[jira] [Commented] (ZOOKEEPER-2297) NPE is thrown while creating "key manager" and "trust manager"

[Arshad Mohammad (JIRA)]

    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-2297?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15339106#comment-15339106
 ] 

Arshad Mohammad commented on ZOOKEEPER-2297:
--------------------------------------------

# {{QuorumPeerConfig}} is already holding secure configuration information but 
can not pass the {{QuorumPeerConfig}} to {{ProviderRegistry}} as 
{{ProviderRegistry}} is static and can be called even when {{QuorumPeerConfig}} 
is initialized
{{ZKServerContext}} is introduced to pass the information form  
{{QuorumPeerConfig}} to {{ProviderRegistry}}
# The better way to handle this scenario was to let the user configure the 
authentication provider. But if we can not do this now because of backward 
compatibility reason.Can we grammatically configure as and when required?
{code}
//configure only if it is not configured
private void configureSSLAuth() throws ConfigException {
        String sslAuthProp = "zookeeper.authProvider."
                + System.getProperty(ZKConfig.SSL_AUTHPROVIDER, "x509");
        if (System.getProperty(sslAuthProp) == null) {
            if ("zookeeper.authProvider.x509".equals(sslAuthProp)) {
                System.setProperty("zookeeper.authProvider.x509",
                        
"org.apache.zookeeper.server.auth.X509AuthenticationProvider");
            } else {
                throw new ConfigException(
                        "No auth provider confiugred for configured SSL 
authenticaiton scheme '"
                                + System.getProperty(ZKConfig.SSL_AUTHPROVIDER) 
+ "'.");
            }
        }
    }
{code}
# I figured out another problem with the existing SSL authentication provider 
initialization.
It is always initializing {{X509AuthenticationProvider}}. If some SSL 
authentication provider is configured default "x509" should not be initialized.

bq. Don't you have to do the same for the other authentication providers here:
No, these authentication providers are always used irrespective of secure 
socket configured or not.

bq. Is the second setSecure here supposed to be false:
No, It has to be true. In this case secureClientPortAddress is initialized with 
port only and using 0.0.0.0 as the binding ip
In the first case it is initialized with ip and port. 

> NPE is thrown while creating "key manager" and "trust manager" 
> ---------------------------------------------------------------
>
>                 Key: ZOOKEEPER-2297
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2297
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: server
>    Affects Versions: 3.5.1
>         Environment: Suse 11 sp 3
>            Reporter: Anushri
>            Assignee: Arshad Mohammad
>            Priority: Blocker
>             Fix For: 3.5.2, 3.6.0
>
>         Attachments: ZOOKEEPER-2297-01.patch, ZOOKEEPER-2297-02.patch, 
> ZOOKEEPER-2297-03.patch, ZOOKEEPER-2297-04.patch, ZOOKEEPER-2297-06.patch
>
>
> NPE is thrown while creating "key manager" and "trust manager" , even though 
> the zk setup is in non-secure mode
> bq. 2015-10-19 12:54:12,278 [myid:2] - ERROR [ProcessThread(sid:2 
> cport:-1)::X509AuthenticationProvider@78] - Failed to create key manager
> bq. org.apache.zookeeper.common.X509Exception$KeyManagerException: 
> java.lang.NullPointerException
> at org.apache.zookeeper.common.X509Util.createKeyManager(X509Util.java:129)
> at 
> org.apache.zookeeper.server.auth.X509AuthenticationProvider.<init>(X509AuthenticationProvider.java:75)
> at 
> org.apache.zookeeper.server.auth.ProviderRegistry.initialize(ProviderRegistry.java:42)
> at 
> org.apache.zookeeper.server.auth.ProviderRegistry.getProvider(ProviderRegistry.java:68)
> at 
> org.apache.zookeeper.server.PrepRequestProcessor.fixupACL(PrepRequestProcessor.java:952)
> at 
> org.apache.zookeeper.server.PrepRequestProcessor.pRequest2Txn(PrepRequestProcessor.java:379)
> at 
> org.apache.zookeeper.server.PrepRequestProcessor.pRequest(PrepRequestProcessor.java:716)
> at 
> org.apache.zookeeper.server.PrepRequestProcessor.run(PrepRequestProcessor.java:144)
> Caused by: java.lang.NullPointerException
> at org.apache.zookeeper.common.X509Util.createKeyManager(X509Util.java:113)
> ... 7 more
> bq. 2015-10-19 12:54:12,279 [myid:2] - ERROR [ProcessThread(sid:2 
> cport:-1)::X509AuthenticationProvider@90] - Failed to create trust manager
> bq.  org.apache.zookeeper.common.X509Exception$TrustManagerException: 
> java.lang.NullPointerException
> at org.apache.zookeeper.common.X509Util.createTrustManager(X509Util.java:158)
> at 
> org.apache.zookeeper.server.auth.X509AuthenticationProvider.<init>(X509AuthenticationProvider.java:87)
> at 
> org.apache.zookeeper.server.auth.ProviderRegistry.initialize(ProviderRegistry.java:42)
> at 
> org.apache.zookeeper.server.auth.ProviderRegistry.getProvider(ProviderRegistry.java:68)
> at 
> org.apache.zookeeper.server.PrepRequestProcessor.fixupACL(PrepRequestProcessor.java:952)
> at 
> org.apache.zookeeper.server.PrepRequestProcessor.pRequest2Txn(PrepRequestProcessor.java:379)
> at 
> org.apache.zookeeper.server.PrepRequestProcessor.pRequest(PrepRequestProcessor.java:716)
> at 
> org.apache.zookeeper.server.PrepRequestProcessor.run(PrepRequestProcessor.java:144)
> Caused by: java.lang.NullPointerException
> at org.apache.zookeeper.common.X509Util.createTrustManager(X509Util.java:143)
> ... 7 more



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)