Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Performance-Analyzer does not support PKCS#1 encoded private keys #605

Open
dancristiancecoi opened this issue Nov 27, 2023 · 1 comment
Open

[BUG] Performance-Analyzer does not support PKCS#1 encoded private keys #605

dancristiancecoi opened this issue Nov 27, 2023 · 1 comment
Labels
bug Something isn't working

Comments

@dancristiancecoi
Copy link

dancristiancecoi commented Nov 27, 2023
edited
Loading

What is the bug?

Performance-Analyzer does not appear to support PKCS#1 encoded private keys when I enable TLS.

When I use a PKCS#1 private key, I get the following error:

6:23:48.626 [main] ERROR org.opensearch.performanceanalyzer.PerformanceAnalyzerWebServer - Unable to create HttpServer
java.lang.ClassCastException: class org.bouncycastle.openssl.PEMKeyPair cannot be cast to class org.bouncycastle.asn1.pkcs.PrivateKeyInfo (org.bouncycastle.openssl.PEMKeyPair and org.bouncycastle.asn1.pkcs.PrivateKeyInfo are in unnamed module of loader 'app')
        at org.opensearch.performanceanalyzer.CertificateUtils.getPrivateKey(CertificateUtils.java:58) ~[performance-analyzer-rca-2.11.0.0.jar:?]
        at org.opensearch.performanceanalyzer.CertificateUtils.createKeyStore(CertificateUtils.java:68) ~[performance-analyzer-rca-2.11.0.0.jar:?]
        at org.opensearch.performanceanalyzer.PerformanceAnalyzerWebServer.createHttpsServer(PerformanceAnalyzerWebServer.java:108) ~[performance-analyzer-rca-2.11.0.0.jar:?]
        at org.opensearch.performanceanalyzer.PerformanceAnalyzerWebServer.createInternalServer(PerformanceAnalyzerWebServer.java:44) [performance-analyzer-rca-2.11.0.0.jar:?]
        at org.opensearch.performanceanalyzer.PerformanceAnalyzerApp.createClientServers(PerformanceAnalyzerApp.java:348) [performance-analyzer-rca-2.11.0.0.jar:?]
        at org.opensearch.performanceanalyzer.PerformanceAnalyzerApp.createClientServers(PerformanceAnalyzerApp.java:320) [performance-analyzer-rca-2.11.0.0.jar:?]
        at org.opensearch.performanceanalyzer.PerformanceAnalyzerApp.main(PerformanceAnalyzerApp.java:113) [performance-analyzer-rca-2.11.0.0.jar:?]

Here is the relevant section of the config:

https-enabled = true
certificate-file-path = /usr/share/elasticsearch/config/tls/nodecert.pem
private-key-file-path = /usr/share/elasticsearch/config/tls/nodekey.pem

The key has this format:

-----BEGIN RSA PRIVATE KEY-----
base64-encoded Bytes
-----END RSA PRIVATE KEY-----

PKCS#8 encoded private keys work fine. Furthermore, everything works correctly if I convert the previously failing private key to PKCS#8

What is the expected behavior?
Performance-Analyzer should start correctly when using a PKCS#1/RSA private key

What is your host/environment?
OpenSearch 2.11 running in a Red Hat Enterprise Linux 8 container
@dancristiancecoi dancristiancecoi added bug Something isn't working untriaged labels Nov 27, 2023
@dancristiancecoi dancristiancecoi changed the title [BUG] PerformanceAnalyzer does not support PKCS#1 encoded private keys [BUG] Performance-Analyzer does not support PKCS#1 encoded private keys Nov 27, 2023
@dblock
Copy link
Member

dblock commented Jun 6, 2024

[Triage -- attendees 1, 2, 3, 4, 5, 6, 7]

Looks like a valid feature request.

@dblock dblock removed the untriaged label Jun 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dblock @dancristiancecoi