[jira] [Created] (GEODE-9394) Apache Geode does not properly cleanup it's SSL context between runs

Tue, 22 Jun 2021 13:13:05 -0700 

John Blum created GEODE-9394:
--------------------------------

             Summary: Apache Geode does not properly cleanup it's SSL context 
between runs
                 Key: GEODE-9394
                 URL: https://issues.apache.org/jira/browse/GEODE-9394
             Project: Geode
          Issue Type: Bug
          Components: security
            Reporter: John Blum


Because Geode internally uses may statics to maintain state and to pass 
configuration between components in a non-Object Oriented fashion, I believe 
stale SSL configuration is being retained between Geode instance runs, leading 
to Exceptions thrown of the following nature:

{code}
Caused by: org.apache.geode.GemFireConfigException: Error configuring GemFire 
ssl 
        at 
org.apache.geode.internal.net.SocketCreator.initialize(SocketCreator.java:249)
        at 
org.apache.geode.internal.net.SocketCreator.<init>(SocketCreator.java:180)
        at 
org.apache.geode.internal.net.SocketCreatorFactory.createSSLSocketCreator(SocketCreatorFactory.java:114)
        at 
org.apache.geode.internal.net.SocketCreatorFactory.getSSLSocketCreator(SocketCreatorFactory.java:88)
        at 
org.apache.geode.internal.net.SocketCreatorFactory.getOrCreateSocketCreatorForSSLEnabledComponent(SocketCreatorFactory.java:104)
        at 
org.apache.geode.internal.net.SocketCreatorFactory.getSocketCreatorForComponent(SocketCreatorFactory.java:74)
        at 
org.apache.geode.cache.client.internal.ConnectionFactoryImpl.<init>(ConnectionFactoryImpl.java:84)
        at 
org.apache.geode.cache.client.internal.PoolImpl.<init>(PoolImpl.java:261)
        at 
org.apache.geode.cache.client.internal.PoolImpl.create(PoolImpl.java:161)
        at 
org.apache.geode.internal.cache.PoolFactoryImpl.create(PoolFactoryImpl.java:374)
        at 
org.apache.geode.internal.cache.GemFireCacheImpl.determineDefaultPool(GemFireCacheImpl.java:2835)
        at 
org.apache.geode.internal.cache.GemFireCacheImpl.getDefaultPool(GemFireCacheImpl.java:1321)
        at 
org.apache.geode.cache.client.internal.ClientRegionFactoryImpl.getDefaultPool(ClientRegionFactoryImpl.java:101)
        at 
org.apache.geode.cache.client.internal.ClientRegionFactoryImpl.createRegionAttributes(ClientRegionFactoryImpl.java:249)
        at 
org.apache.geode.cache.client.internal.ClientRegionFactoryImpl.create(ClientRegionFactoryImpl.java:232)
        at 
org.springframework.data.gemfire.client.ClientRegionFactoryBean.newRegion(ClientRegionFactoryBean.java:193)
        at 
org.springframework.data.gemfire.client.ClientRegionFactoryBean.createRegion(ClientRegionFactoryBean.java:164)
        at 
org.springframework.data.gemfire.ResolvableRegionFactoryBean.afterPropertiesSet(ResolvableRegionFactoryBean.java:96)
        at 
org.springframework.data.gemfire.config.annotation.support.CacheTypeAwareRegionFactoryBean.newClientRegion(CacheTypeAwareRegionFactoryBean.java:181)
        at 
org.springframework.data.gemfire.config.annotation.support.CacheTypeAwareRegionFactoryBean.createRegion(CacheTypeAwareRegionFactoryBean.java:141)
        at 
org.springframework.data.gemfire.ResolvableRegionFactoryBean.afterPropertiesSet(ResolvableRegionFactoryBean.java:96)
        at 
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1858)
        at 
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1795)
        ... 69 more
Caused by: java.security.UnrecoverableKeyException: Password must not be null
        at 
sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:134)
        at 
sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:57)
        at 
sun.security.provider.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:96)
        at 
sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetKey(JavaKeyStore.java:71)
        at java.security.KeyStore.getKey(KeyStore.java:1023)
        at 
sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:145)
        at 
sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:70)
        at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256)
        at 
org.apache.geode.internal.net.SocketCreator.getKeyManagers(SocketCreator.java:422)
        at 
org.apache.geode.internal.net.SocketCreator.createAndConfigureSSLContext(SocketCreator.java:292)
        at 
org.apache.geode.internal.net.SocketCreator.initialize(SocketCreator.java:246)
        ... 91 more
{code}

In the StackTrace above, SSL was not even configured between the Geode client 
and server even though Geode thinks it was.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to