[jira] [Commented] (NIFI-11163) Key Manager initialization failed

Thu, 09 Feb 2023 20:46:21 -0800 


    [ 
https://issues.apache.org/jira/browse/NIFI-11163?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17686870#comment-17686870
 ] 

David Handermann commented on NIFI-11163:
-----------------------------------------

Thanks for providing the additional details!

NiFi Registry 1.19.0 included a refactored approach to loading TLS 
configuration elements as part of support for HTTP/2 in NIFI-10625. This 
exposed an issue with the TLS Toolkit, which was setting {{null}} for the key 
passwords in standalone mode. NIFI-11133 corrected the behavior of the TLS 
Toolkit, and those changes were just released in NiFi 1.20.0. Recreating the 
PKCS12 Key Store using version 1.20.0 of the TLS Toolkit should resolve the 
problem.

> Key Manager initialization failed
> ---------------------------------
>
>                 Key: NIFI-11163
>                 URL: https://issues.apache.org/jira/browse/NIFI-11163
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: NiFi Registry
>    Affects Versions: 1.19.0, 1.20.0, 1.19.1
>            Reporter: macdoor615
>            Priority: Major
>
> Use the exact same nifi-registry.properties and keystore / truststore file.
> Version 1.18.0 starts and works properly.
> Version 1.20.0 / 1.19.1 / 1.19.0 reports the following error:
>  
> {code:java}
> 2023-02-10 10:39:49,899 WARN [main] o.apache.nifi.registry.jetty.JettyServer 
> Failed to start web server... shutting down.
> org.apache.nifi.security.ssl.BuilderConfigurationException: Key Manager 
> initialization failed
> at 
> org.apache.nifi.security.ssl.StandardSslContextBuilder.getKeyManagers(StandardSslContextBuilder.java:120)
> at 
> org.apache.nifi.security.ssl.StandardSslContextBuilder.build(StandardSslContextBuilder.java:55)
> at 
> org.apache.nifi.registry.jetty.connector.ApplicationServerConnectorFactory.buildSslContext(ApplicationServerConnectorFactory.java:149)
> at 
> org.apache.nifi.registry.jetty.connector.ApplicationServerConnectorFactory.<init>(ApplicationServerConnectorFactory.java:76)
> at 
> org.apache.nifi.registry.jetty.JettyServer.configureConnectors(JettyServer.java:150)
> at org.apache.nifi.registry.jetty.JettyServer.<init>(JettyServer.java:101)
> at org.apache.nifi.registry.NiFiRegistry.<init>(NiFiRegistry.java:114)
> at org.apache.nifi.registry.NiFiRegistry.main(NiFiRegistry.java:168)
> Caused by: java.security.UnrecoverableKeyException: Get Key failed: Given 
> final block not properly padded. Such issues can arise if a bad key is used 
> during decryption.
> at 
> java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:446)
> at 
> java.base/sun.security.util.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:90)
> at java.base/java.security.KeyStore.getKey(KeyStore.java:1057)
> at 
> java.base/sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:145)
> at 
> java.base/sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:70)
> at java.base/javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:271)
> at 
> org.apache.nifi.security.ssl.StandardSslContextBuilder.getKeyManagers(StandardSslContextBuilder.java:118)
> ... 7 common frames omitted
> Caused by: javax.crypto.BadPaddingException: Given final block not properly 
> padded. Such issues can arise if a bad key is used during decryption.
> at java.base/com.sun.crypto.provider.CipherCore.unpad(CipherCore.java:975)
> at 
> java.base/com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1056)
> at java.base/com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:853)
> at 
> java.base/com.sun.crypto.provider.PKCS12PBECipherCore.implDoFinal(PKCS12PBECipherCore.java:408)
> at 
> java.base/com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede.engineDoFinal(PKCS12PBECipherCore.java:440)
> at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2202)
> at 
> java.base/sun.security.pkcs12.PKCS12KeyStore.lambda$engineGetKey$0(PKCS12KeyStore.java:387)
> at 
> java.base/sun.security.pkcs12.PKCS12KeyStore$RetryWithZero.run(PKCS12KeyStore.java:283)
> at 
> java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:381)
> ... 13 common frames omitted
> 2023-02-10 10:39:49,902 INFO [Thread-0] org.apache.nifi.registry.NiFiRegistry 
> Initiating shutdown of Jetty web server...
> 2023-02-10 10:39:49,903 INFO [Thread-0] org.apache.nifi.registry.NiFiRegistry 
> Jetty web server shutdown completed (nicely or otherwise).
> {code}
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to