[jira] [Commented] (NIFI-4237) EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest underlying cause

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16124552#comment-16124552
 ] 

ASF GitHub Bot commented on NIFI-4237:
--

Github user alopresto commented on the issue:

https://github.com/apache/nifi/pull/2077
  
I have a *number* of questions about the existing implementation, but those 
will be addressed in NIFI-3116. 


> EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest 
> underlying cause
> 
>
> Key: NIFI-4237
> URL: https://issues.apache.org/jira/browse/NIFI-4237
> Project: Apache NiFi
>  Issue Type: Bug
>  Components: Core Framework
>Affects Versions: 1.3.0
>Reporter: Russell Bateman
>Assignee: Andy LoPresto
>Priority: Minor
>  Labels: encryption, logging, security
> Fix For: 1.4.0
>
>
> Our Ansible instructions upgraded NiFi and created a new 
> {{nifi.sensitive.props.key}}. In _nifi.properties_ this property, if extant, 
> is used to encrypt sensitive properties in _flow.xml.gz_. Thus, upon 
> relaunching NiFi, the wrong key was used to decrypt resulting in the reported 
> failure to start, _flow.xml.gz_ is no longer useful.
> We found the problem and fixed it after Mark Payne suggested a possible 
> cause, but if this state of things can be determined, it might save on 
> community support for this situation if the logged message were to suggest 
> what's at the bottom of this problem. The top of the stack trace appears in 
> _logs/nifi-app.log_ as below:
> 2017-07-25 23:23:31,148 WARN [main] org.apache.nifi.web.server.JettyServer
> Failed to start web server... shutting down.
> org.apache.nifi.encrypt.EncryptionException:
> org.jasypt.exceptions.EncryptionOperationNotPossibleException
> at
> org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:149)
> ~[nifi-framework-core-1.1.2.jar:1.1.2]
> at
> org.apache.nifi.controller.serialization.FlowFromDOMFactory.decrypt(FlowFromDOMFactory.java:474)
> ~[nifi-framework-core-1.1.2.jar:1.1.2]
> at...



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4237) EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest underlying cause

[ASF subversion and git services (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16124442#comment-16124442
 ] 

ASF subversion and git services commented on NIFI-4237:
---

Commit ae940d862420e00023eca2e996ad03646f3ed5a4 in nifi's branch 
refs/heads/master from [~alopresto]
[ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=ae940d8 ]

NIFI-4237 Added working test for StringEncryptor decryption of sensitive flow 
values in FlowFromDOMFactory.

NIFI-4237 Cleaned up unused alternate approaches.

NIFI-4237 Added failing unit test for better error message.

NIFI-4237 Added logic to capture unhelpful encryption exception and provide 
context in message. All tests pass.

This closes #2077


> EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest 
> underlying cause
> 
>
> Key: NIFI-4237
> URL: https://issues.apache.org/jira/browse/NIFI-4237
> Project: Apache NiFi
>  Issue Type: Bug
>  Components: Core Framework
>Affects Versions: 1.3.0
>Reporter: Russell Bateman
>Assignee: Andy LoPresto
>Priority: Minor
>  Labels: encryption, logging, security
>
> Our Ansible instructions upgraded NiFi and created a new 
> {{nifi.sensitive.props.key}}. In _nifi.properties_ this property, if extant, 
> is used to encrypt sensitive properties in _flow.xml.gz_. Thus, upon 
> relaunching NiFi, the wrong key was used to decrypt resulting in the reported 
> failure to start, _flow.xml.gz_ is no longer useful.
> We found the problem and fixed it after Mark Payne suggested a possible 
> cause, but if this state of things can be determined, it might save on 
> community support for this situation if the logged message were to suggest 
> what's at the bottom of this problem. The top of the stack trace appears in 
> _logs/nifi-app.log_ as below:
> 2017-07-25 23:23:31,148 WARN [main] org.apache.nifi.web.server.JettyServer
> Failed to start web server... shutting down.
> org.apache.nifi.encrypt.EncryptionException:
> org.jasypt.exceptions.EncryptionOperationNotPossibleException
> at
> org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:149)
> ~[nifi-framework-core-1.1.2.jar:1.1.2]
> at
> org.apache.nifi.controller.serialization.FlowFromDOMFactory.decrypt(FlowFromDOMFactory.java:474)
> ~[nifi-framework-core-1.1.2.jar:1.1.2]
> at...



