[jira] [Commented] (ZOOKEEPER-2297) NPE is thrown while creating "key manager" and "trust manager"

[Rakesh R (JIRA)]

    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-2297?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15110463#comment-15110463
 ] 

Rakesh R commented on ZOOKEEPER-2297:
-------------------------------------

bq. If we are to change configuration, even when the branch is not yet stable 
like 3.5, we need to bring the issue up on the user list to collect feedback. 
We can't expect users to be aware of discussions in jiras like this one and it 
affects them.
Thank you [~fpj] for the advice, I will send a mail in the user/dev mailing 
list about this once agree upon the changes.

To make it clear, this jira is changing zookeeper server side configuration 
only. Now, with this change user need to mandatory configure the SSL scheme 
name "x509" along with the other SSL configurations. Earlier "x509" was 
instantiated by default, irrespective of secure or non-secure. So user not 
required to configure this explicitly. The proposed change is similar to the 
way configuring the SASL auth mechanism. 

For SASL auth, server side configuration is,
{{authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider}}

For SSL auth, now user need to explicitly configure at server,
{{authProvider.2=org.apache.zookeeper.server.auth.X509AuthenticationProvider}}

cwiki page already described about the authProvider configuration, but this 
configuration is not captured at the {{Server}} configuration section. As part 
of this we will add this to the {{Server}} configurations.
Following quotes taken from ZooKeeper SSL User Guide page.
{code}
To configure the ZooKeeper server to use the custom provider for 
authentication, choose a scheme name and set the property 
zookeeper.authProvider.[scheme] to the fully-qualified class name of the custom 
implementation. This will load the provider into the ProviderRegistry. Then set 
the property zookeeper.ssl.authProvider=[scheme] and that provider will be used 
for secure authentication.
{code}

bq. Also, this is focusing on SSL, but this change affects SASL as well, yes?
Sorry I failed to find any dependency with SASL. Could you please give your 
thoughts to understand more about it.

> NPE is thrown while creating "key manager" and "trust manager" 
> ---------------------------------------------------------------
>
>                 Key: ZOOKEEPER-2297
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2297
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: server
>    Affects Versions: 3.5.1
>         Environment: Suse 11 sp 3
>            Reporter: Anushri
>            Assignee: Arshad Mohammad
>            Priority: Blocker
>             Fix For: 3.5.2, 3.6.0
>
>         Attachments: ZOOKEEPER-2297-01.patch, ZOOKEEPER-2297-02.patch, 
> ZOOKEEPER-2297-03.patch
>
>
> NPE is thrown while creating "key manager" and "trust manager" , even though 
> the zk setup is in non-secure mode
> bq. 2015-10-19 12:54:12,278 [myid:2] - ERROR [ProcessThread(sid:2 
> cport:-1)::X509AuthenticationProvider@78] - Failed to create key manager
> bq. org.apache.zookeeper.common.X509Exception$KeyManagerException: 
> java.lang.NullPointerException
> at org.apache.zookeeper.common.X509Util.createKeyManager(X509Util.java:129)
> at 
> org.apache.zookeeper.server.auth.X509AuthenticationProvider.<init>(X509AuthenticationProvider.java:75)
> at 
> org.apache.zookeeper.server.auth.ProviderRegistry.initialize(ProviderRegistry.java:42)
> at 
> org.apache.zookeeper.server.auth.ProviderRegistry.getProvider(ProviderRegistry.java:68)
> at 
> org.apache.zookeeper.server.PrepRequestProcessor.fixupACL(PrepRequestProcessor.java:952)
> at 
> org.apache.zookeeper.server.PrepRequestProcessor.pRequest2Txn(PrepRequestProcessor.java:379)
> at 
> org.apache.zookeeper.server.PrepRequestProcessor.pRequest(PrepRequestProcessor.java:716)
> at 
> org.apache.zookeeper.server.PrepRequestProcessor.run(PrepRequestProcessor.java:144)
> Caused by: java.lang.NullPointerException
> at org.apache.zookeeper.common.X509Util.createKeyManager(X509Util.java:113)
> ... 7 more
> bq. 2015-10-19 12:54:12,279 [myid:2] - ERROR [ProcessThread(sid:2 
> cport:-1)::X509AuthenticationProvider@90] - Failed to create trust manager
> bq.  org.apache.zookeeper.common.X509Exception$TrustManagerException: 
> java.lang.NullPointerException
> at org.apache.zookeeper.common.X509Util.createTrustManager(X509Util.java:158)
> at 
> org.apache.zookeeper.server.auth.X509AuthenticationProvider.<init>(X509AuthenticationProvider.java:87)
> at 
> org.apache.zookeeper.server.auth.ProviderRegistry.initialize(ProviderRegistry.java:42)
> at 
> org.apache.zookeeper.server.auth.ProviderRegistry.getProvider(ProviderRegistry.java:68)
> at 
> org.apache.zookeeper.server.PrepRequestProcessor.fixupACL(PrepRequestProcessor.java:952)
> at 
> org.apache.zookeeper.server.PrepRequestProcessor.pRequest2Txn(PrepRequestProcessor.java:379)
> at 
> org.apache.zookeeper.server.PrepRequestProcessor.pRequest(PrepRequestProcessor.java:716)
> at 
> org.apache.zookeeper.server.PrepRequestProcessor.run(PrepRequestProcessor.java:144)
> Caused by: java.lang.NullPointerException
> at org.apache.zookeeper.common.X509Util.createTrustManager(X509Util.java:143)
> ... 7 more



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)