Github user alopresto commented on the issue:

    https://github.com/apache/nifi/pull/2077
  
    I added a unit test which ensures the log error output is more helpful for 
users when the `flow.xml.gz` decryption fails. 
    
    Verify with deterministic cipher text vectors:
    
    ```
    1966 [main] INFO  
org.apache.nifi.controller.serialization.FlowFromDOMFactoryTest - Cipher text: 
enc{000000000000000000000000000000008ae49f94922876d07602e737f9d0095f397e8bdf73d3151ecde439e24af95715}
    2068 [main] ERROR 
org.apache.nifi.controller.serialization.FlowFromDOMFactory - There was a 
problem decrypting a sensitive flow configuration value. Check that the 
nifi.sensitive.props.key value in nifi.properties matches the value used to 
encrypt the flow.xml.gz file
    org.apache.nifi.encrypt.EncryptionException: 
org.jasypt.exceptions.EncryptionOperationNotPossibleException
        at 
org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:149)
        at 
org.apache.nifi.controller.serialization.FlowFromDOMFactory.decrypt(FlowFromDOMFactory.java:501)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at 
org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93)
        at 
org.codehaus.groovy.runtime.callsite.StaticMetaMethodSite$StaticMetaMethodSiteNoUnwrapNoCoerce.invoke(StaticMetaMethodSite.java:151)
        at 
org.codehaus.groovy.runtime.callsite.StaticMetaMethodSite.call(StaticMetaMethodSite.java:91)
        at 
org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
        at 
org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
        at 
org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:133)
        at 
org.apache.nifi.controller.serialization.FlowFromDOMFactoryTest$_testShouldProvideBetterErrorMessageOnDecryptionFailure_closure2.doCall(FlowFromDOMFactoryTest.groovy:129)
        at 
org.apache.nifi.controller.serialization.FlowFromDOMFactoryTest$_testShouldProvideBetterErrorMessageOnDecryptionFailure_closure2.doCall(FlowFromDOMFactoryTest.groovy)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at 
org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93)
        at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325)
        at 
org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:294)
        at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1019)
        at groovy.lang.Closure.call(Closure.java:426)
        at groovy.lang.Closure.call(Closure.java:420)
        at groovy.test.GroovyAssert.shouldFail(GroovyAssert.java:119)
        at groovy.test.GroovyAssert$shouldFail.callStatic(Unknown Source)
        at 
org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:56)
        at 
org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:194)
        at 
org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:214)
        at 
org.apache.nifi.controller.serialization.FlowFromDOMFactoryTest.testShouldProvideBetterErrorMessageOnDecryptionFailure(FlowFromDOMFactoryTest.groovy:128)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at 
org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
        at 
org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
        at 
org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
        at 
org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
        at 
org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
        at 
org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
        at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
        at 
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
        at 
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
        at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
        at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
        at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
        at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
        at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
        at 
org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
        at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
        at org.junit.runner.JUnitCore.run(JUnitCore.java:137)
        at 
com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:68)
        at 
com.intellij.rt.execution.junit.IdeaTestRunner$Repeater.startRunnerWithArgs(IdeaTestRunner.java:51)
        at 
com.intellij.rt.execution.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:237)
        at 
com.intellij.rt.execution.junit.JUnitStarter.main(JUnitStarter.java:70)
    Caused by: org.jasypt.exceptions.EncryptionOperationNotPossibleException: 
null
        at 
org.jasypt.encryption.pbe.StandardPBEByteEncryptor.decrypt(StandardPBEByteEncryptor.java:1055)
        at 
org.jasypt.encryption.pbe.StandardPBEStringEncryptor.decrypt(StandardPBEStringEncryptor.java:725)
        at 
org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:147)
        ... 54 common frames omitted
    2091 [main] INFO  
org.apache.nifi.controller.serialization.FlowFromDOMFactoryTest - [EXPECTED] 
org.apache.nifi.encrypt.EncryptionException: There was a problem decrypting a 
sensitive flow configuration value. Check that the nifi.sensitive.props.key 
value in nifi.properties matches the value used to encrypt the flow.xml.gz file
    
