[
https://issues.apache.org/jira/browse/NIFI-3024?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15690617#comment-15690617
]
ASF GitHub Bot commented on NIFI-3024:
--------------------------------------
Github user YolandaMDavis commented on the issue:
https://github.com/apache/nifi/pull/1261
was able to get more info I think on the problem in an attempt to recover
with migrating:
HW11205:nifi-1.1.0 ydavis$
/Users/ydavis/dev/tools/nifi-1.1.0/toolkit/nifi-toolkit-1.1.0-pr-1261/bin/encrypt-config.sh
-b
/Users/ydavis/dev/tools/nifi-1.1.0/cluster/nifi-1.1.0-pr-1261-1/conf/bootstrap.conf
-n
/Users/ydavis/dev/tools/nifi-1.1.0/cluster/nifi-1.1.0-pr-1261-1/conf/nifi.properties
-f
/Users/ydavis/dev/tools/nifi-1.1.0/cluster/nifi-1.1.0-pr-1261-1/conf/flow.xml.gz
-s thisIsABadPassword -m -w whatever12345! -p whomever12345! -v
2016/11/23 11:22:25 INFO [main]
org.apache.nifi.properties.ConfigEncryptionTool: Handling encryption of
nifi.properties
2016/11/23 11:22:25 WARN [main]
org.apache.nifi.properties.ConfigEncryptionTool: The source nifi.properties and
destination nifi.properties are identical
[/Users/ydavis/dev/tools/nifi-1.1.0/cluster/nifi-1.1.0-pr-1261-1/conf/nifi.properties]
so the original will be overwritten
2016/11/23 11:22:25 INFO [main]
org.apache.nifi.properties.ConfigEncryptionTool: Handling encryption of
flow.xml.gz
2016/11/23 11:22:25 WARN [main]
org.apache.nifi.properties.ConfigEncryptionTool: The source flow.xml.gz and
destination flow.xml.gz are identical
[/Users/ydavis/dev/tools/nifi-1.1.0/cluster/nifi-1.1.0-pr-1261-1/conf/flow.xml.gz]
so the original will be overwritten
2016/11/23 11:22:25 INFO [main]
org.apache.nifi.properties.ConfigEncryptionTool: bootstrap.conf:
/Users/ydavis/dev/tools/nifi-1.1.0/cluster/nifi-1.1.0-pr-1261-1/conf/bootstrap.conf
2016/11/23 11:22:25 INFO [main]
org.apache.nifi.properties.ConfigEncryptionTool: (src) nifi.properties:
/Users/ydavis/dev/tools/nifi-1.1.0/cluster/nifi-1.1.0-pr-1261-1/conf/nifi.properties
2016/11/23 11:22:25 INFO [main]
org.apache.nifi.properties.ConfigEncryptionTool: (dest) nifi.properties:
/Users/ydavis/dev/tools/nifi-1.1.0/cluster/nifi-1.1.0-pr-1261-1/conf/nifi.properties
2016/11/23 11:22:25 INFO [main]
org.apache.nifi.properties.ConfigEncryptionTool: (src)
login-identity-providers.xml: null
2016/11/23 11:22:25 INFO [main]
org.apache.nifi.properties.ConfigEncryptionTool: (dest)
login-identity-providers.xml: null
2016/11/23 11:22:25 INFO [main]
org.apache.nifi.properties.ConfigEncryptionTool: (src) flow.xml.gz:
/Users/ydavis/dev/tools/nifi-1.1.0/cluster/nifi-1.1.0-pr-1261-1/conf/flow.xml.gz
2016/11/23 11:22:25 INFO [main]
org.apache.nifi.properties.ConfigEncryptionTool: (dest) flow.xml.gz:
/Users/ydavis/dev/tools/nifi-1.1.0/cluster/nifi-1.1.0-pr-1261-1/conf/flow.xml.gz
2016/11/23 11:22:25 INFO [main]
org.apache.nifi.properties.ConfigEncryptionTool: Key migration mode activated
2016/11/23 11:22:25 INFO [main]
org.apache.nifi.properties.NiFiPropertiesLoader: Loaded 121 properties from
/Users/ydavis/dev/tools/nifi-1.1.0/cluster/nifi-1.1.0-pr-1261-1/conf/nifi.properties
2016/11/23 11:22:26 INFO [main]
org.apache.nifi.properties.NiFiPropertiesLoader: Loaded 121 properties from
/Users/ydavis/dev/tools/nifi-1.1.0/cluster/nifi-1.1.0-pr-1261-1/conf/nifi.properties
2016/11/23 11:22:26 INFO [main]
org.apache.nifi.properties.ConfigEncryptionTool: Loaded NiFiProperties instance
with 121 properties
2016/11/23 11:22:26 ERROR [main]
org.apache.nifi.properties.ConfigEncryptionTool: Encountered an error
javax.crypto.BadPaddingException: pad block corrupted
at
org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher$BufferedGenericBlockCipher.doFinal(Unknown
Source)
at
org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher.engineDoFinal(Unknown
