Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-6978

Log which encrypted configuration value is improperly formatted

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 1.10.0
    • 1.11.0
    • Core Framework
    • None

    Description

      As reported on the mailing list, a user has improperly formatted encrypted configuration value in nifi.properties or another configuration file. The error message in nifi-app.log is:

      2019-12-31 05:42:26,515 INFO [main] o.a.n.properties.ProtectedNiFiProperties There are 5 protected properties of 5 sensitive properties (100%)
2019-12-31 05:42:26,517 ERROR [main] org.apache.nifi.NiFi Failure to launch NiFi due to java.lang.IllegalArgumentException: There was an issue decrypting protected properties
java.lang.IllegalArgumentException: There was an issue decrypting protected properties
at org.apache.nifi.NiFi.initializeProperties(NiFi.java:341)
at org.apache.nifi.NiFi.convertArgumentsToValidatedNiFiProperties(NiFi.java:309)
at org.apache.nifi.NiFi.main(NiFi.java:300)
Caused by: java.lang.IllegalArgumentException: The cipher text does not contain the delimiter || -- it should be of the form Base64(IV) || Base64(cipherText)
at org.apache.nifi.properties.AESSensitivePropertyProvider.unprotect(AESSensitivePropertyProvider.java:217)
at org.apache.nifi.properties.ProtectedNiFiProperties.unprotectValue(ProtectedNiFiProperties.java:524)
at org.apache.nifi.properties.ProtectedNiFiProperties.getUnprotectedProperties(ProtectedNiFiProperties.java:343)
at org.apache.nifi.properties.NiFiPropertiesLoader.load(NiFiPropertiesLoader.java:209)
at org.apache.nifi.properties.NiFiPropertiesLoader.load(NiFiPropertiesLoader.java:223)
at org.apache.nifi.properties.NiFiPropertiesLoader.loadDefault(NiFiPropertiesLoader.java:130)
at org.apache.nifi.properties.NiFiPropertiesLoader.get(NiFiPropertiesLoader.java:241)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.nifi.NiFi.initializeProperties(NiFi.java:336)
... 2 common frames omitted
Received trapped signal, beginning shutdown...

      The relevant code in ProtectedNiFiProperties.java is:

                  try {
                SensitivePropertyProvider sensitivePropertyProvider = getSensitivePropertyProvider(protectionScheme);
                return sensitivePropertyProvider.unprotect(retrievedValue);
            } catch (SensitivePropertyProtectionException e) {
                throw new SensitivePropertyProtectionException("Error unprotecting value for " + key, e.getCause());
            }

      Currently, the IllegalArgumentException is not caught here, so the specific improperly-formatted value is not identified in the log. Manual inspection of the file is required.

      The IAE should be caught in the same block and treated identically.

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #3960

          Activity

            People

              mtien Margot Tien
              alopresto Andy LoPresto
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 40m
                  40m