    Process finished with exit code 0
    ```
    
    Manual verification: 
    
    1. Start NiFi
    1. Add a processor to the canvas (like `EncryptContent`) and set a 
sensitive value
    1. Stop NiFi
    1. Change the value of `nifi.sensitive.props.key` in `nifi.properties`
    1. Restart NiFi
    
    ```
    2017-08-11 14:02:13,817 INFO [main] org.eclipse.jetty.server.Server Started 
@17574ms
    2017-08-11 14:02:13,817 WARN [main] org.apache.nifi.web.server.JettyServer 
Failed to start web server... shutting down.
    org.apache.nifi.encrypt.EncryptionException: There was a problem decrypting 
a sensitive flow configuration value. Check that the nifi.sensitive.props.key 
value in nifi.properties matches the value used to encrypt the flow.xml.gz file
        at 
org.apache.nifi.controller.serialization.FlowFromDOMFactory.decrypt(FlowFromDOMFactory.java:505)
        at 
org.apache.nifi.controller.serialization.FlowFromDOMFactory.getProperties(FlowFromDOMFactory.java:436)
        at 
org.apache.nifi.controller.serialization.FlowFromDOMFactory.getProcessor(FlowFromDOMFactory.java:416)
        at 
org.apache.nifi.controller.serialization.FlowFromDOMFactory.getProcessGroup(FlowFromDOMFactory.java:158)
        at 
org.apache.nifi.controller.StandardFlowSynchronizer.sync(StandardFlowSynchronizer.java:214)
        at 
org.apache.nifi.controller.FlowController.synchronize(FlowController.java:1586)
        at 
org.apache.nifi.persistence.StandardXMLFlowConfigurationDAO.load(StandardXMLFlowConfigurationDAO.java:84)
        at 
org.apache.nifi.controller.StandardFlowService.loadFromBytes(StandardFlowService.java:723)
        at 
org.apache.nifi.controller.StandardFlowService.load(StandardFlowService.java:534)
        at 
org.apache.nifi.web.contextlistener.ApplicationStartupContextListener.contextInitialized(ApplicationStartupContextListener.java:72)
        at 
org.eclipse.jetty.server.handler.ContextHandler.callContextInitialized(ContextHandler.java:876)
        at 
org.eclipse.jetty.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:532)
        at 
org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:839)
        at 
org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:344)
        at 
org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1480)
        at 
org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1442)
        at 
org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:799)
        at 
org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:261)
        at 
org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:540)
        at 
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
        at 
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:131)
        at 
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:113)
        at 
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
        at 
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
        at 
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:131)
        at 
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:105)
        at 
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
        at 
org.eclipse.jetty.server.handler.gzip.GzipHandler.doStart(GzipHandler.java:290)
        at 
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
        at 
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:131)
        at org.eclipse.jetty.server.Server.start(Server.java:452)
        at 
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:105)
        at 
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
        at org.eclipse.jetty.server.Server.doStart(Server.java:419)
        at 
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
        at org.apache.nifi.web.server.JettyServer.start(JettyServer.java:707)
        at org.apache.nifi.NiFi.<init>(NiFi.java:160)
        at org.apache.nifi.NiFi.main(NiFi.java:268)
    Caused by: org.apache.nifi.encrypt.EncryptionException: 
org.jasypt.exceptions.EncryptionOperationNotPossibleException
        at 
org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:149)
        at 
org.apache.nifi.controller.serialization.FlowFromDOMFactory.decrypt(FlowFromDOMFactory.java:500)
        ... 37 common frames omitted
    Caused by: org.jasypt.exceptions.EncryptionOperationNotPossibleException: 
null
        at 
org.jasypt.encryption.pbe.StandardPBEByteEncryptor.decrypt(StandardPBEByteEncryptor.java:1055)
        at 
org.jasypt.encryption.pbe.StandardPBEStringEncryptor.decrypt(StandardPBEStringEncryptor.java:725)
        at 
org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:147)
        ... 38 common frames omitted
    2017-08-11 14:02:13,818 INFO [Thread-1] org.apache.nifi.NiFi Initiating 
shutdown of Jetty web server...
    ```


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Reply via email to