Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error when using encrypted passwords with JMS TLS configurations. #3054

Open
Manasha11 opened this issue Aug 9, 2024 · 0 comments
Open

Error when using encrypted passwords with JMS TLS configurations. #3054

Manasha11 opened this issue Aug 9, 2024 · 0 comments
Labels
Affected/APIM-4.2.0 Type/Bug

Comments

@Manasha11
Copy link

Manasha11 commented Aug 9, 2024
edited
Loading

Description

When using encrypted values for keystore and truststore passwords in event hub JMS TLS configurations as follows:

[apim.event_hub]
enable = true
jms.username = "admin"
jms.password = "$secret{admin_password}"
jms.ssl ="true'%26ssl_cert_alias='wso2carbon'%26trust_store='repository/resources/security/client-truststore.jks'%26trust_store_password='$secret{trust_store_password}'%26key_store='repository/resources/security/wso2carbon.jks'%26key_store_password='$secret{key_store_password}"
ssl = "true'%26ssl_cert_alias='wso2carbon'%26trust_store='repository/resources/security/client-truststore.jks'%26trust_store_password='$secret{trust_store_password}'%26key_store='repository/resources/security/wso2carbon.jks'%26key_store_password='$secret{key_store_password}"
service_url = "https://cp.wso2.com:9444/services/"
event_listening_endpoints = ["tcp://cp.wso2.com:8673"]

getting the following error:

