[
https://issues.apache.org/jira/browse/NIFI-11015?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann updated NIFI-11015:
------------------------------------
Affects Version/s: 1.19.0
> registry ApplicationServerConnectorFactory uses
> NiFiRegistryProperties.SECURITY_KEYSTORE_TYPE instead of
> NiFiRegistryProperties.SECURITY_TRUSTSTORE_TYPE for buildTrustStore
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: NIFI-11015
> URL: https://issues.apache.org/jira/browse/NIFI-11015
> Project: Apache NiFi
> Issue Type: Bug
> Components: NiFi Registry
> Affects Versions: 1.19.0, 1.19.1
> Reporter: lucas theisen
> Assignee: David Handermann
> Priority: Minor
>
> Our server has been configured to use PKCS12 for the keystore and JKS for the
> truststore, but when we attempted to upgrade (from 1.16 to 1.19.1) the
> registry fails to start with:
> {code}
> 2022-12-28 15:33:01,442 INFO [NiFi logging handler]
> org.apache.nifi.registry.StdOut 2022-12-28 15:33:01,442 INFO [main]
> org.eclipse.jetty.util.log Logging initialized @632ms to
> org.eclipse.jetty.util.log.Slf4jLog
> 2022-12-28 15:33:01,533 ERROR [NiFi logging handler]
> org.apache.nifi.registry.StdErr Failed to start web server: Key Store loading
> failed
> 2022-12-28 15:33:01,533 ERROR [NiFi logging handler]
> org.apache.nifi.registry.StdErr Shutting down...
> 2022-12-28 15:33:01,534 INFO [NiFi logging handler]
> org.apache.nifi.registry.StdOut 2022-12-28 15:33:01,534 WARN [main]
> o.apache.nifi.registry.jetty.JettyServer Failed to start web server...
> shutting down.
> 2022-12-28 15:33:01,534 INFO [NiFi logging handler]
> org.apache.nifi.registry.StdOut
> org.apache.nifi.security.ssl.BuilderConfigurationException: Key Store loading
> failed
> 2022-12-28 15:33:01,534 INFO [NiFi logging handler]
> org.apache.nifi.registry.StdOut at
> org.apache.nifi.security.ssl.StandardKeyStoreBuilder.build(StandardKeyStoreBuilder.java:56)
> 2022-12-28 15:33:01,534 INFO [NiFi logging handler]
> org.apache.nifi.registry.StdOut at
> org.apache.nifi.registry.jetty.connector.ApplicationServerConnectorFactory.buildStore(ApplicationServerConnectorFactory.java:181)
> 2022-12-28 15:33:01,535 INFO [NiFi logging handler]
> org.apache.nifi.registry.StdOut at
> org.apache.nifi.registry.jetty.connector.ApplicationServerConnectorFactory.buildTrustStore(ApplicationServerConnectorFactory.java:167)
> 2022-12-28 15:33:01,535 INFO [NiFi logging handler]
> org.apache.nifi.registry.StdOut at
> org.apache.nifi.registry.jetty.connector.ApplicationServerConnectorFactory.buildSslContext(ApplicationServerConnectorFactory.java:141)
> 2022-12-28 15:33:01,535 INFO [NiFi logging handler]
> org.apache.nifi.registry.StdOut at
> org.apache.nifi.registry.jetty.connector.ApplicationServerConnectorFactory.<init>(ApplicationServerConnectorFactory.java:74)
> 2022-12-28 15:33:01,535 INFO [NiFi logging handler]
> org.apache.nifi.registry.StdOut at
> org.apache.nifi.registry.jetty.JettyServer.configureConnectors(JettyServer.java:150)
> 2022-12-28 15:33:01,535 INFO [NiFi logging handler]
> org.apache.nifi.registry.StdOut at
> org.apache.nifi.registry.jetty.JettyServer.<init>(JettyServer.java:101)
> 2022-12-28 15:33:01,535 INFO [NiFi logging handler]
> org.apache.nifi.registry.StdOut at
> org.apache.nifi.registry.NiFiRegistry.<init>(NiFiRegistry.java:114)
> 2022-12-28 15:33:01,535 INFO [NiFi logging handler]
> org.apache.nifi.registry.StdOut at
> org.apache.nifi.registry.NiFiRegistry.main(NiFiRegistry.java:168)
> 2022-12-28 15:33:01,535 INFO [NiFi logging handler]
> org.apache.nifi.registry.StdOut Caused by: java.io.IOException:
> DerInputStream.getLength(): lengthTag=109, too big.
> 2022-12-28 15:33:01,535 INFO [NiFi logging handler]
> org.apache.nifi.registry.StdOut at
> sun.security.util.DerInputStream.getLength(DerInputStream.java:588)
> 2022-12-28 15:33:01,535 INFO [NiFi logging handler]
> org.apache.nifi.registry.StdOut at
> sun.security.util.DerValue.init(DerValue.java:412)
> 2022-12-28 15:33:01,535 INFO [NiFi logging handler]
> org.apache.nifi.registry.StdOut at
> sun.security.util.DerValue.<init>(DerValue.java:353)
> 2022-12-28 15:33:01,545 INFO [NiFi logging handler]
> org.apache.nifi.registry.StdOut at
> sun.security.util.DerValue.<init>(DerValue.java:366)
> 2022-12-28 15:33:01,545 INFO [NiFi logging handler]
> org.apache.nifi.registry.StdOut at
> sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1946)
> 2022-12-28 15:33:01,545 INFO [NiFi logging handler]
> org.apache.nifi.registry.StdOut at
> java.security.KeyStore.load(KeyStore.java:1445)
> 2022-12-28 15:33:01,545 INFO [NiFi logging handler]
> org.apache.nifi.registry.StdOut at
> org.apache.nifi.security.ssl.StandardKeyStoreBuilder.build(StandardKeyStoreBuilder.java:54)
> 2022-12-28 15:33:01,545 INFO [NiFi logging handler]
> org.apache.nifi.registry.StdOut ... 8 common frames omitted
> {code}
> A quick check of the source shows the use of
> [{{NiFiRegistryProperties.SECURITY_KEYSTORE_TYPE}} instead of
> {{NiFiRegistryProperties.SECURITY_TRUSTSTORE_TYPE}}|https://github.com/apache/nifi/blob/rel/nifi-1.19.1/nifi-registry/nifi-registry-core/nifi-registry-jetty/src/main/java/org/apache/nifi/registry/jetty/connector/ApplicationServerConnectorFactory.java#L165]:
> {code}
> private KeyStore buildTrustStore(final NiFiRegistryProperties properties)
> {
> final String trustStore = getRequiredProperty(properties,
> NiFiRegistryProperties.SECURITY_TRUSTSTORE);
> final String trustStoreType = getRequiredProperty(properties,
> NiFiRegistryProperties.SECURITY_KEYSTORE_TYPE);
> final String trustStorePassword = getRequiredProperty(properties,
> NiFiRegistryProperties.SECURITY_TRUSTSTORE_PASSWD);
> return buildStore(trustStore, trustStoreType, trustStorePassword);
> }
> {code}
> This means that to workaround this in the current code we will need to use
> the same keystore type for both the keystore and the trust store and use the
> {{nifi.registry.security.keystoreType}} to configure that type.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