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4237) EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest underlying cause

[ASF subversion and git services (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16124441#comment-16124441
 ] 

ASF subversion and git services commented on NIFI-4237:
---

Commit ae940d862420e00023eca2e996ad03646f3ed5a4 in nifi's branch 
refs/heads/master from [~alopresto]
[ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=ae940d8 ]

NIFI-4237 Added working test for StringEncryptor decryption of sensitive flow 
values in FlowFromDOMFactory.

NIFI-4237 Cleaned up unused alternate approaches.

NIFI-4237 Added failing unit test for better error message.

NIFI-4237 Added logic to capture unhelpful encryption exception and provide 
context in message. All tests pass.

This closes #2077


> EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest 
> underlying cause
> 
>
> Key: NIFI-4237
> URL: https://issues.apache.org/jira/browse/NIFI-4237
> Project: Apache NiFi
>  Issue Type: Bug
>  Components: Core Framework
>Affects Versions: 1.3.0
>Reporter: Russell Bateman
>Assignee: Andy LoPresto
>Priority: Minor
>  Labels: encryption, logging, security
>
> Our Ansible instructions upgraded NiFi and created a new 
> {{nifi.sensitive.props.key}}. In _nifi.properties_ this property, if extant, 
> is used to encrypt sensitive properties in _flow.xml.gz_. Thus, upon 
> relaunching NiFi, the wrong key was used to decrypt resulting in the reported 
> failure to start, _flow.xml.gz_ is no longer useful.
> We found the problem and fixed it after Mark Payne suggested a possible 
> cause, but if this state of things can be determined, it might save on 
> community support for this situation if the logged message were to suggest 
> what's at the bottom of this problem. The top of the stack trace appears in 
> _logs/nifi-app.log_ as below:
> 2017-07-25 23:23:31,148 WARN [main] org.apache.nifi.web.server.JettyServer
> Failed to start web server... shutting down.
> org.apache.nifi.encrypt.EncryptionException:
> org.jasypt.exceptions.EncryptionOperationNotPossibleException
> at
> org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:149)
> ~[nifi-framework-core-1.1.2.jar:1.1.2]
> at
> org.apache.nifi.controller.serialization.FlowFromDOMFactory.decrypt(FlowFromDOMFactory.java:474)
> ~[nifi-framework-core-1.1.2.jar:1.1.2]
> at...



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4237) EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest underlying cause

[ASF subversion and git services (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16124440#comment-16124440
 ] 

ASF subversion and git services commented on NIFI-4237:
---

Commit ae940d862420e00023eca2e996ad03646f3ed5a4 in nifi's branch 
refs/heads/master from [~alopresto]
[ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=ae940d8 ]

NIFI-4237 Added working test for StringEncryptor decryption of sensitive flow 
values in FlowFromDOMFactory.

NIFI-4237 Cleaned up unused alternate approaches.

NIFI-4237 Added failing unit test for better error message.

NIFI-4237 Added logic to capture unhelpful encryption exception and provide 
context in message. All tests pass.

