-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Resteasy Rest Client: Fix truststore password issue with Vert.x #27925
Conversation
This comment has been minimized.
This comment has been minimized.
The truststore password was being sent as empty ("") in the JksOptions. This caused the following exception: ``` Caused by: io.vertx.core.VertxException: java.security.UnrecoverableKeyException: Get Key failed: Given final block not properly padded. Such issues can arise if a bad key is used during decryption. [09:59:27.352] [INFO] [client] at io.vertx.core.net.impl.SSLHelper.getContext(SSLHelper.java:480) [09:59:27.353] [INFO] [client] at io.vertx.core.net.impl.SSLHelper.getContext(SSLHelper.java:469) [09:59:27.353] [INFO] [client] at io.vertx.core.net.impl.SSLHelper.validate(SSLHelper.java:507) [09:59:27.353] [INFO] [client] at io.vertx.core.net.impl.NetClientImpl.<init>(NetClientImpl.java:95) [09:59:27.353] [INFO] [client] at io.vertx.core.http.impl.HttpClientImpl.<init>(HttpClientImpl.java:155) [09:59:27.354] [INFO] [client] at io.vertx.core.impl.VertxImpl.createHttpClient(VertxImpl.java:338) [09:59:27.354] [INFO] [client] at io.vertx.core.impl.VertxImpl.createHttpClient(VertxImpl.java:350) [09:59:27.354] [INFO] [client] at org.jboss.resteasy.reactive.client.impl.ClientImpl.<init>(ClientImpl.java:170) [09:59:27.354] [INFO] [client] at org.jboss.resteasy.reactive.client.impl.ClientBuilderImpl.build(ClientBuilderImpl.java:244) [09:59:27.354] [INFO] [client] at io.quarkus.rest.client.reactive.runtime.RestClientBuilderImpl.build(RestClientBuilderImpl.java:332) [09:59:27.355] [INFO] [client] at io.quarkus.rest.client.reactive.runtime.RestClientCDIDelegateBuilder.build(RestClientCDIDelegateBuilder.java:64) [09:59:27.355] [INFO] [client] at io.quarkus.rest.client.reactive.runtime.RestClientCDIDelegateBuilder.createDelegate(RestClientCDIDelegateBuilder.java:42) [09:59:27.355] [INFO] [client] at io.quarkus.rest.client.reactive.runtime.RestClientReactiveCDIWrapperBase.<init>(RestClientReactiveCDIWrapperBase.java:20) [09:59:27.355] [INFO] [client] at io.jester.examples.quarkus.greetings.Client$$CDIWrapper.<init>(Unknown Source) [09:59:27.356] [INFO] [client] at io.jester.examples.quarkus.greetings.Client$$CDIWrapper_ClientProxy.<init>(Unknown Source) [09:59:27.356] [INFO] [client] at io.jester.examples.quarkus.greetings.Client$$CDIWrapper_Bean.proxy(Unknown Source) [09:59:27.356] [INFO] [client] at io.jester.examples.quarkus.greetings.Client$$CDIWrapper_Bean.get(Unknown Source) [09:59:27.356] [INFO] [client] at io.jester.examples.quarkus.greetings.Client$$CDIWrapper_Bean.get(Unknown Source) [09:59:27.357] [INFO] [client] ... 26 more [09:59:27.357] [INFO] [client] Caused by: java.security.UnrecoverableKeyException: Get Key failed: Given final block not properly padded. Such issues can arise if a bad key is used during decryption. [09:59:27.357] [INFO] [client] at java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:446) [09:59:27.357] [INFO] [client] at java.base/sun.security.util.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:90) [09:59:27.357] [INFO] [client] at java.base/java.security.KeyStore.getKey(KeyStore.java:1057) [09:59:27.357] [INFO] [client] at io.vertx.core.net.impl.KeyStoreHelper.<init>(KeyStoreHelper.java:109) [09:59:27.358] [INFO] [client] at io.vertx.core.net.KeyStoreOptionsBase.getHelper(KeyStoreOptionsBase.java:187) [09:59:27.358] [INFO] [client] at io.vertx.core.net.KeyStoreOptionsBase.getTrustManagerFactory(KeyStoreOptionsBase.java:217) [09:59:27.358] [INFO] [client] at io.vertx.core.net.impl.SSLHelper.getTrustMgrFactory(SSLHelper.java:327) [09:59:27.358] [INFO] [client] at io.vertx.core.net.impl.SSLHelper.getContext(SSLHelper.java:478) [09:59:27.358] [INFO] [client] ... 43 more [09:59:27.359] [INFO] [client] Caused by: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption. [09:59:27.359] [INFO] [client] at java.base/com.sun.crypto.provider.CipherCore.unpad(CipherCore.java:975) [09:59:27.359] [INFO] [client] at java.base/com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1056) [09:59:27.359] [INFO] [client] at java.base/com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:853) [09:59:27.359] [INFO] [client] at java.base/com.sun.crypto.provider.PKCS12PBECipherCore.implDoFinal(PKCS12PBECipherCore.java:408) [09:59:27.360] [INFO] [client] at java.base/com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede.engineDoFinal(PKCS12PBECipherCore.java:440) [09:59:27.360] [INFO] [client] at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2202) [09:59:27.360] [INFO] [client] at java.base/sun.security.pkcs12.PKCS12KeyStore.lambda$engineGetKey$0(PKCS12KeyStore.java:387) [09:59:27.360] [INFO] [client] at java.base/sun.security.pkcs12.PKCS12KeyStore$RetryWithZero.run(PKCS12KeyStore.java:283) [09:59:27.360] [INFO] [client] at java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:381) [09:59:27.361] [INFO] [client] ... 50 more ```
Hi
So the following code won't work anymore:
As a workaround I am just casting RestClientBuilder as follows: Could you please take a look at this and let me know if there is any other way or we have an issue in Quarkus indeed? PS |
@Sgitario mind taking a look at ^ please? |
#31891 should fix this issue. Thanks for spotting! |
Relates quarkusio#27925 (comment) (cherry picked from commit 4502d6a)
Relates quarkusio#27925 (comment) (cherry picked from commit 4502d6a)
Relates quarkusio#27925 (comment) (cherry picked from commit 4502d6a)
The truststore password was being sent as empty ("") in the JksOptions. This caused the following exception: