[ https://issues.apache.org/jira/browse/NIFI-11015?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Handermann updated NIFI-11015: ------------------------------------ Affects Version/s: 1.19.0 > registry ApplicationServerConnectorFactory uses > NiFiRegistryProperties.SECURITY_KEYSTORE_TYPE instead of > NiFiRegistryProperties.SECURITY_TRUSTSTORE_TYPE for buildTrustStore > ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > Key: NIFI-11015 > URL: https://issues.apache.org/jira/browse/NIFI-11015 > Project: Apache NiFi > Issue Type: Bug > Components: NiFi Registry > Affects Versions: 1.19.0, 1.19.1 > Reporter: lucas theisen > Assignee: David Handermann > Priority: Minor > > Our server has been configured to use PKCS12 for the keystore and JKS for the > truststore, but when we attempted to upgrade (from 1.16 to 1.19.1) the > registry fails to start with: > {code} > 2022-12-28 15:33:01,442 INFO [NiFi logging handler] > org.apache.nifi.registry.StdOut 2022-12-28 15:33:01,442 INFO [main] > org.eclipse.jetty.util.log Logging initialized @632ms to > org.eclipse.jetty.util.log.Slf4jLog > 2022-12-28 15:33:01,533 ERROR [NiFi logging handler] > org.apache.nifi.registry.StdErr Failed to start web server: Key Store loading > failed > 2022-12-28 15:33:01,533 ERROR [NiFi logging handler] > org.apache.nifi.registry.StdErr Shutting down... > 2022-12-28 15:33:01,534 INFO [NiFi logging handler] > org.apache.nifi.registry.StdOut 2022-12-28 15:33:01,534 WARN [main] > o.apache.nifi.registry.jetty.JettyServer Failed to start web server... > shutting down. > 2022-12-28 15:33:01,534 INFO [NiFi logging handler] > org.apache.nifi.registry.StdOut > org.apache.nifi.security.ssl.BuilderConfigurationException: Key Store loading > failed > 2022-12-28 15:33:01,534 INFO [NiFi logging handler] > org.apache.nifi.registry.StdOut at > org.apache.nifi.security.ssl.StandardKeyStoreBuilder.build(StandardKeyStoreBuilder.java:56) > 2022-12-28 15:33:01,534 INFO [NiFi logging handler] > org.apache.nifi.registry.StdOut at > org.apache.nifi.registry.jetty.connector.ApplicationServerConnectorFactory.buildStore(ApplicationServerConnectorFactory.java:181) > 2022-12-28 15:33:01,535 INFO [NiFi logging handler] > org.apache.nifi.registry.StdOut at > org.apache.nifi.registry.jetty.connector.ApplicationServerConnectorFactory.buildTrustStore(ApplicationServerConnectorFactory.java:167) > 2022-12-28 15:33:01,535 INFO [NiFi logging handler] > org.apache.nifi.registry.StdOut at > org.apache.nifi.registry.jetty.connector.ApplicationServerConnectorFactory.buildSslContext(ApplicationServerConnectorFactory.java:141) > 2022-12-28 15:33:01,535 INFO [NiFi logging handler] > org.apache.nifi.registry.StdOut at > org.apache.nifi.registry.jetty.connector.ApplicationServerConnectorFactory.<init>(ApplicationServerConnectorFactory.java:74) > 2022-12-28 15:33:01,535 INFO [NiFi logging handler] > org.apache.nifi.registry.StdOut at > org.apache.nifi.registry.jetty.JettyServer.configureConnectors(JettyServer.java:150) > 2022-12-28 15:33:01,535 INFO [NiFi logging handler] > org.apache.nifi.registry.StdOut at > org.apache.nifi.registry.jetty.JettyServer.<init>(JettyServer.java:101) > 2022-12-28 15:33:01,535 INFO [NiFi logging handler] > org.apache.nifi.registry.StdOut at > org.apache.nifi.registry.NiFiRegistry.<init>(NiFiRegistry.java:114) > 2022-12-28 15:33:01,535 INFO [NiFi logging handler] > org.apache.nifi.registry.StdOut at > org.apache.nifi.registry.NiFiRegistry.main(NiFiRegistry.java:168) > 2022-12-28 15:33:01,535 INFO [NiFi logging handler] > org.apache.nifi.registry.StdOut Caused by: java.io.IOException: > DerInputStream.getLength(): lengthTag=109, too big. > 2022-12-28 15:33:01,535 INFO [NiFi logging handler] > org.apache.nifi.registry.StdOut at > sun.security.util.DerInputStream.getLength(DerInputStream.java:588) > 2022-12-28 15:33:01,535 INFO [NiFi logging handler] > org.apache.nifi.registry.StdOut at > sun.security.util.DerValue.init(DerValue.java:412) > 2022-12-28 15:33:01,535 INFO [NiFi logging handler] > org.apache.nifi.registry.StdOut at > sun.security.util.DerValue.<init>(DerValue.java:353) > 2022-12-28 15:33:01,545 INFO [NiFi logging handler] > org.apache.nifi.registry.StdOut at > sun.security.util.DerValue.<init>(DerValue.java:366) > 2022-12-28 15:33:01,545 INFO [NiFi logging handler] > org.apache.nifi.registry.StdOut at > sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1946) > 2022-12-28 15:33:01,545 INFO [NiFi logging handler] > org.apache.nifi.registry.StdOut at > java.security.KeyStore.load(KeyStore.java:1445) > 2022-12-28 15:33:01,545 INFO [NiFi logging handler] > org.apache.nifi.registry.StdOut at > org.apache.nifi.security.ssl.StandardKeyStoreBuilder.build(StandardKeyStoreBuilder.java:54) > 2022-12-28 15:33:01,545 INFO [NiFi logging handler] > org.apache.nifi.registry.StdOut ... 8 common frames omitted > {code} > A quick check of the source shows the use of > [{{NiFiRegistryProperties.SECURITY_KEYSTORE_TYPE}} instead of > {{NiFiRegistryProperties.SECURITY_TRUSTSTORE_TYPE}}|https://github.com/apache/nifi/blob/rel/nifi-1.19.1/nifi-registry/nifi-registry-core/nifi-registry-jetty/src/main/java/org/apache/nifi/registry/jetty/connector/ApplicationServerConnectorFactory.java#L165]: > {code} > private KeyStore buildTrustStore(final NiFiRegistryProperties properties) > { > final String trustStore = getRequiredProperty(properties, > NiFiRegistryProperties.SECURITY_TRUSTSTORE); > final String trustStoreType = getRequiredProperty(properties, > NiFiRegistryProperties.SECURITY_KEYSTORE_TYPE); > final String trustStorePassword = getRequiredProperty(properties, > NiFiRegistryProperties.SECURITY_TRUSTSTORE_PASSWD); > return buildStore(trustStore, trustStoreType, trustStorePassword); > } > {code} > This means that to workaround this in the current code we will need to use > the same keystore type for both the keystore and the trust store and use the > {{nifi.registry.security.keystoreType}} to configure that type. -- This message was sent by Atlassian Jira (v8.20.10#820010)