This closes #2077


> EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest 
> underlying cause
> 
>
> Key: NIFI-4237
> URL: https://issues.apache.org/jira/browse/NIFI-4237
> Project: Apache NiFi
>  Issue Type: Bug
>  Components: Core Framework
>Affects Versions: 1.3.0
>Reporter: Russell Bateman
>Assignee: Andy LoPresto
>Priority: Minor
>  Labels: encryption, logging, security
>
> Our Ansible instructions upgraded NiFi and created a new 
> {{nifi.sensitive.props.key}}. In _nifi.properties_ this property, if extant, 
> is used to encrypt sensitive properties in _flow.xml.gz_. Thus, upon 
> relaunching NiFi, the wrong key was used to decrypt resulting in the reported 
> failure to start, _flow.xml.gz_ is no longer useful.
> We found the problem and fixed it after Mark Payne suggested a possible 
> cause, but if this state of things can be determined, it might save on 
> community support for this situation if the logged message were to suggest 
> what's at the bottom of this problem. The top of the stack trace appears in 
> _logs/nifi-app.log_ as below:
> 2017-07-25 23:23:31,148 WARN [main] org.apache.nifi.web.server.JettyServer
> Failed to start web server... shutting down.
> org.apache.nifi.encrypt.EncryptionException:
> org.jasypt.exceptions.EncryptionOperationNotPossibleException
> at
> org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:149)
> ~[nifi-framework-core-1.1.2.jar:1.1.2]
> at
> org.apache.nifi.controller.serialization.FlowFromDOMFactory.decrypt(FlowFromDOMFactory.java:474)
> ~[nifi-framework-core-1.1.2.jar:1.1.2]
> at...



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4237) EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest underlying cause

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=1612#comment-1612
 ] 

ASF GitHub Bot commented on NIFI-4237:
--

Github user asfgit closed the pull request at:

https://github.com/apache/nifi/pull/2077


> EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest 
> underlying cause
> 
>
> Key: NIFI-4237
> URL: https://issues.apache.org/jira/browse/NIFI-4237
> Project: Apache NiFi
>  Issue Type: Bug
>  Components: Core Framework
>Affects Versions: 1.3.0
>Reporter: Russell Bateman
>Assignee: Andy LoPresto
>Priority: Minor
>  Labels: encryption, logging, security
>
> Our Ansible instructions upgraded NiFi and created a new 
> {{nifi.sensitive.props.key}}. In _nifi.properties_ this property, if extant, 
> is used to encrypt sensitive properties in _flow.xml.gz_. Thus, upon 
> relaunching NiFi, the wrong key was used to decrypt resulting in the reported 
> failure to start, _flow.xml.gz_ is no longer useful.
> We found the problem and fixed it after Mark Payne suggested a possible 
> cause, but if this state of things can be determined, it might save on 
> community support for this situation if the logged message were to suggest 
> what's at the bottom of this problem. The top of the stack trace appears in 
> _logs/nifi-app.log_ as below:
> 2017-07-25 23:23:31,148 WARN [main] org.apache.nifi.web.server.JettyServer
> Failed to start web server... shutting down.
> org.apache.nifi.encrypt.EncryptionException:
> org.jasypt.exceptions.EncryptionOperationNotPossibleException
> at
> org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:149)
> ~[nifi-framework-core-1.1.2.jar:1.1.2]
> at
> org.apache.nifi.controller.serialization.FlowFromDOMFactory.decrypt(FlowFromDOMFactory.java:474)
> ~[nifi-framework-core-1.1.2.jar:1.1.2]
> at...



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4237) EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest underlying cause

[ASF subversion and git services (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16124439#comment-16124439
 ] 

ASF subversion and git services commented on NIFI-4237:
---

Commit ae940d862420e00023eca2e996ad03646f3ed5a4 in nifi's branch 
refs/heads/master from [~alopresto]
[ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=ae940d8 ]

NIFI-4237 Added working test for StringEncryptor decryption of sensitive flow 
values in FlowFromDOMFactory.

NIFI-4237 Cleaned up unused alternate approaches.

NIFI-4237 Added failing unit test for better error message.

NIFI-4237 Added logic to capture unhelpful encryption exception and provide 
context in message. All tests pass.

