You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Yolanda M. Davis (JIRA)" <ji...@apache.org> on 2016/10/21 16:40:58 UTC
[jira] [Created] (NIFI-2930) SSLContextFactory throws Exception
when Keystore password differs from Key password
Yolanda M. Davis created NIFI-2930:
--------------------------------------
Summary: SSLContextFactory throws Exception when Keystore password differs from Key password
Key: NIFI-2930
URL: https://issues.apache.org/jira/browse/NIFI-2930
Project: Apache NiFi
Issue Type: Bug
Components: Core Framework
Affects Versions: 1.0.0
Reporter: Yolanda M. Davis
The SSLContextFactory class currently does not retrieve both key password and keystore password (only the keystore password is retrieved). The keystore password value in that class is used to load the keystore as well as initialize the KeyManagerFactory. However the KeyManagerFactory appears to expect the key password. If the key password has a different value from the keystore password, then the following exception occurs:
Caused by: java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(KeyProtector.java:328) ~[na:1.8.0_77]
at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:146) ~[na:1.8.0_77]
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:56) ~[na:1.8.0_77]
at sun.security.provider.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:96) ~[na:1.8.0_77]
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetKey(JavaKeyStore.java:70) ~[na:1.8.0_77]
at java.security.KeyStore.getKey(KeyStore.java:1023) ~[na:1.8.0_77]
at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:133) ~[na:1.8.0_77]
at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:70) ~[na:1.8.0_77]
at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256) ~[na:1.8.0_77]
at org.apache.nifi.io.socket.SSLContextFactory.<init>(SSLContextFactory.java:69) ~[nifi-socket-utils-1.0.0.2.0.0.0-579.jar:1.0.0.2.0.0.0-579]
at org.apache.nifi.cluster.protocol.spring.ServerSocketConfigurationFactoryBean.getObject(ServerSocketConfigurationFactoryBean.java:45) ~[nifi-framework-cluster-protocol-1.0.0.2.0.0.0-579.jar:1.0.0.2.0.0.0-579]
at org.apache.nifi.cluster.protocol.spring.ServerSocketConfigurationFactoryBean.getObject(ServerSocketConfigurationFactoryBean.java:30) ~[nifi-framework-cluster-protocol-1.0.0.2.0.0.0-579.jar:1.0.0.2.0.0.0-579]
at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:168) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
I believe the fix is to also retrieve the key password from nifi properties and provide that value when initializing the KeyManagerFactory.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)