commit | ec3ade0a255d94e8329e9eb3b69ec9c2ed59e6e4 | [log] [tgz] |
---|---|---|
author | Rajan Dhabalia <rdhabalia@apache.org> | Wed Mar 18 16:32:42 2020 -0700 |
committer | GitHub <noreply@github.com> | Wed Mar 18 16:32:42 2020 -0700 |
tree | c6ef1b118e07d41de20c9c449709ccb7fed1a0d5 | |
parent | 05fe83d6ca97d6bc415bb304e4f24537b7b06c0a [diff] |
[BOOKIE-MTLS] add BouncyCastleProvider for security-provider to avoid InvalidKeyException ### Motivation As described at: https://github.com/apache/pulsar/issues/5047 ### Issue Sometimes user sees `Invalid TLS configuration` at bookie while loading PKCS8Key file and that can be fixed by using Bouncycastle provider.: https://stackoverflow.com/questions/6559272/algid-parse-error-not-a-sequence/18912362#18912362 ``` 2019-08-26 16:16:51,983 - ERROR - [BookKeeperClientWorker-OrderedExecutor-0-0:BookieClient179] - Security Exception in creating new default PCBC pool: org.apache.bookkeeper.tls.SecurityException: Invalid TLS configuration at org.apache.bookkeeper.tls.TLSContextFactory.init(TLSContextFactory.java:392) at org.apache.bookkeeper.proto.PerChannelBookieClient.<init>(PerChannelBookieClient.java:266) at org.apache.bookkeeper.proto.BookieClient.create(BookieClient.java:155) at org.apache.bookkeeper.proto.DefaultPerChannelBookieClientPool.<init>(DefaultPerChannelBookieClientPool.java:71) at org.apache.bookkeeper.proto.BookieClient.lookupClient(BookieClient.java:168) at org.apache.bookkeeper.proto.BookieClient.addEntry(BookieClient.java:245) at org.apache.bookkeeper.client.PendingAddOp.sendWriteRequest(PendingAddOp.java:131) at org.apache.bookkeeper.client.PendingAddOp.safeRun(PendingAddOp.java:240) at org.apache.bookkeeper.common.util.SafeRunnable.run(SafeRunnable.java:36) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.IllegalArgumentException: File does not contain valid private key: /my.key.pem at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:267) at org.apache.bookkeeper.tls.TLSContextFactory.createClientContext(TLSContextFactory.java:244) at org.apache.bookkeeper.tls.TLSContextFactory.init(TLSContextFactory.java:363) ... 12 more Caused by: java.security.spec.InvalidKeySpecException: Neither RSA, DSA nor EC worked at io.netty.handler.ssl.SslContext.getPrivateKeyFromByteBuffer(SslContext.java:1045) at io.netty.handler.ssl.SslContext.toPrivateKey(SslContext.java:1014) at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:265) ... 14 more Caused by: java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : algid parse error, not a sequence at sun.security.ec.ECKeyFactory.engineGeneratePrivate(ECKeyFactory.java:169) at java.security.KeyFactory.generatePrivate(KeyFactory.java:372) at io.netty.handler.ssl.SslContext.getPrivateKeyFromByteBuffer(SslContext.java:1043) ... 16 more Caused by: java.security.InvalidKeyException: IOException : algid parse error, not a sequence at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:351) at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:356) at sun.security.ec.ECPrivateKeyImpl.<init>(ECPrivateKeyImpl.java:73) at sun.security.ec.ECKeyFactory.implGeneratePrivate(ECKeyFactory.java:237) at sun.security.ec.ECKeyFactory.engineGeneratePrivate(ECKeyFactory.java:165) ... 18 more ``` Reviewers: Enrico Olivelli <eolivelli@gmail.com>, Sijie Guo <None> This closes #2151 from rdhabalia/bc-mtls
Apache BookKeeper is a scalable, fault tolerant and low latency storage service optimized for append-only workloads.
It is suitable for being used in following scenarios:
You can also read Turning Ledgers into Logs to learn how to turn ledgers into continuous log streams. If you are looking for a high level log stream API, you can checkout DistributedLog.
For filing bugs, suggesting improvements, or requesting new features, help us out by opening a Github issue or opening an Apache jira.
Subscribe or mail the user@bookkeeper.apache.org list - Ask questions, find answers, and also help other users.
Subscribe or mail the dev@bookkeeper.apache.org list - Join development discussions, propose new ideas and connect with contributors.
Join us on Slack - This is the most immediate way to connect with Apache BookKeeper committers and contributors.
We feel that a welcoming open community is important and welcome contributions.
See Developer Setup to get your local environment setup.
Take a look at our open issues: JIRA Issues Github Issues.
Review our coding style and follow our pull requests to learn about our conventions.
Make your changes according to our contribution guide.