This closes #2077


> EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest 
> underlying cause
> 
>
> Key: NIFI-4237
> URL: https://issues.apache.org/jira/browse/NIFI-4237
> Project: Apache NiFi
>  Issue Type: Bug
>  Components: Core Framework
>Affects Versions: 1.3.0
>Reporter: Russell Bateman
>Assignee: Andy LoPresto
>Priority: Minor
>  Labels: encryption, logging, security
>
> Our Ansible instructions upgraded NiFi and created a new 
> {{nifi.sensitive.props.key}}. In _nifi.properties_ this property, if extant, 
> is used to encrypt sensitive properties in _flow.xml.gz_. Thus, upon 
> relaunching NiFi, the wrong key was used to decrypt resulting in the reported 
> failure to start, _flow.xml.gz_ is no longer useful.
> We found the problem and fixed it after Mark Payne suggested a possible 
> cause, but if this state of things can be determined, it might save on 
> community support for this situation if the logged message were to suggest 
> what's at the bottom of this problem. The top of the stack trace appears in 
> _logs/nifi-app.log_ as below:
> 2017-07-25 23:23:31,148 WARN [main] org.apache.nifi.web.server.JettyServer
> Failed to start web server... shutting down.
> org.apache.nifi.encrypt.EncryptionException:
> org.jasypt.exceptions.EncryptionOperationNotPossibleException
> at
> org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:149)
> ~[nifi-framework-core-1.1.2.jar:1.1.2]
> at
> org.apache.nifi.controller.serialization.FlowFromDOMFactory.decrypt(FlowFromDOMFactory.java:474)
> ~[nifi-framework-core-1.1.2.jar:1.1.2]
> at...



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4237) EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest underlying cause

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16124438#comment-16124438
 ] 

ASF GitHub Bot commented on NIFI-4237:
--

Github user mattyb149 commented on the issue:

https://github.com/apache/nifi/pull/2077
  
I would like to learn why EncryptionException is a RuntimeException and not 
a checked exception, but since that's not related per se, +1 LGTM, merging to 
master, thank you!


> EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest 
> underlying cause
> 
>
> Key: NIFI-4237
> URL: https://issues.apache.org/jira/browse/NIFI-4237
> Project: Apache NiFi
>  Issue Type: Bug
>  Components: Core Framework
>Affects Versions: 1.3.0
>Reporter: Russell Bateman
>Assignee: Andy LoPresto
>Priority: Minor
>  Labels: encryption, logging, security
>
> Our Ansible instructions upgraded NiFi and created a new 
> {{nifi.sensitive.props.key}}. In _nifi.properties_ this property, if extant, 
> is used to encrypt sensitive properties in _flow.xml.gz_. Thus, upon 
> relaunching NiFi, the wrong key was used to decrypt resulting in the reported 
> failure to start, _flow.xml.gz_ is no longer useful.
> We found the problem and fixed it after Mark Payne suggested a possible 
> cause, but if this state of things can be determined, it might save on 
> community support for this situation if the logged message were to suggest 
> what's at the bottom of this problem. The top of the stack trace appears in 
> _logs/nifi-app.log_ as below:
> 2017-07-25 23:23:31,148 WARN [main] org.apache.nifi.web.server.JettyServer
> Failed to start web server... shutting down.
> org.apache.nifi.encrypt.EncryptionException:
> org.jasypt.exceptions.EncryptionOperationNotPossibleException
> at
> org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:149)
> ~[nifi-framework-core-1.1.2.jar:1.1.2]
> at
> org.apache.nifi.controller.serialization.FlowFromDOMFactory.decrypt(FlowFromDOMFactory.java:474)
> ~[nifi-framework-core-1.1.2.jar:1.1.2]
> at...



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4237) EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest underlying cause

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16124065#comment-16124065
 ] 

ASF GitHub Bot commented on NIFI-4237:
--

Github user alopresto commented on the issue:

https://github.com/apache/nifi/pull/2077
  
I added a unit test which ensures the log error output is more helpful for 
users when the `flow.xml.gz` decryption fails. 

