You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2021/12/01 15:16:22 UTC
[GitHub] [pulsar] daniwb opened a new issue #13070: Pulsar Broker: Enable EC256 Support for WebService
daniwb opened a new issue #13070:
URL: https://github.com/apache/pulsar/issues/13070
**Is your feature request related to a problem? Please describe.**
Let's Encrypt creates default Certificates with EC256, unfortunately when starting the Broker Service, it fails with the Information, that the Version of the Certificate is 0.
When deploying RSA4096 Certificates it works flawlessly.
Also when disabling only the webServicePortTls but leave brokerServicePortTls enabled, the Service is able to start.
I've checked the Documentation where it lists that key should only be in PKCS8 format, but this is not needed
**Describe the solution you'd like**
Broker Service is able to start with EC256 Certificates.
**Describe alternatives you've considered**
As mentioned with RSA4096 I'm able to start the Service.
**Additional context**
Trying to start with ec256 (not reformated as pkcs8)
java.security.KeyManagementException: Private key loading error
at org.apache.pulsar.common.util.SecurityUtility.loadPrivateKeyFromPemStream(SecurityUtility.java:468) ~[org.apache.pulsar-pulsar-common-2.8.1.jar:2.8.1]
at org.apache.pulsar.common.util.SecurityUtility.loadPrivateKeyFromPemFile(SecurityUtility.java:432) ~[org.apache.pulsar-pulsar-common-2.8.1.jar:2.8.1]
at org.apache.pulsar.common.util.SecurityUtility.createSslContext(SecurityUtility.java:205) ~[org.apache.pulsar-pulsar-common-2.8.1.jar:2.8.1]
at org.apache.pulsar.common.util.DefaultSslContextBuilder.update(DefaultSslContextBuilder.java:48) ~[org.apache.pulsar-pulsar-common-2.8.1.jar:2.8.1]
at org.apache.pulsar.common.util.DefaultSslContextBuilder.update(DefaultSslContextBuilder.java:27) ~[org.apache.pulsar-pulsar-common-2.8.1.jar:2.8.1]
at org.apache.pulsar.common.util.SslContextAutoRefreshBuilder.get(SslContextAutoRefreshBuilder.java:79) [org.apache.pulsar-pulsar-common-2.8.1.jar:2.8.1]
at org.apache.pulsar.common.util.SecurityUtility$SslContextFactoryWithAutoRefresh.getSslContext(SecurityUtility.java:557) [org.apache.pulsar-pulsar-common-2.8.1.jar:2.8.1]
at org.eclipse.jetty.util.ssl.SslContextFactory.newSSLEngine(SslContextFactory.java:1903) [org.eclipse.jetty-jetty-util-9.4.42.v20210604.jar:9.4.42.v20210604]
at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:99) [org.eclipse.jetty-jetty-server-9.4.42.v20210604.jar:9.4.42.v20210604]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) [org.eclipse.jetty-jetty-util-9.4.42.v20210604.jar:9.4.42.v20210604]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) [org.eclipse.jetty-jetty-util-9.4.42.v20210604.jar:9.4.42.v20210604]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) [org.eclipse.jetty-jetty-util-9.4.42.v20210604.jar:9.4.42.v20210604]
at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:321) [org.eclipse.jetty-jetty-server-9.4.42.v20210604.jar:9.4.42.v20210604]
at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81) [org.eclipse.jetty-jetty-server-9.4.42.v20210604.jar:9.4.42.v20210604]
at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:234) [org.eclipse.jetty-jetty-server-9.4.42.v20210604.jar:9.4.42.v20210604]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) [org.eclipse.jetty-jetty-util-9.4.42.v20210604.jar:9.4.42.v20210604]
at org.eclipse.jetty.server.Server.doStart(Server.java:401) [org.eclipse.jetty-jetty-server-9.4.42.v20210604.jar:9.4.42.v20210604]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) [org.eclipse.jetty-jetty-util-9.4.42.v20210604.jar:9.4.42.v20210604]
at org.apache.pulsar.broker.web.WebService.start(WebService.java:242) [org.apache.pulsar-pulsar-broker-2.8.1.jar:2.8.1]
