[jira] [Updated] (GEODE-9394) Apache Geode does not properly cleanup it's SSL context between runs

Tue, 22 Jun 2021 14:43:04 -0700 


     [ 
https://issues.apache.org/jira/browse/GEODE-9394?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

John Blum updated GEODE-9394:
-----------------------------
    Priority: Critical  (was: Major)

> Apache Geode does not properly cleanup it's SSL context between runs
> --------------------------------------------------------------------
>
>                 Key: GEODE-9394
>                 URL: https://issues.apache.org/jira/browse/GEODE-9394
>             Project: Geode
>          Issue Type: Bug
>          Components: security
>            Reporter: John Blum
>            Priority: Critical
>
> Because Geode internally uses may statics to maintain state and to pass 
> configuration between components in a non-Object Oriented fashion, I believe 
> stale SSL configuration is being retained between Geode instance runs, 
> leading to Exceptions thrown of the following nature:
> {code}
> Caused by: org.apache.geode.GemFireConfigException: Error configuring GemFire 
> ssl 
>       at 
> org.apache.geode.internal.net.SocketCreator.initialize(SocketCreator.java:249)
>       at 
> org.apache.geode.internal.net.SocketCreator.<init>(SocketCreator.java:180)
>       at 
> org.apache.geode.internal.net.SocketCreatorFactory.createSSLSocketCreator(SocketCreatorFactory.java:114)
>       at 
> org.apache.geode.internal.net.SocketCreatorFactory.getSSLSocketCreator(SocketCreatorFactory.java:88)
>       at 
> org.apache.geode.internal.net.SocketCreatorFactory.getOrCreateSocketCreatorForSSLEnabledComponent(SocketCreatorFactory.java:104)
>       at 
> org.apache.geode.internal.net.SocketCreatorFactory.getSocketCreatorForComponent(SocketCreatorFactory.java:74)
>       at 
> org.apache.geode.cache.client.internal.ConnectionFactoryImpl.<init>(ConnectionFactoryImpl.java:84)
>       at 
> org.apache.geode.cache.client.internal.PoolImpl.<init>(PoolImpl.java:261)
>       at 
> org.apache.geode.cache.client.internal.PoolImpl.create(PoolImpl.java:161)
>       at 
> org.apache.geode.internal.cache.PoolFactoryImpl.create(PoolFactoryImpl.java:374)
>       at 
> org.apache.geode.internal.cache.GemFireCacheImpl.determineDefaultPool(GemFireCacheImpl.java:2835)
>       at 
> org.apache.geode.internal.cache.GemFireCacheImpl.getDefaultPool(GemFireCacheImpl.java:1321)
>       at 
> org.apache.geode.cache.client.internal.ClientRegionFactoryImpl.getDefaultPool(ClientRegionFactoryImpl.java:101)
>       at 
> org.apache.geode.cache.client.internal.ClientRegionFactoryImpl.createRegionAttributes(ClientRegionFactoryImpl.java:249)
>       at 
> org.apache.geode.cache.client.internal.ClientRegionFactoryImpl.create(ClientRegionFactoryImpl.java:232)
>       at 
> org.springframework.data.gemfire.client.ClientRegionFactoryBean.newRegion(ClientRegionFactoryBean.java:193)
>       at 
> org.springframework.data.gemfire.client.ClientRegionFactoryBean.createRegion(ClientRegionFactoryBean.java:164)
>       at 
> org.springframework.data.gemfire.ResolvableRegionFactoryBean.afterPropertiesSet(ResolvableRegionFactoryBean.java:96)
>       at 
> org.springframework.data.gemfire.config.annotation.support.CacheTypeAwareRegionFactoryBean.newClientRegion(CacheTypeAwareRegionFactoryBean.java:181)
>       at 
> org.springframework.data.gemfire.config.annotation.support.CacheTypeAwareRegionFactoryBean.createRegion(CacheTypeAwareRegionFactoryBean.java:141)
>       at 
> org.springframework.data.gemfire.ResolvableRegionFactoryBean.afterPropertiesSet(ResolvableRegionFactoryBean.java:96)
>       at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1858)
>       at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1795)
>       ... 69 more
> Caused by: java.security.UnrecoverableKeyException: Password must not be null
>       at 
> sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:134)
>       at 
> sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:57)
>       at 
> sun.security.provider.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:96)
>       at 
> sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetKey(JavaKeyStore.java:71)
>       at java.security.KeyStore.getKey(KeyStore.java:1023)
>       at 
> sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:145)
>       at 
> sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:70)
>       at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256)
>       at 
> org.apache.geode.internal.net.SocketCreator.getKeyManagers(SocketCreator.java:422)
>       at 
> org.apache.geode.internal.net.SocketCreator.createAndConfigureSSLContext(SocketCreator.java:292)
>       at 
> org.apache.geode.internal.net.SocketCreator.initialize(SocketCreator.java:246)
>       ... 91 more
> {code}
> In the StackTrace above, SSL was not even configured between the Geode client 
> and server even though Geode thinks it was.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to