Verify with deterministic cipher text vectors:

```
1966 [main] INFO  
org.apache.nifi.controller.serialization.FlowFromDOMFactoryTest - Cipher text: 
enc{8ae49f94922876d07602e737f9d0095f397e8bdf73d3151ecde439e24af95715}
2068 [main] ERROR 
org.apache.nifi.controller.serialization.FlowFromDOMFactory - There was a 
problem decrypting a sensitive flow configuration value. Check that the 
nifi.sensitive.props.key value in nifi.properties matches the value used to 
encrypt the flow.xml.gz file
org.apache.nifi.encrypt.EncryptionException: 
org.jasypt.exceptions.EncryptionOperationNotPossibleException
at 
org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:149)
at 
org.apache.nifi.controller.serialization.FlowFromDOMFactory.decrypt(FlowFromDOMFactory.java:501)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at 
org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93)
at 
org.codehaus.groovy.runtime.callsite.StaticMetaMethodSite$StaticMetaMethodSiteNoUnwrapNoCoerce.invoke(StaticMetaMethodSite.java:151)
at 
org.codehaus.groovy.runtime.callsite.StaticMetaMethodSite.call(StaticMetaMethodSite.java:91)
at 
org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
at 
org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
at 
org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:133)
at 
org.apache.nifi.controller.serialization.FlowFromDOMFactoryTest$_testShouldProvideBetterErrorMessageOnDecryptionFailure_closure2.doCall(FlowFromDOMFactoryTest.groovy:129)
at 
org.apache.nifi.controller.serialization.FlowFromDOMFactoryTest$_testShouldProvideBetterErrorMessageOnDecryptionFailure_closure2.doCall(FlowFromDOMFactoryTest.groovy)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at 
org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93)
at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325)
at 
org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:294)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1019)
at groovy.lang.Closure.call(Closure.java:426)
at groovy.lang.Closure.call(Closure.java:420)
at groovy.test.GroovyAssert.shouldFail(GroovyAssert.java:119)
at groovy.test.GroovyAssert$shouldFail.callStatic(Unknown Source)
at 
org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:56)
at 
org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:194)
at 
org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:214)
at 
org.apache.nifi.controller.serialization.FlowFromDOMFactoryTest.testShouldProvideBetterErrorMessageOnDecryptionFailure(FlowFromDOMFactoryTest.groovy:128)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at 
org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at 
org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at 
org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at 
org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at 
org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
at 
org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at 

[jira] [Commented] (NIFI-4237) EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest underlying cause

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16124059#comment-16124059
 ] 

ASF GitHub Bot commented on NIFI-4237:
--

GitHub user alopresto opened a pull request:

https://github.com/apache/nifi/pull/2077

NIFI-4237 Improve error messaging on encryption failures

Thank you for submitting a contribution to Apache NiFi.

In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:

### For all changes:
- [x] Is there a JIRA ticket associated with this PR? Is it referenced 
 in the commit message?

- [x] Does your PR title start with NIFI- where  is the JIRA number 
you are trying to resolve? Pay particular attention to the hyphen "-" character.

- [x] Has your PR been rebased against the latest commit within the target 
branch (typically master)?

- [ ] Is your initial contribution a single, squashed commit?

### For code changes:
- [x] Have you ensured that the full suite of tests is executed via mvn 
-Pcontrib-check clean install at the root nifi folder?
- [x] Have you written or updated unit tests to verify your changes?
- [ ] If adding new dependencies to the code, are these dependencies 
licensed in a way that is compatible for inclusion under [ASF 
2.0](http://www.apache.org/legal/resolved.html#category-a)? 
- [ ] If applicable, have you updated the LICENSE file, including the main 
LICENSE file under nifi-assembly?
- [ ] If applicable, have you updated the NOTICE file, including the main 
NOTICE file found under nifi-assembly?