at org.apache.pulsar.broker.PulsarService.start(PulsarService.java:689) [org.apache.pulsar-pulsar-broker-2.8.1.jar:2.8.1]
at org.apache.pulsar.PulsarBrokerStarter$BrokerStarter.start(PulsarBrokerStarter.java:259) [org.apache.pulsar-pulsar-broker-2.8.1.jar:2.8.1]
at org.apache.pulsar.PulsarBrokerStarter.main(PulsarBrokerStarter.java:331) [org.apache.pulsar-pulsar-broker-2.8.1.jar:2.8.1]
Caused by: java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : version mismatch: (supported: 00, parsed: 01
at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:252) ~[?:1.8.0_312]
at java.security.KeyFactory.generatePrivate(KeyFactory.java:372) ~[?:1.8.0_312]
at org.apache.pulsar.common.util.SecurityUtility.loadPrivateKeyFromPemStream(SecurityUtility.java:466) ~[org.apache.pulsar-pulsar-common-2.8.1.jar:2.8.1]
... 21 more
Caused by: java.security.InvalidKeyException: IOException : version mismatch: (supported: 00, parsed: 01
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:351) ~[?:1.8.0_312]
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:356) ~[?:1.8.0_312]
at sun.security.rsa.RSAPrivateCrtKeyImpl.<init>(RSAPrivateCrtKeyImpl.java:130) ~[?:1.8.0_312]
at sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(RSAPrivateCrtKeyImpl.java:80) ~[?:1.8.0_312]
at sun.security.rsa.RSAKeyFactory.generatePrivate(RSAKeyFactory.java:357) ~[?:1.8.0_312]
at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:248) ~[?:1.8.0_312]
at java.security.KeyFactory.generatePrivate(KeyFactory.java:372) ~[?:1.8.0_312]
at org.apache.pulsar.common.util.SecurityUtility.loadPrivateKeyFromPemStream(SecurityUtility.java:466) ~[org.apache.pulsar-pulsar-common-2.8.1.jar:2.8.1]
Error Reformated as PKCS8
java.security.KeyManagementException: Private key loading error
at org.apache.pulsar.common.util.SecurityUtility.loadPrivateKeyFromPemStream(SecurityUtility.java:468) ~[org.apache.pulsar-pulsar-common-2.8.1.jar:2.8.1]
at org.apache.pulsar.common.util.SecurityUtility.loadPrivateKeyFromPemFile(SecurityUtility.java:432) ~[org.apache.pulsar-pulsar-common-2.8.1.jar:2.8.1]
at org.apache.pulsar.common.util.SecurityUtility.createSslContext(SecurityUtility.java:205) ~[org.apache.pulsar-pulsar-common-2.8.1.jar:2.8.1]
at org.apache.pulsar.common.util.DefaultSslContextBuilder.update(DefaultSslContextBuilder.java:48) ~[org.apache.pulsar-pulsar-common-2.8.1.jar:2.8.1]
at org.apache.pulsar.common.util.DefaultSslContextBuilder.update(DefaultSslContextBuilder.java:27) ~[org.apache.pulsar-pulsar-common-2.8.1.jar:2.8.1]
at org.apache.pulsar.common.util.SslContextAutoRefreshBuilder.get(SslContextAutoRefreshBuilder.java:79) [org.apache.pulsar-pulsar-common-2.8.1.jar:2.8.1]
at org.apache.pulsar.common.util.SecurityUtility$SslContextFactoryWithAutoRefresh.getSslContext(SecurityUtility.java:557) [org.apache.pulsar-pulsar-common-2.8.1.jar:2.8.1]
at org.eclipse.jetty.util.ssl.SslContextFactory.newSSLEngine(SslContextFactory.java:1903) [org.eclipse.jetty-jetty-util-9.4.42.v20210604.jar:9.4.42.v20210604]
at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:99) [org.eclipse.jetty-jetty-server-9.4.42.v20210604.jar:9.4.42.v20210604]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) [org.eclipse.jetty-jetty-util-9.4.42.v20210604.jar:9.4.42.v20210604]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) [org.eclipse.jetty-jetty-util-9.4.42.v20210604.jar:9.4.42.v20210604]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) [org.eclipse.jetty-jetty-util-9.4.42.v20210604.jar:9.4.42.v20210604]
at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:321) [org.eclipse.jetty-jetty-server-9.4.42.v20210604.jar:9.4.42.v20210604]
at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81) [org.eclipse.jetty-jetty-server-9.4.42.v20210604.jar:9.4.42.v20210604]