Source)
at javax.crypto.Cipher.doFinal(Cipher.java:2165)
at javax.crypto.Cipher$doFinal$2.call(Unknown Source)
at
org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
at
org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
at
org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:125)
at
org.apache.nifi.properties.ConfigEncryptionTool.decryptFlowElement(ConfigEncryptionTool.groovy:542)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at
org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93)
at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325)
at
org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:384)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1019)
at
org.codehaus.groovy.runtime.callsite.PogoMetaClassSite.callCurrent(PogoMetaClassSite.java:69)
at
org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallCurrent(CallSiteArray.java:52)
at
org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:154)
at
org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:190)
at
org.apache.nifi.properties.ConfigEncryptionTool$_migrateFlowXmlContent_closure4.doCall(ConfigEncryptionTool.groovy:637)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at
org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93)
at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325)
at
org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:294)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1019)
at groovy.lang.Closure.call(Closure.java:426)
at groovy.lang.Closure.call(Closure.java:442)
at
org.codehaus.groovy.runtime.StringGroovyMethods.getReplacement(StringGroovyMethods.java:1543)
at
org.codehaus.groovy.runtime.StringGroovyMethods.replaceAll(StringGroovyMethods.java:2580)
at
org.codehaus.groovy.runtime.StringGroovyMethods.replaceAll(StringGroovyMethods.java:2506)
at org.codehaus.groovy.runtime.dgm$1127.invoke(Unknown Source)
at
org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite$PojoMetaMethodSiteNoUnwrapNoCoerce.invoke(PojoMetaMethodSite.java:274)
at
org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite.call(PojoMetaMethodSite.java:56)
at
org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
at
org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
at
org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:133)
at
org.apache.nifi.properties.ConfigEncryptionTool.migrateFlowXmlContent(ConfigEncryptionTool.groovy:636)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at
org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite$PogoCachedMethodSiteNoUnwrapNoCoerce.invoke(PogoMetaMethodSite.java:210)
at
org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite.call(PogoMetaMethodSite.java:71)
at
org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
at
org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
at
org.apache.nifi.properties.ConfigEncryptionTool.main(ConfigEncryptionTool.groovy:1200)
pad block corrupted
> Encrypted configuration migrator should be able to update sensitive
> properties key and migrate flow.xml.gz
> ----------------------------------------------------------------------------------------------------------
>
> Key: NIFI-3024
> URL: https://issues.apache.org/jira/browse/NIFI-3024
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Configuration, Tools and Build
> Affects Versions: 1.0.0
> Reporter: Bryan Rosander
> Assignee: Andy LoPresto
> Labels: config, encryption, security, serialization
> Fix For: 1.1.0
>
>
> In order to allow changing of nifi.sensitive.props.key and updating of the
> flow.xml.gz, the ConfigEncryptionTool should be able to accept a new value
> for that field and update encrypted values in the flow.xml.gz appropriately.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
