81:6d:b9:55:8f:09:39:05:c0:2d:12:dd:5e:cf:
56:91:35:b6:93:c5:af:3d:5c:20:04:3a:18:9a:9d:
95:d7:d1:78:62:e9:ab:ba:d9:9c:cc:34:95:43:9f:
e2:3c:ae:bd:8c:e1:3f:95:58:c0:42:a7:7e:04:e8:
12:a4:22:82:59:22:0e:49:b9:be:61:bf:3d:71:e7:
1d:59:68:5f:a6:f1:77:c8:bb:4c:0f:ec:f7:e7:4d:
6d:c4:36:6c:70:67:08:a8:0a:27:40:3e:ce:90:a0:
4f:24:05:de:4b:f3:f3:bf:7c:d3:4d:b1:95:87:34:
30:dc:4f:1a:a9:b2:fe:3b:a1
coefficient:
6d:51:b3:6e:87:8d:aa:f0:55:c4:22:21:62:a9:ea:
24:b3:b7:91:40:f5:78:5d:f1:40:45:7e:0d:a2:a3:
54:46:ba:42:33:b6:cd:57:a1:85:bc:3d:ba:1c:eb:
87:33:a9:e9:63:1e:7c:2c:89:98:b9:0f:4b:e8:c4:
79:bd:00:6a:f5:3e:ea:63:f1:9e:aa:47:35:5a:22:
fc:4e:e3:61:7e:eb:dc:a6:c0:2c:d5:fd:22:9f:01:
59:32:15:db:41:99:b7:a8:c1:eb:1e:42:c7:1b:c7:
c8:56:86:a8:34:fe:1c:48:b6:6e:f1:c1:5c:96:bf:
9d:fa:e5:4c:d0:2a:d9:09
unable to write 'random state'
This is a well known problem. OpenSSL uses a default configuration file. You can locate the configuration file with correct location of openssl.cnf file.
The default configuration file includes these lines:
$ cat /usr/local/ssl/macosx-x64/openssl.cnf
...
HOME = .
RANDFILE = $ENV::HOME/.rnd
...
To save the random file, you should point HOME and RANDFILE to a valid location. On Windows, you type set HOME=... and set RANDFILE=... in the command prompt. Or better, change it in the OpenSSL configuration file you use.
Also see How to fix “unable to write 'random state' ” in openssl and How do I make OpenSSL write the RANDFILE on Windows Vista?.
I'm trying to configure HTTPS for my ElasticBeanstalk environment following these instructions.
The instructions are wrong in the image below. Do not place a DNS name in the Common Name (CN).
Placing a DNS name in the Common Name is deprecated by both the IETF (the folks who publish RFCs) and the CA/B Forums (the cartel where browsers and CAs collude). You should pay articular attention to what the CA/B recommends because Browsers and CAs come up with those rules, and the browsers follow them (and they don't follow the RFCs). For reference, see RFC 5280, RFC 6125 and the CA/B Baseline Requirements.
Instead, place DNS names in the Subject Alternate Name (SAN). Both the IETF and CA/B specifies it.
The custom OpenSSL configuration file handles this for you. You just have to change the DNS names listed under the section [ alternate_names ]. For example, here's a set of names set up for the domain example.com. Notice there is no DNS name in the CN:
[ subject ]
...
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = Example Company
[ alternate_names ]
DNS.1 = example.com
DNS.2 = www.example.com
DNS.3 = mail.example.com
DNS.4 = ftp.example.com
Can you check if you have appropriate permissions when you run both the commands? Maybe try doing the same using a user with Admin Rights.
Also make sure the created file privatekey.pem has appropriate permissions before executing the command below (Use chmod if necessary)
openssl req -new -key privatekey.pem -out csr.pem
Submitting this as answer as I don't have enough reputation to comment.
I believe the root of the problem is the error
unable to write 'random state'
e is 65537 (0x10001)
Searching StackOverflow found these results. I would stress that you run the openssl program as sudo or directly as root to avoid any possible permissions issues.
The fix in Windows:
https://stackoverflow.com/a/12522479/3765769
In Linux:
https://stackoverflow.com/a/94458/3765769

ansible to read openssl public key (.pem) content from user input and create a file on server

I m basically creating a playbook for creating pkcs12 file where in it asks for public key(.pem) and private key. my private key is on server so i can pass location of file. but my public key(.pem) is not residing on server nor i can copy paste from local.
so i want to create an ansible-playbook which can read public key content from user as a variable and create a file on the remote server to use in pkcs12 file creation.
my publickey content is spreaded across multiple lines like below.
-----BEGIN CERTIFICATE-----
(64-character alphanumeric content)
.
.
.
.
-----END CERTIFICATE-----
can you suggest simple way to achieve this.
i am using copy module 'content' option, but unable to achieve this.
tasks:
- name: copy content
copy:
content: "{{ my_pub_key }}"
dest: /tmp/{{file}}.pem
ansible-playbook abc.yaml -e "my_pub_key=
-----BEGIN CERTIFICATE-----
.
.
.
.
-----END CERTIFICATE-----
"~
please suggest if there is any another way to achieve this ?
Not exactly sure, what do you mean by below statement. From the question, guessing nothing was written to the destination file.
...but unable to achieve this...
Your task looks fine. However, to pass multiline string as a parameter, add quote (') to define variable value like this.
$ ansible-playbook abc.yaml -e "my_pub_key='
-----BEGIN CERTIFICATE-----
.
.
.
.
-----END CERTIFICATE-----'"

Resources