at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:234) [org.eclipse.jetty-jetty-server-9.4.42.v20210604.jar:9.4.42.v20210604]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) [org.eclipse.jetty-jetty-util-9.4.42.v20210604.jar:9.4.42.v20210604]
at org.eclipse.jetty.server.Server.doStart(Server.java:401) [org.eclipse.jetty-jetty-server-9.4.42.v20210604.jar:9.4.42.v20210604]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) [org.eclipse.jetty-jetty-util-9.4.42.v20210604.jar:9.4.42.v20210604]
at org.apache.pulsar.broker.web.WebService.start(WebService.java:242) [org.apache.pulsar-pulsar-broker-2.8.1.jar:2.8.1]
at org.apache.pulsar.broker.PulsarService.start(PulsarService.java:689) [org.apache.pulsar-pulsar-broker-2.8.1.jar:2.8.1]
at org.apache.pulsar.PulsarBrokerStarter$BrokerStarter.start(PulsarBrokerStarter.java:259) [org.apache.pulsar-pulsar-broker-2.8.1.jar:2.8.1]
at org.apache.pulsar.PulsarBrokerStarter.main(PulsarBrokerStarter.java:331) [org.apache.pulsar-pulsar-broker-2.8.1.jar:2.8.1]
Caused by: java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: Invalid RSA private key
at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:252) ~[?:1.8.0_312]
at java.security.KeyFactory.generatePrivate(KeyFactory.java:372) ~[?:1.8.0_312]
at org.apache.pulsar.common.util.SecurityUtility.loadPrivateKeyFromPemStream(SecurityUtility.java:466) ~[org.apache.pulsar-pulsar-common-2.8.1.jar:2.8.1]
... 21 more
Caused by: java.security.InvalidKeyException: Invalid RSA private key
at sun.security.rsa.RSAPrivateCrtKeyImpl.parseKeyBits(RSAPrivateCrtKeyImpl.java:285) ~[?:1.8.0_312]
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:343) ~[?:1.8.0_312]
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:356) ~[?:1.8.0_312]
at sun.security.rsa.RSAPrivateCrtKeyImpl.<init>(RSAPrivateCrtKeyImpl.java:130) ~[?:1.8.0_312]
at sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(RSAPrivateCrtKeyImpl.java:80) ~[?:1.8.0_312]
at sun.security.rsa.RSAKeyFactory.generatePrivate(RSAKeyFactory.java:357) ~[?:1.8.0_312]
at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:248) ~[?:1.8.0_312]
at java.security.KeyFactory.generatePrivate(KeyFactory.java:372) ~[?:1.8.0_312]
at org.apache.pulsar.common.util.SecurityUtility.loadPrivateKeyFromPemStream(SecurityUtility.java:466) ~[org.apache.pulsar-pulsar-common-2.8.1.jar:2.8.1]
... 21 more
Caused by: java.io.IOException: Version must be 0
at sun.security.rsa.RSAPrivateCrtKeyImpl.parseKeyBits(RSAPrivateCrtKeyImpl.java:263) ~[?:1.8.0_312]
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:343) ~[?:1.8.0_312]
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:356) ~[?:1.8.0_312]
at sun.security.rsa.RSAPrivateCrtKeyImpl.<init>(RSAPrivateCrtKeyImpl.java:130) ~[?:1.8.0_312]
at sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(RSAPrivateCrtKeyImpl.java:80) ~[?:1.8.0_312]
at sun.security.rsa.RSAKeyFactory.generatePrivate(RSAKeyFactory.java:357) ~[?:1.8.0_312]
at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:248) ~[?:1.8.0_312]
at java.security.KeyFactory.generatePrivate(KeyFactory.java:372) ~[?:1.8.0_312]
at org.apache.pulsar.common.util.SecurityUtility.loadPrivateKeyFromPemStream(SecurityUtility.java:466) ~[org.apache.pulsar-pulsar-common-2.8.1.jar:2.8.1]
Pulsar Broker Throws Error with: Version must be 0
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] github-actions[bot] commented on issue #13070: Pulsar Broker: Enable EC256 Support for WebService
Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on issue #13070:
URL: https://github.com/apache/pulsar/issues/13070#issuecomment-1051440453
The issue had no activity for 30 days, mark with Stale label.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org