- [ ] If adding new Properties, have you added .displayName in addition to 
.name (programmatic access) for each of the new properties?

### For documentation related changes:
- [ ] Have you ensured that format looks appropriate for the output in 
which it is rendered?

### Note:
Please ensure that once the PR is submitted, you check travis-ci for build 
issues and submit an update to your PR as soon as possible.


You can merge this pull request into a Git repository by running:

$ git pull https://github.com/alopresto/nifi NIFI-4237

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/nifi/pull/2077.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #2077


commit 5752925ac51035db1a5e9f7e9797e308fc5770f2
Author: Andy LoPresto 
Date:   2017-08-11T20:15:16Z

NIFI-4237 Added working test for StringEncryptor decryption of sensitive 
flow values in FlowFromDOMFactory.

commit 7c35cfccb2868814184aa4768ee398d0038eaab1
Author: Andy LoPresto 
Date:   2017-08-11T20:17:09Z

NIFI-4237 Cleaned up unused alternate approaches.

commit a45a259a99a176aea848190d23253a54e88aed95
Author: Andy LoPresto 
Date:   2017-08-11T20:20:11Z

NIFI-4237 Added failing unit test for better error message.

commit 1a2a4ddebdd506b058b359747f0a1016a6ff3346
Author: Andy LoPresto 
Date:   2017-08-11T20:30:44Z

NIFI-4237 Added logic to capture unhelpful encryption exception and provide 
context in message.
All tests pass.




> EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest 
> underlying cause
> 
>
> Key: NIFI-4237
> URL: https://issues.apache.org/jira/browse/NIFI-4237
> Project: Apache NiFi
>  Issue Type: Bug
>  Components: Core Framework
>Reporter: Russell Bateman
>Assignee: Andy LoPresto
>Priority: Minor
>
> Our Ansible instructions upgraded NiFi and created a new 
> {{nifi.sensitive.props.key}}. In _nifi.properties_ this property, if extant, 
> is used to encrypt sensitive properties in _flow.xml.gz_. Thus, upon 
> relaunching NiFi, the wrong key was used to decrypt resulting in the reported 
> failure to start, _flow.xml.gz_ is no longer useful.
> We found the problem and fixed it after Mark Payne suggested a possible 
> cause, but if this state of things can be determined, it might save on 
> community support for this situation if the logged message were to suggest 
> what's at the bottom of this problem. The top of the stack trace appears in 
> _logs/nifi-bootstrap.log_ as below:
> 2017-07-25 23:23:31,148 WARN [main] org.apache.nifi.web.server.JettyServer
> Failed to start web server... shutting down.
> org.apache.nifi.encrypt.EncryptionException:
> org.jasypt.exceptions.EncryptionOperationNotPossibleException
> at
> org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:149)
> 

[jira] [Commented] (NIFI-4237) EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest underlying cause

[Joseph Witt (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16122728#comment-16122728
 ] 

Joseph Witt commented on NIFI-4237:
---

Fix version can be set once contrib/review cycle is being merged or very near 
to merge. 

> EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest 
> underlying cause
> 
>
> Key: NIFI-4237
> URL: https://issues.apache.org/jira/browse/NIFI-4237
> Project: Apache NiFi
>  Issue Type: Bug
>  Components: Core Framework
>Reporter: Russell Bateman
>Priority: Minor
>
> Our Ansible instructions upgraded NiFi and created a new 
> {{nifi.sensitive.props.key}}. In _nifi.properties_ this property, if extant, 
> is used to encrypt sensitive properties in _flow.xml.gz_. Thus, upon 
> relaunching NiFi, the wrong key was used to decrypt resulting in the reported 
> failure to start, _flow.xml.gz_ is no longer useful.
> We found the problem and fixed it after Mark Payne suggested a possible 
> cause, but if this state of things can be determined, it might save on 
> community support for this situation if the logged message were to suggest 
> what's at the bottom of this problem. The top of the stack trace appears in 
> _logs/nifi-bootstrap.log_ as below:
> 2017-07-25 23:23:31,148 WARN [main] org.apache.nifi.web.server.JettyServer
> Failed to start web server... shutting down.
> org.apache.nifi.encrypt.EncryptionException:
> org.jasypt.exceptions.EncryptionOperationNotPossibleException
> at
> org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:149)
> ~[nifi-framework-core-1.1.2.jar:1.1.2]
> at
> org.apache.nifi.controller.serialization.FlowFromDOMFactory.decrypt(FlowFromDOMFactory.java:474)
> ~[nifi-framework-core-1.1.2.jar:1.1.2]
> at...



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)