You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@beam.apache.org by "Beam JIRA Bot (Jira)" <ji...@apache.org> on 2022/04/27 17:28:00 UTC

[jira] [Commented] (BEAM-10723) SSL authentication key set to trustMaterial instead of keyMaterial

    [ https://issues.apache.org/jira/browse/BEAM-10723?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17528918#comment-17528918 ] 

Beam JIRA Bot commented on BEAM-10723:
--------------------------------------

This issue is P2 but has been unassigned without any comment for 60 days so it has been labeled "stale-P2". If this issue is still affecting you, we care! Please comment and remove the label. Otherwise, in 14 days the issue will be moved to P3.

Please see https://beam.apache.org/contribute/jira-priorities/ for a detailed explanation of what these priorities mean.


> SSL authentication key set to trustMaterial instead of keyMaterial
> ------------------------------------------------------------------
>
>                 Key: BEAM-10723
>                 URL: https://issues.apache.org/jira/browse/BEAM-10723
>             Project: Beam
>          Issue Type: Bug
>          Components: io-java-elasticsearch
>    Affects Versions: 2.19.0
>            Reporter: Marek Simunek
>            Priority: P2
>              Labels: stale-P2
>          Time Spent: 1h 20m
>  Remaining Estimate: 0h
>
> If I set 
> ElasticsearchIO.ConnectionConfiguration#withKeystorePath
> the keystore is set to trustMaterial which I think is wrong, because this keystore is suppose to be truststore for certificates.
> So if I use keyStoreKey instead of username and pass:
> {code:java}
>   ElasticsearchIO.write()
>       .withConnectionConfiguration(
>       ElasticsearchIO.ConnectionConfiguration
>           .create(config.addresses().toArray(new String[0]), config.index(), config.type())
>       .withKeystorePath(config.keystorePath())
>         .withKeystorePassword("somepassword")
>         .withTrustSelfSignedCerts(true));
> {code}
> I cannot authenticate.
> I got
> {code:java}
> Caused by: javax.net.ssl.SSLException: Received fatal alert: bad_certificate
> {code}
> because the authetication key is set to trustMaterial instead of keyMaterial
> {code:java}
> SSLContexts.custom().loadTrustMaterial(keyStore, trustStrategy).build();
> {code}
> via [code|https://github.com/apache/beam/blob/release-2.19.0/sdks/java/io/elasticsearch/src/main/java/org/apache/beam/sdk/io/elasticsearch/ElasticsearchIO.java#L439]
> I am working on fix



--
This message was sent by Atlassian Jira
(v8.20.7#820007)