[
https://issues.apache.org/jira/browse/CASSANDRA-18270?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17693394#comment-17693394
]
Maulin Vasavada edited comment on CASSANDRA-18270 at 2/25/23 1:21 AM:
----------------------------------------------------------------------
Based on my research so far the PEM key generation - it fails to output public
key from the encrypted PEM if the password is less than 4 characters, hence I
feel it should be safe to make the change to check for !isEmpty() instead of
non null in the PEMReader to determine if the PEM is encrypted or not.
So what should be the next step, [~smiklosovic] ? I made the change locally and
all the tests are passing now, do you want to just make it on your branch at
[this line|#L103]?] to check for the below condition OR do you want me to raise
a PR?
{code:java}
if (!StringUtils.isEmpty(keyPassword)) {code}
was (Author: maulin.vasavada):
Based on my research so far the PEM key generation - it fails to output public
key from the encrypted PEM if the password is less than 4, hence I feel it
should be safe to make the change to check for !isEmpty() instead of non null
in the PEMReader to determine if the PEM is encrypted or not.
So what should be the next step, [~smiklosovic] ? I made the change locally and
all the tests are passing now, do you want to just make it on your branch at
[this
line|[https://github.com/instaclustr/cassandra/blob/CASSANDRA-18264-trunk-followup/src/java/org/apache/cassandra/security/PEMReader.java#L103]?]
to check for the below condition OR do you want me to raise a PR?
{code:java}
if (!StringUtils.isEmpty(keyPassword)) {code}
> ssl-factory demo in examples is broken
> --------------------------------------
>
> Key: CASSANDRA-18270
> URL: https://issues.apache.org/jira/browse/CASSANDRA-18270
> Project: Cassandra
> Issue Type: Bug
> Components: Local/Other
> Reporter: Stefan Miklosovic
> Assignee: Maulin Vasavada
> Priority: Normal
> Fix For: 4.1.x, 4.x
>
>
> this fails, it is not happening in cassandra-4.1
> {code}
> cd examples/ssl-factory
> ant build && ant test
> {code}
> My suspicion is that SSL factory related stuff was recently changed, in
> trunk, by (1) and this broke related ssl test.
> [~maulin.vasavada] do you have some time to look into that as you are the
> author of the tests? I think I fixed the most of it here (2) but one test is
> still failing and I can not wrap my head around that one. It gives:
> {code}
> [junit] Testcase:
> buildKeyManagerFactoryHappyPathForUnencryptedKey(org.apache.cassandra.security.KubernetesSecretsPEMSslContextFactoryTest):
> Caused an ERROR
> [junit] Failed to build key manager store for secure connections
> [junit] javax.net.ssl.SSLException: Failed to build key manager store for
> secure connections
> [junit] at
> org.apache.cassandra.security.PEMBasedSslContextFactory.buildKeyManagerFactory(PEMBasedSslContextFactory.java:267)
> [junit] at
> org.apache.cassandra.security.PEMBasedSslContextFactory.buildKeyManagerFactory(PEMBasedSslContextFactory.java:229)
> [junit] at
> org.apache.cassandra.security.KubernetesSecretsPEMSslContextFactory.buildKeyManagerFactory(KubernetesSecretsPEMSslContextFactory.java:169)
> [junit] at
> org.apache.cassandra.security.KubernetesSecretsPEMSslContextFactoryTest.buildKeyManagerFactoryHappyPathForUnencryptedKey(KubernetesSecretsPEMSslContextFactoryTest.java:244)
> [junit] Caused by: java.io.IOException: overrun, bytes = 1195
> [junit] at
> javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:95)
> [junit] at
> org.apache.cassandra.security.PEMReader.extractPrivateKey(PEMReader.java:108)
> [junit] at
> org.apache.cassandra.security.PEMBasedSslContextFactory.buildKeyStore(PEMBasedSslContextFactory.java:319)
> [junit] at
> org.apache.cassandra.security.PEMBasedSslContextFactory.buildKeyManagerFactory(PEMBasedSslContextFactory.java:251)
> {code}
> (1)
> https://github.com/apache/cassandra/commit/ed3901823a5fe9f8838d8b592a1b7703b12e810b
> (2)
> https://github.com/instaclustr/cassandra/tree/CASSANDRA-18264-trunk-followup
> cc [~Jyothsnakonisa]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
