[
https://issues.apache.org/jira/browse/NIFI-6830?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16995810#comment-16995810
]
Mark Payne commented on NIFI-6830:
----------------------------------
Re-Opened Jira because I now get the above UnrecoverableKeyException when the
key password is in fact the same (but not specified). The following
configuration of properties in `nifi.properties` works:
nifi.security.keystorePasswd=ABC
#nifi.security.keyPasswd= (note that this property is commented out so it
doesn't actually exist in nifi.properties)
This configuration also works:
nifi.security.keystorePasswd=ABC
nifi.security.keyPasswd=ABC
But this configuration, which did previously work, no longer works:
nifi.security.keystorePasswd=ABC
nifi.security.keyPasswd=
I think this is because in this case, it reads the keyPasswd as an empty
string, and the logic only check is the value is null or equal to the keystore
password. Since the `nifi.properties` file already has the keyPasswd property
present with no value, this should be treated the same as if the property were
null.
> NiFI fails to start when keystorePassword and keyPassword are different
> -----------------------------------------------------------------------
>
> Key: NIFI-6830
> URL: https://issues.apache.org/jira/browse/NIFI-6830
> Project: Apache NiFi
> Issue Type: Bug
> Affects Versions: 1.10.0
> Reporter: Bryan Bende
> Assignee: M Tien
> Priority: Minor
> Fix For: 1.11.0
>
> Time Spent: 50m
> Remaining Estimate: 0h
>
> {code:java}
> Caused by: java.security.UnrecoverableKeyException: Cannot recover key
> at sun.security.provider.KeyProtector.recover(KeyProtector.java:328)
> at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:146)
>
> at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:56)
>
> at
> sun.security.provider.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:96)
>
> at
> sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetKey(JavaKeyStore.java:70)
>
> at java.security.KeyStore.getKey(KeyStore.java:1023)
> at
> sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:133)
>
> at
> sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:70)
>
> at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256)
> at
> org.apache.nifi.io.socket.SSLContextFactory.<init>(SSLContextFactory.java:70)
>
> at
> org.apache.nifi.cluster.protocol.spring.SocketConfigurationFactoryBean.getObject(SocketConfigurationFactoryBean.java:45)
>
> at
> org.apache.nifi.cluster.protocol.spring.SocketConfigurationFactoryBean.getObject(SocketConfigurationFactoryBean.java:30)
>
> at
> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:168)
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)