Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-9786

KeyStoreUtils.isStoreValid() suppresses exceptions without logging when trying to open a keystore

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • None
    • 1.16.0
    • None
    • None

    Description

      KeyStoreUtils.isStoreValid() simply returns false if the keystore cannot be opened e.g. because the password is wrong. There is no log entry about why the keystore is not valid.

      As a result when SslContextFactory.getTrustManagers() method attempts to read a trust store file using the configured properties, if the password is wrong, the method is not informed why, and only throws a TlsException stating "The truststore properties are not valid".

      It would be useful to add debug-level logging to KeyStoreUtils.isStoreValid() to log the reason for the keystore being invalid.

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #5884

          Activity

            People

              thorvath Tamas Horvath
              pgyori Peter Gyori
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1h 10m
                  1h 10m