[ 
https://issues.apache.org/jira/browse/NIFI-6830?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16995810#comment-16995810
 ] 

Mark Payne commented on NIFI-6830:
----------------------------------

Re-Opened Jira because I now get the above UnrecoverableKeyException when the 
key password is in fact the same (but not specified). The following 
configuration of properties in `nifi.properties` works:

nifi.security.keystorePasswd=ABC
#nifi.security.keyPasswd=      (note that this property is commented out so it 
doesn't actually exist in nifi.properties)

This configuration also works:

nifi.security.keystorePasswd=ABC
nifi.security.keyPasswd=ABC

But this configuration, which did previously work, no longer works:

nifi.security.keystorePasswd=ABC
nifi.security.keyPasswd=

I think this is because in this case, it reads the keyPasswd as an empty 
string, and the logic only check is the value is null or equal to the keystore 
password. Since the `nifi.properties` file already has the keyPasswd property 
present with no value, this should be treated the same as if the property were 
null.

> NiFI fails to start when keystorePassword and keyPassword are different
> -----------------------------------------------------------------------
>
>                 Key: NIFI-6830
>                 URL: https://issues.apache.org/jira/browse/NIFI-6830
>             Project: Apache NiFi
>          Issue Type: Bug
>    Affects Versions: 1.10.0
>            Reporter: Bryan Bende
>            Assignee: M Tien
>            Priority: Minor
>             Fix For: 1.11.0
>
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> {code:java}
> Caused by: java.security.UnrecoverableKeyException: Cannot recover key        
>  at sun.security.provider.KeyProtector.recover(KeyProtector.java:328)        
>  at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:146)    
>     
>  at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:56) 
>        
>  at 
> sun.security.provider.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:96)
>         
>  at 
> sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetKey(JavaKeyStore.java:70)
>         
>  at java.security.KeyStore.getKey(KeyStore.java:1023)        
>  at 
> sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:133) 
>        
>  at 
> sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:70)
>         
>  at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256)        
>  at 
> org.apache.nifi.io.socket.SSLContextFactory.<init>(SSLContextFactory.java:70) 
>        
>  at 
> org.apache.nifi.cluster.protocol.spring.SocketConfigurationFactoryBean.getObject(SocketConfigurationFactoryBean.java:45)
>         
>  at 
> org.apache.nifi.cluster.protocol.spring.SocketConfigurationFactoryBean.getObject(SocketConfigurationFactoryBean.java:30)
>         
>  at 
> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:168)
>  {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to