Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tls binding should handle null key returned from vault #395

Closed
jfallows opened this issue Sep 6, 2023 · 0 comments · Fixed by #779
Closed

tls binding should handle null key returned from vault #395

jfallows opened this issue Sep 6, 2023 · 0 comments · Fixed by #779
Labels
bug Something isn't working

Comments

@jfallows
Copy link
Contributor

jfallows commented Sep 6, 2023

Describe the bug
When zilla.yaml is misconfigured or keystore is missing a specific key entry then the vault can return null for the PrivateKeyEntry causing an exception.

To Reproduce
Steps to reproduce the behavior:

  1. Checkout zilla-examples
  2. Go to tls.echo example
  3. Change tls binding options keys from localhost to something else like localhostx
  4. Run ./setup.sh
  5. See error in docker logs

Expected behavior
Zilla should report the error.

Additional context
Docker log output

---
name: example
vaults:
  server:
    type: filesystem
    options:
      keys:
        store: tls/localhost.p12
        type: pkcs12
        password: ${{env.KEYSTORE_PASSWORD}}
bindings:
  tcp_server0:
    type: tcp
    kind: server
    options:
      host: 0.0.0.0
      port: 23456
    exit: tls_server0
  tls_server0:
    type: tls
    kind: server
    vault: server
    options:
      keys:
        - localhostx
      sni:
        - localhost
      alpn:
        - echo
    routes:
      - when:
          - alpn: echo
        exit: echo_server0
  echo_server0:
    type: echo
    kind: server
error
java.util.concurrent.CompletionException: java.lang.NullPointerException: invalid null input
at java.base/java.util.concurrent.CompletableFuture.encodeThrowable(CompletableFuture.java:332)
at java.base/java.util.concurrent.CompletableFuture.completeThrowable(CompletableFuture.java:347)
at java.base/java.util.concurrent.CompletableFuture$BiRelay.tryFire(CompletableFuture.java:1498)
at java.base/java.util.concurrent.CompletableFuture$CoCompletion.tryFire(CompletableFuture.java:1219)
at java.base/java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:510)
at java.base/java.util.concurrent.CompletableFuture.completeExceptionally(CompletableFuture.java:2162)
at [email protected]/io.aklivity.zilla.runtime.engine.internal.registry.NamespaceTask.run(NamespaceTask.java:53)
at [email protected]/io.aklivity.zilla.runtime.engine.internal.registry.DispatchAgent.onSystemSignal(DispatchAgent.java:905)
at [email protected]/io.aklivity.zilla.runtime.engine.internal.registry.DispatchAgent.onSystemMessage(DispatchAgent.java:855)
at [email protected]/io.aklivity.zilla.runtime.engine.internal.registry.DispatchAgent.handleRead(DispatchAgent.java:1001)
at [email protected]/io.aklivity.zilla.runtime.engine.internal.concurent.ManyToOneRingBuffer.read(ManyToOneRingBuffer.java:181)
at [email protected]/io.aklivity.zilla.runtime.engine.internal.registry.DispatchAgent.doWork(DispatchAgent.java:675)
at org.agrona.core/org.agrona.concurrent.AgentRunner.doDutyCycle(AgentRunner.java:291)
at org.agrona.core/org.agrona.concurrent.AgentRunner.run(AgentRunner.java:164)
at java.base/java.lang.Thread.run(Thread.java:833)
Caused by: java.lang.NullPointerException: invalid null input
at java.base/java.security.KeyStore.setEntry(KeyStore.java:1580)
at [email protected]/io.aklivity.zilla.runtime.binding.tls.internal.config.TlsBindingConfig.newKeys(TlsBindingConfig.java:394)
at [email protected]/io.aklivity.zilla.runtime.binding.tls.internal.config.TlsBindingConfig.init(TlsBindingConfig.java:91)
at [email protected]/io.aklivity.zilla.runtime.binding.tls.internal.stream.TlsServerFactory.attach(TlsServerFactory.java:216)
at [email protected]/io.aklivity.zilla.runtime.binding.tls.internal.TlsBindingContext.attach(TlsBindingContext.java:57)
at [email protected]/io.aklivity.zilla.runtime.engine.internal.registry.BindingRegistry.attach(BindingRegistry.java:45)
at [email protected]/io.aklivity.zilla.runtime.engine.internal.registry.NamespaceRegistry.attachBinding(NamespaceRegistry.java:141)
at java.base/java.util.Arrays$ArrayList.forEach(Arrays.java:4204)
at [email protected]/io.aklivity.zilla.runtime.engine.internal.registry.NamespaceRegistry.attach(NamespaceRegistry.java:119)
at [email protected]/io.aklivity.zilla.runtime.engine.internal.registry.ConfigurationRegistry.attachNamespace(ConfigurationRegistry.java:159)
at [email protected]/io.aklivity.zilla.runtime.engine.internal.registry.NamespaceTask.run(NamespaceTask.java:48)
... 8 more
@jfallows jfallows added the bug Something isn't working label Sep 6, 2023
@jfallows jfallows mentioned this issue Feb 5, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Handle unknown vault keys in tls binding jfallows/zilla
1 participant
@jfallows