You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Andy LoPresto (JIRA)" <ji...@apache.org> on 2018/05/21 17:18:01 UTC

[jira] [Commented] (NIFI-5193) Improve ConfigEncryptionTool handling of complex user search mapping values

    [ https://issues.apache.org/jira/browse/NIFI-5193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16482747#comment-16482747 ] 

Andy LoPresto commented on NIFI-5193:
-------------------------------------

I think the solution to this is to filter out the user search mapping and other element values that might contain complex expressions before performing the regex operations. These could be replaced by temporary tokens and stored in a hash map, then re-inserted after the regex operations. 

> Improve ConfigEncryptionTool handling of complex user search mapping values
> ---------------------------------------------------------------------------
>
>                 Key: NIFI-5193
>                 URL: https://issues.apache.org/jira/browse/NIFI-5193
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Tools and Build
>    Affects Versions: 1.6.0
>            Reporter: Andy LoPresto
>            Priority: Major
>              Labels: regex, security, toolkit
>
> The {{ConfigEncryptionTool}} can fail to encrypt {{login-identity-providers.xml}} or {{authorizers.xml}} if the XML contains a User Search Mapping value which is interpreted as having regular expression capture groups. 
> {code}
> <property name="User Search Filter">(& (objectCategory=Person)(sAMAccountName=*)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(!(sAMAccountName=$*)))</property>
> {code}
> Results in:
> {code}
> 2018/05/14 15:05:22 ERROR [main] org.apache.nifi.properties.ConfigEncryptionTool: Encountered an error
> java.lang.IllegalArgumentException: Illegal group reference
>             at java.util.regex.Matcher.appendReplacement(Matcher.java:857)
>             at java.util.regex.Matcher.replaceFirst(Matcher.java:1004)
>             at java.lang.String.replaceFirst(String.java:2178)
>             at java_lang_String$replaceFirst$6.call(Unknown Source)
>             at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
>             at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
>             at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:133)
>             at org.apache.nifi.properties.ConfigEncryptionTool.serializeAuthorizersAndPreserveFormat(ConfigEncryptionTool.groovy:1246)
>             at org.apache.nifi.properties.ConfigEncryptionTool$serializeAuthorizersAndPreserveFormat$6.callStatic(Unknown Source)
>             at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:56)
>             at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:194)
>             at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:214)
>             at org.apache.nifi.properties.ConfigEncryptionTool.writeAuthorizers(ConfigEncryptionTool.groovy:1118)
>             at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>             at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>             at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>             at java.lang.reflect.Method.invoke(Method.java:498)
>             at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite$PogoCachedMethodSiteNoUnwrapNoCoerce.invoke(PogoMetaMethodSite.java:210)
>             at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite.call(PogoMetaMethodSite.java:71)
>             at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
>             at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
>             at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:117)
>             at org.apache.nifi.properties.ConfigEncryptionTool.main(ConfigEncryptionTool.groovy:1485)
>             at org.apache.nifi.properties.ConfigEncryptionTool$main.call(Unknown Source)
>             at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
>             at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
>             at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:125)
>             at org.apache.nifi.toolkit.encryptconfig.LegacyMode.run(LegacyMode.groovy:30)
>             at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>             at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>             at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>             at java.lang.reflect.Method.invoke(Method.java:498)
>             at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite$PogoCachedMethodSite.invoke(PogoMetaMethodSite.java:169)
>             at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite.call(PogoMetaMethodSite.java:71)
>             at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
>             at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
>             at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:125)
>             at org.apache.nifi.toolkit.encryptconfig.EncryptConfigMain.main(EncryptConfigMain.groovy:109)
> Encountered an error writing the master key to the bootstrap.conf file and the encrypted properties to nifi.properties
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)