[jira] [Commented] (NIFI-4237) EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest underlying cause

Fri, 11 Aug 2017 14:07:24 -0700 

    [ 
https://issues.apache.org/jira/browse/NIFI-4237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16124065#comment-16124065
 ] 

ASF GitHub Bot commented on NIFI-4237:
--------------------------------------

Github user alopresto commented on the issue:

    https://github.com/apache/nifi/pull/2077
  
    I added a unit test which ensures the log error output is more helpful for 
users when the `flow.xml.gz` decryption fails. 
    
    Verify with deterministic cipher text vectors:
    
    ```
    1966 [main] INFO  
org.apache.nifi.controller.serialization.FlowFromDOMFactoryTest - Cipher text: 
enc{000000000000000000000000000000008ae49f94922876d07602e737f9d0095f397e8bdf73d3151ecde439e24af95715}
    2068 [main] ERROR 
org.apache.nifi.controller.serialization.FlowFromDOMFactory - There was a 
problem decrypting a sensitive flow configuration value. Check that the 
nifi.sensitive.props.key value in nifi.properties matches the value used to 
encrypt the flow.xml.gz file
    org.apache.nifi.encrypt.EncryptionException: 
org.jasypt.exceptions.EncryptionOperationNotPossibleException
        at 
org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:149)
        at 
org.apache.nifi.controller.serialization.FlowFromDOMFactory.decrypt(FlowFromDOMFactory.java:501)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at 
org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93)
        at 
org.codehaus.groovy.runtime.callsite.StaticMetaMethodSite$StaticMetaMethodSiteNoUnwrapNoCoerce.invoke(StaticMetaMethodSite.java:151)
        at 
org.codehaus.groovy.runtime.callsite.StaticMetaMethodSite.call(StaticMetaMethodSite.java:91)
        at 
org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
        at 
org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
        at 
org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:133)
        at 
org.apache.nifi.controller.serialization.FlowFromDOMFactoryTest$_testShouldProvideBetterErrorMessageOnDecryptionFailure_closure2.doCall(FlowFromDOMFactoryTest.groovy:129)
        at 
org.apache.nifi.controller.serialization.FlowFromDOMFactoryTest$_testShouldProvideBetterErrorMessageOnDecryptionFailure_closure2.doCall(FlowFromDOMFactoryTest.groovy)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at 
org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93)
        at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325)
        at 
org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:294)
        at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1019)
        at groovy.lang.Closure.call(Closure.java:426)
        at groovy.lang.Closure.call(Closure.java:420)
        at groovy.test.GroovyAssert.shouldFail(GroovyAssert.java:119)
        at groovy.test.GroovyAssert$shouldFail.callStatic(Unknown Source)
        at 
org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:56)
        at 
org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:194)
        at 
org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:214)
        at 
org.apache.nifi.controller.serialization.FlowFromDOMFactoryTest.testShouldProvideBetterErrorMessageOnDecryptionFailure(FlowFromDOMFactoryTest.groovy:128)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at 
org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
        at 
org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
        at 
org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
        at 
org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
        at 
org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
        at 
org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
        at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
        at 
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
        at 
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
        at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
        at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
        at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
        at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
        at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
        at 
org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
        at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
        at org.junit.runner.JUnitCore.run(JUnitCore.java:137)
        at 
com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:68)
        at 
com.intellij.rt.execution.junit.IdeaTestRunner$Repeater.startRunnerWithArgs(IdeaTestRunner.java:51)
        at 
com.intellij.rt.execution.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:237)
        at 
com.intellij.rt.execution.junit.JUnitStarter.main(JUnitStarter.java:70)
    Caused by: org.jasypt.exceptions.EncryptionOperationNotPossibleException: 
null
        at 
org.jasypt.encryption.pbe.StandardPBEByteEncryptor.decrypt(StandardPBEByteEncryptor.java:1055)
        at 
org.jasypt.encryption.pbe.StandardPBEStringEncryptor.decrypt(StandardPBEStringEncryptor.java:725)
        at 
org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:147)
        ... 54 common frames omitted
    2091 [main] INFO  
org.apache.nifi.controller.serialization.FlowFromDOMFactoryTest - [EXPECTED] 
org.apache.nifi.encrypt.EncryptionException: There was a problem decrypting a 
sensitive flow configuration value. Check that the nifi.sensitive.props.key 
value in nifi.properties matches the value used to encrypt the flow.xml.gz file
    
    Process finished with exit code 0
    ```
    
    Manual verification: 
    
    1. Start NiFi
    1. Add a processor to the canvas (like `EncryptContent`) and set a 
sensitive value
    1. Stop NiFi
    1. Change the value of `nifi.sensitive.props.key` in `nifi.properties`
    1. Restart NiFi
    
