[BOOKIE-MTLS] add BouncyCastleProvider for security-provider to avoid InvalidKeyException
authorRajan Dhabalia <rdhabalia@apache.org>
Wed, 18 Mar 2020 23:32:42 +0000 (16:32 -0700)
committerGitHub <noreply@github.com>
Wed, 18 Mar 2020 23:32:42 +0000 (16:32 -0700)
commitec3ade0a255d94e8329e9eb3b69ec9c2ed59e6e4
treec6ef1b118e07d41de20c9c449709ccb7fed1a0d5
parent05fe83d6ca97d6bc415bb304e4f24537b7b06c0a
[BOOKIE-MTLS] add BouncyCastleProvider for security-provider to avoid InvalidKeyException

### Motivation
As described at: https://github.com/apache/pulsar/issues/5047

### Issue

Sometimes user  sees `Invalid TLS configuration` at bookie while loading PKCS8Key file and that can be fixed by using Bouncycastle provider.: https://stackoverflow.com/questions/6559272/algid-parse-error-not-a-sequence/18912362#18912362

```
2019-08-26 16:16:51,983 - ERROR - [BookKeeperClientWorker-OrderedExecutor-0-0:BookieClient179] - Security Exception in creating new default PCBC pool:
org.apache.bookkeeper.tls.SecurityException: Invalid TLS configuration
at org.apache.bookkeeper.tls.TLSContextFactory.init(TLSContextFactory.java:392)
at org.apache.bookkeeper.proto.PerChannelBookieClient.<init>(PerChannelBookieClient.java:266)
at org.apache.bookkeeper.proto.BookieClient.create(BookieClient.java:155)
at org.apache.bookkeeper.proto.DefaultPerChannelBookieClientPool.<init>(DefaultPerChannelBookieClientPool.java:71)
at org.apache.bookkeeper.proto.BookieClient.lookupClient(BookieClient.java:168)
at org.apache.bookkeeper.proto.BookieClient.addEntry(BookieClient.java:245)
at org.apache.bookkeeper.client.PendingAddOp.sendWriteRequest(PendingAddOp.java:131)
at org.apache.bookkeeper.client.PendingAddOp.safeRun(PendingAddOp.java:240)
at org.apache.bookkeeper.common.util.SafeRunnable.run(SafeRunnable.java:36)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalArgumentException: File does not contain valid private key: /my.key.pem
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:267)
at org.apache.bookkeeper.tls.TLSContextFactory.createClientContext(TLSContextFactory.java:244)
at org.apache.bookkeeper.tls.TLSContextFactory.init(TLSContextFactory.java:363)
... 12 more
Caused by: java.security.spec.InvalidKeySpecException: Neither RSA, DSA nor EC worked
at io.netty.handler.ssl.SslContext.getPrivateKeyFromByteBuffer(SslContext.java:1045)
at io.netty.handler.ssl.SslContext.toPrivateKey(SslContext.java:1014)
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:265)
... 14 more
Caused by: java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : algid parse error, not a sequence
at sun.security.ec.ECKeyFactory.engineGeneratePrivate(ECKeyFactory.java:169)
at java.security.KeyFactory.generatePrivate(KeyFactory.java:372)
at io.netty.handler.ssl.SslContext.getPrivateKeyFromByteBuffer(SslContext.java:1043)
... 16 more
Caused by: java.security.InvalidKeyException: IOException : algid parse error, not a sequence
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:351)
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:356)
at sun.security.ec.ECPrivateKeyImpl.<init>(ECPrivateKeyImpl.java:73)
at sun.security.ec.ECKeyFactory.implGeneratePrivate(ECKeyFactory.java:237)
at sun.security.ec.ECKeyFactory.engineGeneratePrivate(ECKeyFactory.java:165)
... 18 more
```

Reviewers: Enrico Olivelli <eolivelli@gmail.com>, Sijie Guo <None>

This closes #2151 from rdhabalia/bc-mtls
bookkeeper-dist/src/assemble/bin-all.xml
bookkeeper-dist/src/assemble/bin-server.xml
bookkeeper-dist/src/assemble/bkctl.xml
bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt
bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
bookkeeper-dist/src/main/resources/deps/bouncycastle-1.60/LICENSE.html [new file with mode: 0644]
bookkeeper-server/pom.xml
bookkeeper-server/src/main/java/org/apache/bookkeeper/tls/TLSContextFactory.java
pom.xml