[jira] [Commented] (NIFI-11163) Key Manager initialization failed

Thu, 09 Feb 2023 20:10:05 -0800 


    [ 
https://issues.apache.org/jira/browse/NIFI-11163?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17686863#comment-17686863
 ] 

David Handermann commented on NIFI-11163:
-----------------------------------------

Thanks for reporting this issue and providing the stack trace [~macdoor615]. 
Can you provide the specific version of Java you are using?

What is the source of the PKCS12 Key Store used for NiFi Registry, was it 
created using the NiFi TLS Toolkit, OpenSSL, or some other program?

> Key Manager initialization failed
> ---------------------------------
>
>                 Key: NIFI-11163
>                 URL: https://issues.apache.org/jira/browse/NIFI-11163
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: NiFi Registry
>    Affects Versions: 1.19.0, 1.20.0, 1.19.1
>            Reporter: macdoor615
>            Priority: Major
>
> Use the exact same nifi-registry.properties and keystore / truststore file.
> Version 1.18.0 starts and works properly.
> Version 1.20.0 / 1.19.1 / 1.19.0 reports the following error:
>  
> {code:java}
> 2023-02-10 10:39:49,899 WARN [main] o.apache.nifi.registry.jetty.JettyServer 
> Failed to start web server... shutting down.
> org.apache.nifi.security.ssl.BuilderConfigurationException: Key Manager 
> initialization failed
> at 
> org.apache.nifi.security.ssl.StandardSslContextBuilder.getKeyManagers(StandardSslContextBuilder.java:120)
> at 
> org.apache.nifi.security.ssl.StandardSslContextBuilder.build(StandardSslContextBuilder.java:55)
> at 
> org.apache.nifi.registry.jetty.connector.ApplicationServerConnectorFactory.buildSslContext(ApplicationServerConnectorFactory.java:149)
> at 
> org.apache.nifi.registry.jetty.connector.ApplicationServerConnectorFactory.<init>(ApplicationServerConnectorFactory.java:76)
> at 
> org.apache.nifi.registry.jetty.JettyServer.configureConnectors(JettyServer.java:150)
> at org.apache.nifi.registry.jetty.JettyServer.<init>(JettyServer.java:101)
> at org.apache.nifi.registry.NiFiRegistry.<init>(NiFiRegistry.java:114)
> at org.apache.nifi.registry.NiFiRegistry.main(NiFiRegistry.java:168)
> Caused by: java.security.UnrecoverableKeyException: Get Key failed: Given 
> final block not properly padded. Such issues can arise if a bad key is used 
> during decryption.
> at 
> java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:446)
> at 
> java.base/sun.security.util.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:90)
> at java.base/java.security.KeyStore.getKey(KeyStore.java:1057)
> at 
> java.base/sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:145)
> at 
> java.base/sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:70)
> at java.base/javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:271)
> at 
> org.apache.nifi.security.ssl.StandardSslContextBuilder.getKeyManagers(StandardSslContextBuilder.java:118)
> ... 7 common frames omitted
> Caused by: javax.crypto.BadPaddingException: Given final block not properly 
> padded. Such issues can arise if a bad key is used during decryption.
> at java.base/com.sun.crypto.provider.CipherCore.unpad(CipherCore.java:975)
> at 
> java.base/com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1056)
> at java.base/com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:853)
> at 
> java.base/com.sun.crypto.provider.PKCS12PBECipherCore.implDoFinal(PKCS12PBECipherCore.java:408)
> at 
> java.base/com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede.engineDoFinal(PKCS12PBECipherCore.java:440)
> at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2202)
> at 
> java.base/sun.security.pkcs12.PKCS12KeyStore.lambda$engineGetKey$0(PKCS12KeyStore.java:387)
> at 
> java.base/sun.security.pkcs12.PKCS12KeyStore$RetryWithZero.run(PKCS12KeyStore.java:283)
> at 
> java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:381)
> ... 13 common frames omitted
> 2023-02-10 10:39:49,902 INFO [Thread-0] org.apache.nifi.registry.NiFiRegistry 
> Initiating shutdown of Jetty web server...
> 2023-02-10 10:39:49,903 INFO [Thread-0] org.apache.nifi.registry.NiFiRegistry 
> Jetty web server shutdown completed (nicely or otherwise).
> {code}
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to