    ```
    2017-08-11 14:02:13,817 INFO [main] org.eclipse.jetty.server.Server Started 
@17574ms
    2017-08-11 14:02:13,817 WARN [main] org.apache.nifi.web.server.JettyServer 
Failed to start web server... shutting down.
    org.apache.nifi.encrypt.EncryptionException: There was a problem decrypting 
a sensitive flow configuration value. Check that the nifi.sensitive.props.key 
value in nifi.properties matches the value used to encrypt the flow.xml.gz file
        at 
org.apache.nifi.controller.serialization.FlowFromDOMFactory.decrypt(FlowFromDOMFactory.java:505)
        at 
org.apache.nifi.controller.serialization.FlowFromDOMFactory.getProperties(FlowFromDOMFactory.java:436)
        at 
org.apache.nifi.controller.serialization.FlowFromDOMFactory.getProcessor(FlowFromDOMFactory.java:416)
        at 
org.apache.nifi.controller.serialization.FlowFromDOMFactory.getProcessGroup(FlowFromDOMFactory.java:158)
        at 
org.apache.nifi.controller.StandardFlowSynchronizer.sync(StandardFlowSynchronizer.java:214)
        at 
org.apache.nifi.controller.FlowController.synchronize(FlowController.java:1586)
        at 
org.apache.nifi.persistence.StandardXMLFlowConfigurationDAO.load(StandardXMLFlowConfigurationDAO.java:84)
        at 
org.apache.nifi.controller.StandardFlowService.loadFromBytes(StandardFlowService.java:723)
        at 
org.apache.nifi.controller.StandardFlowService.load(StandardFlowService.java:534)
        at 
org.apache.nifi.web.contextlistener.ApplicationStartupContextListener.contextInitialized(ApplicationStartupContextListener.java:72)
        at 
org.eclipse.jetty.server.handler.ContextHandler.callContextInitialized(ContextHandler.java:876)
        at 
org.eclipse.jetty.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:532)
        at 
org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:839)
        at 
org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:344)
        at 
org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1480)
        at 
org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1442)
        at 
org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:799)
        at 
org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:261)
        at 
org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:540)
        at 
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
        at 
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:131)
        at 
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:113)
        at 
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
        at 
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
        at 
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:131)
        at 
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:105)
        at 
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
        at 
org.eclipse.jetty.server.handler.gzip.GzipHandler.doStart(GzipHandler.java:290)
        at 
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
        at 
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:131)
        at org.eclipse.jetty.server.Server.start(Server.java:452)
        at 
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:105)
        at 
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
        at org.eclipse.jetty.server.Server.doStart(Server.java:419)
        at 
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
        at org.apache.nifi.web.server.JettyServer.start(JettyServer.java:707)
        at org.apache.nifi.NiFi.<init>(NiFi.java:160)
        at org.apache.nifi.NiFi.main(NiFi.java:268)
    Caused by: org.apache.nifi.encrypt.EncryptionException: 
org.jasypt.exceptions.EncryptionOperationNotPossibleException
        at 
org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:149)
        at 
org.apache.nifi.controller.serialization.FlowFromDOMFactory.decrypt(FlowFromDOMFactory.java:500)
        ... 37 common frames omitted
    Caused by: org.jasypt.exceptions.EncryptionOperationNotPossibleException: 
null
        at 
org.jasypt.encryption.pbe.StandardPBEByteEncryptor.decrypt(StandardPBEByteEncryptor.java:1055)
        at 
org.jasypt.encryption.pbe.StandardPBEStringEncryptor.decrypt(StandardPBEStringEncryptor.java:725)
        at 
org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:147)
        ... 38 common frames omitted
    2017-08-11 14:02:13,818 INFO [Thread-1] org.apache.nifi.NiFi Initiating 
shutdown of Jetty web server...
    ```


> EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest 
> underlying cause
> --------------------------------------------------------------------------------------------
>
>                 Key: NIFI-4237
>                 URL: https://issues.apache.org/jira/browse/NIFI-4237
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework
>            Reporter: Russell Bateman
>            Assignee: Andy LoPresto
>            Priority: Minor
>
> Our Ansible instructions upgraded NiFi and created a new 
> {{nifi.sensitive.props.key}}. In _nifi.properties_ this property, if extant, 
> is used to encrypt sensitive properties in _flow.xml.gz_. Thus, upon 
> relaunching NiFi, the wrong key was used to decrypt resulting in the reported 
> failure to start, _flow.xml.gz_ is no longer useful.
> We found the problem and fixed it after Mark Payne suggested a possible 
> cause, but if this state of things can be determined, it might save on 
> community support for this situation if the logged message were to suggest 
> what's at the bottom of this problem. The top of the stack trace appears in 
> _logs/nifi-bootstrap.log_ as below:
> 2017-07-25 23:23:31,148 WARN [main] org.apache.nifi.web.server.JettyServer
> Failed to start web server... shutting down.
> org.apache.nifi.encrypt.EncryptionException:
> org.jasypt.exceptions.EncryptionOperationNotPossibleException
>         at
> org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:149)
> ~[nifi-framework-core-1.1.2.jar:1.1.2]
>         at
> org.apache.nifi.controller.serialization.FlowFromDOMFactory.decrypt(FlowFromDOMFactory.java:474)
> ~[nifi-framework-core-1.1.2.jar:1.1.2]
>         at...



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to