[BOOKIE-MTLS] add BouncyCastleProvider for security-provider to avoid InvalidKeyException
### Motivation
As described at: https://github.com/apache/pulsar/issues/5047
### Issue
Sometimes user sees `Invalid TLS configuration` at bookie while loading PKCS8Key file and that can be fixed by using Bouncycastle provider.: https://stackoverflow.com/questions/
6559272/algid-parse-error-not-a-sequence/
18912362#
18912362
```
2019-08-26 16:16:51,983 - ERROR - [BookKeeperClientWorker-OrderedExecutor-0-0:BookieClient179] - Security Exception in creating new default PCBC pool:
org.apache.bookkeeper.tls.SecurityException: Invalid TLS configuration
at org.apache.bookkeeper.tls.TLSContextFactory.init(TLSContextFactory.java:392)
at org.apache.bookkeeper.proto.PerChannelBookieClient.<init>(PerChannelBookieClient.java:266)
at org.apache.bookkeeper.proto.BookieClient.create(BookieClient.java:155)
at org.apache.bookkeeper.proto.DefaultPerChannelBookieClientPool.<init>(DefaultPerChannelBookieClientPool.java:71)
at org.apache.bookkeeper.proto.BookieClient.lookupClient(BookieClient.java:168)
at org.apache.bookkeeper.proto.BookieClient.addEntry(BookieClient.java:245)
at org.apache.bookkeeper.client.PendingAddOp.sendWriteRequest(PendingAddOp.java:131)
at org.apache.bookkeeper.client.PendingAddOp.safeRun(PendingAddOp.java:240)
at org.apache.bookkeeper.common.util.SafeRunnable.run(SafeRunnable.java:36)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalArgumentException: File does not contain valid private key: /my.key.pem
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:267)
at org.apache.bookkeeper.tls.TLSContextFactory.createClientContext(TLSContextFactory.java:244)
at org.apache.bookkeeper.tls.TLSContextFactory.init(TLSContextFactory.java:363)
... 12 more
Caused by: java.security.spec.InvalidKeySpecException: Neither RSA, DSA nor EC worked
at io.netty.handler.ssl.SslContext.getPrivateKeyFromByteBuffer(SslContext.java:1045)
at io.netty.handler.ssl.SslContext.toPrivateKey(SslContext.java:1014)
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:265)
... 14 more
Caused by: java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : algid parse error, not a sequence
at sun.security.ec.ECKeyFactory.engineGeneratePrivate(ECKeyFactory.java:169)
at java.security.KeyFactory.generatePrivate(KeyFactory.java:372)
at io.netty.handler.ssl.SslContext.getPrivateKeyFromByteBuffer(SslContext.java:1043)
... 16 more
Caused by: java.security.InvalidKeyException: IOException : algid parse error, not a sequence
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:351)
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:356)
at sun.security.ec.ECPrivateKeyImpl.<init>(ECPrivateKeyImpl.java:73)
at sun.security.ec.ECKeyFactory.implGeneratePrivate(ECKeyFactory.java:237)
at sun.security.ec.ECKeyFactory.engineGeneratePrivate(ECKeyFactory.java:165)
... 18 more
```
Reviewers: Enrico Olivelli <eolivelli@gmail.com>, Sijie Guo <None>
This closes #2151 from rdhabalia/bc-mtls
projects / bookkeeper.git / commit
