You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@bookkeeper.apache.org by GitBox <gi...@apache.org> on 2020/01/29 20:50:46 UTC
[GitHub] [bookkeeper] rdhabalia opened a new pull request #2151:
[bookie-mtls] add BouncyCastleProvider for security-provider to avoid
InvalidKeyException
rdhabalia opened a new pull request #2151: [bookie-mtls] add BouncyCastleProvider for security-provider to avoid InvalidKeyException
URL: https://github.com/apache/bookkeeper/pull/2151
### Motivation
As described at: https://github.com/apache/pulsar/issues/5047
### Issue
Sometimes user sees `Invalid TLS configuration` at bookie while loading PKCS8Key file and that can be fixed by using Bouncycastle provider.: https://stackoverflow.com/questions/6559272/algid-parse-error-not-a-sequence/18912362#18912362
```
2019-08-26 16:16:51,983 - ERROR - [BookKeeperClientWorker-OrderedExecutor-0-0:BookieClient@179] - Security Exception in creating new default PCBC pool:
org.apache.bookkeeper.tls.SecurityException: Invalid TLS configuration
at org.apache.bookkeeper.tls.TLSContextFactory.init(TLSContextFactory.java:392)
at org.apache.bookkeeper.proto.PerChannelBookieClient.<init>(PerChannelBookieClient.java:266)
at org.apache.bookkeeper.proto.BookieClient.create(BookieClient.java:155)
at org.apache.bookkeeper.proto.DefaultPerChannelBookieClientPool.<init>(DefaultPerChannelBookieClientPool.java:71)
at org.apache.bookkeeper.proto.BookieClient.lookupClient(BookieClient.java:168)
at org.apache.bookkeeper.proto.BookieClient.addEntry(BookieClient.java:245)
at org.apache.bookkeeper.client.PendingAddOp.sendWriteRequest(PendingAddOp.java:131)
at org.apache.bookkeeper.client.PendingAddOp.safeRun(PendingAddOp.java:240)
at org.apache.bookkeeper.common.util.SafeRunnable.run(SafeRunnable.java:36)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalArgumentException: File does not contain valid private key: /my.key.pem
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:267)
at org.apache.bookkeeper.tls.TLSContextFactory.createClientContext(TLSContextFactory.java:244)
at org.apache.bookkeeper.tls.TLSContextFactory.init(TLSContextFactory.java:363)
... 12 more
Caused by: java.security.spec.InvalidKeySpecException: Neither RSA, DSA nor EC worked
at io.netty.handler.ssl.SslContext.getPrivateKeyFromByteBuffer(SslContext.java:1045)
at io.netty.handler.ssl.SslContext.toPrivateKey(SslContext.java:1014)
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:265)
... 14 more
Caused by: java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : algid parse error, not a sequence
at sun.security.ec.ECKeyFactory.engineGeneratePrivate(ECKeyFactory.java:169)
at java.security.KeyFactory.generatePrivate(KeyFactory.java:372)
at io.netty.handler.ssl.SslContext.getPrivateKeyFromByteBuffer(SslContext.java:1043)
... 16 more
Caused by: java.security.InvalidKeyException: IOException : algid parse error, not a sequence
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:351)
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:356)
at sun.security.ec.ECPrivateKeyImpl.<init>(ECPrivateKeyImpl.java:73)
at sun.security.ec.ECKeyFactory.implGeneratePrivate(ECKeyFactory.java:237)
at sun.security.ec.ECKeyFactory.engineGeneratePrivate(ECKeyFactory.java:165)
... 18 more
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services