ERROR - OutputAdapterRuntime Event dropped at Output Adapter 'notificationJMSPublisher' for tenant id '-1234', Cannot acquire JNDI context, JMS Connection factory : TopicConnectionFactory or default destinationName : notification for JMS CF : notificationJMSPublisher using : {transport.jms.ConcurrentPublishers=allow, java.naming.provider.url=repository/conf/jndi-cp.properties, java.naming.factory.initial=org.wso2.andes.jndi.PropertiesFileInitialContextFactory, transport.jms.DestinationType=topic, transport.jms.ConnectionFactoryJNDIName=TopicConnectionFactory, transport.jms.Destination=notification}
org.wso2.carbon.event.output.adapter.core.exception.OutputEventAdapterRuntimeException: Cannot acquire JNDI context, JMS Connection factory : TopicConnectionFactory or default destinationName : notification for JMS CF : notificationJMSPublisher using : {transport.jms.ConcurrentPublishers=allow, java.naming.provider.url=repository/conf/jndi-cp.properties, java.naming.factory.initial=org.wso2.andes.jndi.PropertiesFileInitialContextFactory, transport.jms.DestinationType=topic, transport.jms.ConnectionFactoryJNDIName=TopicConnectionFactory, transport.jms.Destination=notification}
	at org.wso2.carbon.event.output.adapter.jms.internal.util.JMSConnectionFactory.<init>(JMSConnectionFactory.java:93) ~[org.wso2.carbon.event.output.adapter.jms_5.3.5.jar:?]
	at org.wso2.carbon.event.output.adapter.jms.JMSEventAdapter.initPublisher(JMSEventAdapter.java:202) ~[org.wso2.carbon.event.output.adapter.jms_5.3.5.jar:?]
	at org.wso2.carbon.event.output.adapter.jms.JMSEventAdapter.connect(JMSEventAdapter.java:135) ~[org.wso2.carbon.event.output.adapter.jms_5.3.5.jar:?]
	at org.wso2.carbon.event.output.adapter.core.internal.OutputAdapterRuntime.publish(OutputAdapterRuntime.java:68) ~[?:?]
	at org.wso2.carbon.event.output.adapter.core.internal.CarbonOutputEventAdapterService.publish(CarbonOutputEventAdapterService.java:148) ~[?:?]
	at org.wso2.carbon.event.publisher.core.internal.EventPublisher.process(EventPublisher.java:363) ~[?:?]
	at org.wso2.carbon.event.publisher.core.internal.EventPublisher.sendEvent(EventPublisher.java:193) ~[?:?]
	at org.wso2.carbon.event.publisher.core.internal.EventPublisher.onEvent(EventPublisher.java:239) ~[?:?]
	at org.wso2.carbon.event.stream.core.internal.EventJunction.sendEvent(EventJunction.java:157) ~[?:?]
	at org.wso2.carbon.event.receiver.core.internal.management.InputEventDispatcher.onEvent(InputEventDispatcher.java:27) ~[?:?]
	at org.wso2.carbon.event.receiver.core.internal.EventReceiver.sendEvent(EventReceiver.java:275) ~[?:?]
	at org.wso2.carbon.event.receiver.core.internal.EventReceiver.processTypedEvent(EventReceiver.java:238) ~[?:?]
	at org.wso2.carbon.event.receiver.core.internal.EventReceiver$TypedEventSubscription.onEvent(EventReceiver.java:335) ~[?:?]
	at org.wso2.carbon.event.input.adapter.core.internal.InputAdapterRuntime.onEvent(InputAdapterRuntime.java:110) ~[?:?]
	at org.wso2.carbon.event.input.adapter.wso2event.internal.ds.WSO2EventAdapterServiceDS$1.receive(WSO2EventAdapterServiceDS.java:100) ~[?:?]
	at org.wso2.carbon.databridge.core.internal.queue.QueueWorker.run(QueueWorker.java:81) ~[?:?]
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) ~[?:?]
	at java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[?:?]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?]
	at java.lang.Thread.run(Thread.java:829) [?:?]
Caused by: javax.naming.ConfigurationException: Failed to parse entry: Illegal character in query between indicies 244 and 1 
amqp://admin:***@clientid/carbon?brokerlist='tcp://cp.wso2.com:8673?retries='5'%26connectdelay='50'%26ssl='true'%26ssl_cert_alias='wso2carbon'%26trust_store='repository/resources/security/client-truststore.jks'%26trust_store_password='$secret{trust_store_password}'%26key_store='repository/resources/security/wso2carbon.jks'%26key_store_password='$secret{key_store_password}';'
                                                                                                                                                                                                                                                    ^ due to : Illegal character in query at index 244: amqp://admin:***@clientid/carbon?brokerlist='tcp://cp.wso2.com:8673?retries='5'%26connectdelay='50'%26ssl='true'%26ssl_cert_alias='wso2carbon'%26trust_store='repository/resources/security/client-truststore.jks'%26trust_store_password='$secret{trust_store_password}'%26key_store='repository/resources/security/wso2carbon.jks'%26key_store_password='$secret{key_store_password}';'
	at org.wso2.andes.jndi.PropertiesFileInitialContextFactory.createFactory(PropertiesFileInitialContextFactory.java:322) ~[andes_3.3.24.4.jar:?]
	at org.wso2.andes.jndi.PropertiesFileInitialContextFactory.createConnectionFactories(PropertiesFileInitialContextFactory.java:191) ~[andes_3.3.24.4.jar:?]
	at org.wso2.andes.jndi.PropertiesFileInitialContextFactory.getInitialContext(PropertiesFileInitialContextFactory.java:157) ~[andes_3.3.24.4.jar:?]
	at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:730) ~[?:?]
	at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305) ~[?:?]
	at javax.naming.InitialContext.init(InitialContext.java:236) ~[?:?]
	at javax.naming.InitialContext.<init>(InitialContext.java:208) ~[?:?]
	at org.wso2.carbon.event.output.adapter.jms.internal.util.JMSConnectionFactory.<init>(JMSConnectionFactory.java:84) ~[org.wso2.carbon.event.output.adapter.jms_5.3.5.jar:?]
	... 20 more
Caused by: org.wso2.andes.url.URLSyntaxException: Illegal character in query at index 244: amqp://admin:***@clientid/carbon?brokerlist='tcp://cp.wso2.com:8673?retries='5'%26connectdelay='50'%26ssl='true'%26ssl_cert_alias='wso2carbon'%26trust_store='repository/resources/security/client-truststore.jks'%26trust_store_password='$secret{trust_store_password}'%26key_store='repository/resources/security/wso2carbon.jks'%26key_store_password='$secret{key_store_password}';'
	at org.wso2.andes.url.URLHelper.parseError(URLHelper.java:141) ~[andes_3.3.24.4.jar:?]
	at org.wso2.andes.url.URLHelper.parseError(URLHelper.java:136) ~[andes_3.3.24.4.jar:?]
	at org.wso2.andes.client.url.URLParser.parseURL(URLParser.java:175) ~[andes_3.3.24.4.jar:?]
	at org.wso2.andes.client.url.URLParser.<init>(URLParser.java:51) ~[andes_3.3.24.4.jar:?]
	at org.wso2.andes.client.AMQConnectionURL.<init>(AMQConnectionURL.java:65) ~[andes_3.3.24.4.jar:?]
	at org.wso2.andes.client.AMQConnectionFactory.<init>(AMQConnectionFactory.java:83) ~[andes_3.3.24.4.jar:?]
	at org.wso2.andes.jndi.PropertiesFileInitialContextFactory.createFactory(PropertiesFileInitialContextFactory.java:316) ~[andes_3.3.24.4.jar:?]
	at org.wso2.andes.jndi.PropertiesFileInitialContextFactory.createConnectionFactories(PropertiesFileInitialContextFactory.java:191) ~[andes_3.3.24.4.jar:?]
	at org.wso2.andes.jndi.PropertiesFileInitialContextFactory.getInitialContext(PropertiesFileInitialContextFactory.java:157) ~[andes_3.3.24.4.jar:?]
	at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:730) ~[?:?]
	at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305) ~[?:?]
	at javax.naming.InitialContext.init(InitialContext.java:236) ~[?:?]
	at javax.naming.InitialContext.<init>(InitialContext.java:208) ~[?:?]
	at org.wso2.carbon.event.output.adapter.jms.internal.util.JMSConnectionFactory.<init>(JMSConnectionFactory.java:84) ~[org.wso2.carbon.event.output.adapter.jms_5.3.5.jar:?]
	... 20 more

Steps to Reproduce

  • Create an APIM distributed setup.
  • Add the configurations to enable TLS over TCP.
  • Encrypt the keystore and truststore passwords using cipher tool.
  • Reference the encrypted values as follows in the CP event hub configurations:
[apim.event_hub]
enable = true
jms.username = "admin"
jms.password = "$secret{admin_password}"
jms.ssl ="true'%26ssl_cert_alias='wso2carbon'%26trust_store='repository/resources/security/client-truststore.jks'%26trust_store_password='$secret{trust_store_password}'%26key_store='repository/resources/security/wso2carbon.jks'%26key_store_password='$secret{key_store_password}"
ssl = "true'%26ssl_cert_alias='wso2carbon'%26trust_store='repository/resources/security/client-truststore.jks'%26trust_store_password='$secret{trust_store_password}'%26key_store='repository/resources/security/wso2carbon.jks'%26key_store_password='$secret{key_store_password}"
service_url = "https://cp.wso2.com:9444/services/"
event_listening_endpoints = ["tcp://cp.wso2.com:8673"]
  • Restart the server
  • Create and publish an API

Affected Component

APIM

Version

4.2.0

Environment Details (with versions)

No response

Relevant Log Output

No response

Related Issues

No response

Suggested Labels

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Affected/APIM-4.2.0 Type/Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Manasha11