Github user alopresto commented on the issue:
https://github.com/apache/nifi/pull/2077
I added a unit test which ensures the log error output is more helpful for
users when the `flow.xml.gz` decryption fails.
Verify with deterministic cipher text vectors:
```
1966 [main] INFO
org.apache.nifi.controller.serialization.FlowFromDOMFactoryTest - Cipher text:
enc{000000000000000000000000000000008ae49f94922876d07602e737f9d0095f397e8bdf73d3151ecde439e24af95715}
2068 [main] ERROR
org.apache.nifi.controller.serialization.FlowFromDOMFactory - There was a
problem decrypting a sensitive flow configuration value. Check that the
nifi.sensitive.props.key value in nifi.properties matches the value used to
encrypt the flow.xml.gz file
org.apache.nifi.encrypt.EncryptionException:
org.jasypt.exceptions.EncryptionOperationNotPossibleException
at
org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:149)
at
org.apache.nifi.controller.serialization.FlowFromDOMFactory.decrypt(FlowFromDOMFactory.java:501)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93)
at
org.codehaus.groovy.runtime.callsite.StaticMetaMethodSite$StaticMetaMethodSiteNoUnwrapNoCoerce.invoke(StaticMetaMethodSite.java:151)
at
org.codehaus.groovy.runtime.callsite.StaticMetaMethodSite.call(StaticMetaMethodSite.java:91)
at
org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
at
org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
at
org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:133)
at
org.apache.nifi.controller.serialization.FlowFromDOMFactoryTest$_testShouldProvideBetterErrorMessageOnDecryptionFailure_closure2.doCall(FlowFromDOMFactoryTest.groovy:129)
at
org.apache.nifi.controller.serialization.FlowFromDOMFactoryTest$_testShouldProvideBetterErrorMessageOnDecryptionFailure_closure2.doCall(FlowFromDOMFactoryTest.groovy)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93)
at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325)
at
org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:294)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1019)
at groovy.lang.Closure.call(Closure.java:426)
at groovy.lang.Closure.call(Closure.java:420)
at groovy.test.GroovyAssert.shouldFail(GroovyAssert.java:119)
at groovy.test.GroovyAssert$shouldFail.callStatic(Unknown Source)
at
org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:56)
at
org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:194)
at
org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:214)
at
org.apache.nifi.controller.serialization.FlowFromDOMFactoryTest.testShouldProvideBetterErrorMessageOnDecryptionFailure(FlowFromDOMFactoryTest.groovy:128)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at
org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at
org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at
org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at
org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
at
org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at
org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.junit.runner.JUnitCore.run(JUnitCore.java:137)
at
com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:68)
at
com.intellij.rt.execution.junit.IdeaTestRunner$Repeater.startRunnerWithArgs(IdeaTestRunner.java:51)
at
com.intellij.rt.execution.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:237)
at
com.intellij.rt.execution.junit.JUnitStarter.main(JUnitStarter.java:70)
Caused by: org.jasypt.exceptions.EncryptionOperationNotPossibleException:
null
at
org.jasypt.encryption.pbe.StandardPBEByteEncryptor.decrypt(StandardPBEByteEncryptor.java:1055)
at
org.jasypt.encryption.pbe.StandardPBEStringEncryptor.decrypt(StandardPBEStringEncryptor.java:725)
at
org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:147)
... 54 common frames omitted
2091 [main] INFO
org.apache.nifi.controller.serialization.FlowFromDOMFactoryTest - [EXPECTED]
org.apache.nifi.encrypt.EncryptionException: There was a problem decrypting a
sensitive flow configuration value. Check that the nifi.sensitive.props.key
value in nifi.properties matches the value used to encrypt the flow.xml.gz file
Process finished with exit code 0
```
Manual verification:
1. Start NiFi
1. Add a processor to the canvas (like `EncryptContent`) and set a
sensitive value
1. Stop NiFi
1. Change the value of `nifi.sensitive.props.key` in `nifi.properties`
1. Restart NiFi
```
2017-08-11 14:02:13,817 INFO [main] org.eclipse.jetty.server.Server Started
@17574ms
2017-08-11 14:02:13,817 WARN [main] org.apache.nifi.web.server.JettyServer
Failed to start web server... shutting down.
org.apache.nifi.encrypt.EncryptionException: There was a problem decrypting
a sensitive flow configuration value. Check that the nifi.sensitive.props.key
value in nifi.properties matches the value used to encrypt the flow.xml.gz file
at
org.apache.nifi.controller.serialization.FlowFromDOMFactory.decrypt(FlowFromDOMFactory.java:505)
at
org.apache.nifi.controller.serialization.FlowFromDOMFactory.getProperties(FlowFromDOMFactory.java:436)
at
org.apache.nifi.controller.serialization.FlowFromDOMFactory.getProcessor(FlowFromDOMFactory.java:416)
at
org.apache.nifi.controller.serialization.FlowFromDOMFactory.getProcessGroup(FlowFromDOMFactory.java:158)
at
org.apache.nifi.controller.StandardFlowSynchronizer.sync(StandardFlowSynchronizer.java:214)
at
org.apache.nifi.controller.FlowController.synchronize(FlowController.java:1586)
at
org.apache.nifi.persistence.StandardXMLFlowConfigurationDAO.load(StandardXMLFlowConfigurationDAO.java:84)
at
org.apache.nifi.controller.StandardFlowService.loadFromBytes(StandardFlowService.java:723)
at
org.apache.nifi.controller.StandardFlowService.load(StandardFlowService.java:534)
at
org.apache.nifi.web.contextlistener.ApplicationStartupContextListener.contextInitialized(ApplicationStartupContextListener.java:72)
at
org.eclipse.jetty.server.handler.ContextHandler.callContextInitialized(ContextHandler.java:876)
at
org.eclipse.jetty.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:532)
at
org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:839)
at
org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:344)
at
org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1480)
at
org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1442)
at
org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:799)
at
org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:261)
at
org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:540)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:131)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:113)
at
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:131)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:105)
at
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
at
org.eclipse.jetty.server.handler.gzip.GzipHandler.doStart(GzipHandler.java:290)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:131)
at org.eclipse.jetty.server.Server.start(Server.java:452)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:105)
at
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
at org.eclipse.jetty.server.Server.doStart(Server.java:419)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at org.apache.nifi.web.server.JettyServer.start(JettyServer.java:707)
at org.apache.nifi.NiFi.<init>(NiFi.java:160)
at org.apache.nifi.NiFi.main(NiFi.java:268)
Caused by: org.apache.nifi.encrypt.EncryptionException:
org.jasypt.exceptions.EncryptionOperationNotPossibleException
at
org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:149)
at
org.apache.nifi.controller.serialization.FlowFromDOMFactory.decrypt(FlowFromDOMFactory.java:500)
... 37 common frames omitted
Caused by: org.jasypt.exceptions.EncryptionOperationNotPossibleException:
null
at
org.jasypt.encryption.pbe.StandardPBEByteEncryptor.decrypt(StandardPBEByteEncryptor.java:1055)
at
org.jasypt.encryption.pbe.StandardPBEStringEncryptor.decrypt(StandardPBEStringEncryptor.java:725)
at
org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:147)
... 38 common frames omitted
2017-08-11 14:02:13,818 INFO [Thread-1] org.apache.nifi.NiFi Initiating
shutdown of Jetty web server...
```
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
