[
https://issues.apache.org/jira/browse/NIFI-2476?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15406904#comment-15406904
]
Andy LoPresto commented on NIFI-2476:
-------------------------------------
By default, the tool generates different values for the {{key}} and
{{keystore}} password. It successfully populates these values into the
respective {{nifi.properties}}, but the {{SSLContextService}} which is used by
NiFi does not allow for disparate keys, so a key tamper/incorrect exception is
thrown during NiFi startup. The default behavior of the tool should be to
enforce the same key and keystore password {{-R}} until such time that the
blocking issues [NIFI-1478] and [NIFI-2466] are resolved.
Example:
{code}
2016-08-03 17:29:33,526 INFO [main] /nifi-api Initializing Spring root
WebApplicationContext
2016-08-03 17:29:38,018 WARN [main] org.eclipse.jetty.webapp.WebAppContext
Failed startup of context
o.e.j.w.WebAppContext@5440a3a{/nifi-api,file:///Users/alopresto/Workspace/scratch/NIFI-2193/host1/work/jetty/nifi-web-api-1.0.0-SNAPSHOT.war/webapp/,UNAVAILABLE}{./work/nar/framework/nifi-framework-nar-1.0.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/nifi-web-api-1.0.0-SNAPSHOT.war}
org.apache.nifi.web.NiFiCoreException: Unable to start Flow Controller.
at
org.apache.nifi.web.contextlistener.ApplicationStartupContextListener.contextInitialized(ApplicationStartupContextListener.java:93)
~[na:na]
at
org.eclipse.jetty.server.handler.ContextHandler.callContextInitialized(ContextHandler.java:837)
~[jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
at
org.eclipse.jetty.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:533)
~[jetty-servlet-9.3.9.v20160517.jar:9.3.9.v20160517]
at
org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:810)
~[jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
at
org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:345)
~[jetty-servlet-9.3.9.v20160517.jar:9.3.9.v20160517]
at
org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1404)
~[jetty-webapp-9.3.9.v20160517.jar:9.3.9.v20160517]
at
org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1366)
~[jetty-webapp-9.3.9.v20160517.jar:9.3.9.v20160517]
at
org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:772)
~[jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
at
org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:262)
~[jetty-servlet-9.3.9.v20160517.jar:9.3.9.v20160517]
at
org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:520)
~[jetty-webapp-9.3.9.v20160517.jar:9.3.9.v20160517]
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
[jetty-util-9.3.9.v20160517.jar:9.3.9.v20160517]
at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)
[jetty-util-9.3.9.v20160517.jar:9.3.9.v20160517]
at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:114)
[jetty-util-9.3.9.v20160517.jar:9.3.9.v20160517]
at
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)
[jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
[jetty-util-9.3.9.v20160517.jar:9.3.9.v20160517]
at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)
[jetty-util-9.3.9.v20160517.jar:9.3.9.v20160517]
at org.eclipse.jetty.server.Server.start(Server.java:411)
[jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:106)
[jetty-util-9.3.9.v20160517.jar:9.3.9.v20160517]
at
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)
[jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
at org.eclipse.jetty.server.Server.doStart(Server.java:378)
[jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
[jetty-util-9.3.9.v20160517.jar:9.3.9.v20160517]
at org.apache.nifi.web.server.JettyServer.start(JettyServer.java:651)
[nifi-jetty-1.0.0-SNAPSHOT.jar:1.0.0-SNAPSHOT]
at org.apache.nifi.NiFi.<init>(NiFi.java:137)
[nifi-runtime-1.0.0-SNAPSHOT.jar:1.0.0-SNAPSHOT]
at org.apache.nifi.NiFi.main(NiFi.java:227)
[nifi-runtime-1.0.0-SNAPSHOT.jar:1.0.0-SNAPSHOT]
Caused by: org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'flowService': FactoryBean threw exception on object
creation; nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating bean
with name 'flowController': FactoryBean threw exception on object creation;
nested exception is
org.apache.nifi.framework.security.util.SslContextCreationException:
java.io.IOException: Keystore was tampered with, or password was incorrect
at
org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:175)
~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at
org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:103)
~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at
org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1585)
~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:317)
~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at
org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1060)
~[spring-context-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at
org.apache.nifi.web.contextlistener.ApplicationStartupContextListener.contextInitialized(ApplicationStartupContextListener.java:52)
~[na:na]
... 23 common frames omitted
Caused by: org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'flowController': FactoryBean threw exception on object
creation; nested exception is
org.apache.nifi.framework.security.util.SslContextCreationException:
java.io.IOException: Keystore was tampered with, or password was incorrect
at
org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:175)
~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at
org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:103)
~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at
org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1585)
~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:317)
~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at
org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1060)
~[spring-context-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at
org.apache.nifi.spring.StandardFlowServiceFactoryBean.getObject(StandardFlowServiceFactoryBean.java:48)
~[nifi-framework-core-1.0.0-SNAPSHOT.jar:1.0.0-SNAPSHOT]
at
org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:168)
~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
... 29 common frames omitted
Caused by: org.apache.nifi.framework.security.util.SslContextCreationException:
java.io.IOException: Keystore was tampered with, or password was incorrect
at
org.apache.nifi.framework.security.util.SslContextFactory.createSslContext(SslContextFactory.java:105)
~[nifi-security-1.0.0-SNAPSHOT.jar:1.0.0-SNAPSHOT]
at
org.apache.nifi.controller.FlowController.<init>(FlowController.java:433)
~[nifi-framework-core-1.0.0-SNAPSHOT.jar:1.0.0-SNAPSHOT]
at
org.apache.nifi.controller.FlowController.createStandaloneInstance(FlowController.java:377)
~[nifi-framework-core-1.0.0-SNAPSHOT.jar:1.0.0-SNAPSHOT]
at
org.apache.nifi.spring.FlowControllerFactoryBean.getObject(FlowControllerFactoryBean.java:68)
~[nifi-framework-core-1.0.0-SNAPSHOT.jar:1.0.0-SNAPSHOT]
at
org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:168)
~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
... 36 common frames omitted
Caused by: java.io.IOException: Keystore was tampered with, or password was
incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780)
~[na:1.8.0_92]
at
sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
~[na:1.8.0_92]
at
sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
~[na:1.8.0_92]
at
sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
~[na:1.8.0_92]
at java.security.KeyStore.load(KeyStore.java:1445) ~[na:1.8.0_92]
at
org.apache.nifi.framework.security.util.SslContextFactory.createSslContext(SslContextFactory.java:74)
~[nifi-security-1.0.0-SNAPSHOT.jar:1.0.0-SNAPSHOT]
... 40 common frames omitted
Caused by: java.security.UnrecoverableKeyException: Password verification failed
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778)
~[na:1.8.0_92]
... 45 common frames omitted
{code}
> Further refine tls-toolkit based on feedback gathered during beta
> -----------------------------------------------------------------
>
> Key: NIFI-2476
> URL: https://issues.apache.org/jira/browse/NIFI-2476
> Project: Apache NiFi
> Issue Type: Improvement
> Reporter: Bryan Rosander
>
> The basic functionality of generating keystores, truststores,
> nifi.properties, and a configuration json is implemented.
> As people start using this tool to ease the tls setup process in NiFi,
> shortcomings in the initial implementation will need to be addressed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
