tls example failing

[CsBigDataHub]

command run

kfk console-consumer --topic my-topic -n kafka -c my-cluster --consumer.config consumer.properties

consumer.properties

security.protocol=SSL
ssl.truststore.location=./user-truststore.jks
ssl.truststore.password=changeit
ssl.keystore.location=./user.p12
ssl.keystore.password=changeit
group.id=my-group # consumer needs a group, other than this line both the properties file are the same

kfk by default looking in /tmp/ directory for user.p12 file. I have even tried giving absolute path.

[2021-07-29 21:25:57,877] ERROR Unknown error when running consumer:  (kafka.tools.ConsoleConsumer$)
org.apache.kafka.common.KafkaException: Failed to construct kafka consumer
    at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:823)
    at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:665)
    at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:646)
    at kafka.tools.ConsoleConsumer$.run(ConsoleConsumer.scala:66)
    at kafka.tools.ConsoleConsumer$.main(ConsoleConsumer.scala:53)
    at kafka.tools.ConsoleConsumer.main(ConsoleConsumer.scala)
Caused by: org.apache.kafka.common.KafkaException: Failed to load SSL keystore /tmp/user.p12 of type JKS
    at org.apache.kafka.common.security.ssl.DefaultSslEngineFactory$FileBasedStore.load(DefaultSslEngineFactory.java:377)
    at org.apache.kafka.common.security.ssl.DefaultSslEngineFactory$FileBasedStore.<init>(DefaultSslEngineFactory.java:349)
    at org.apache.kafka.common.security.ssl.DefaultSslEngineFactory.createKeystore(DefaultSslEngineFactory.java:299)
    at org.apache.kafka.common.security.ssl.DefaultSslEngineFactory.configure(DefaultSslEngineFactory.java:161)
    at org.apache.kafka.common.security.ssl.SslFactory.instantiateSslEngineFactory(SslFactory.java:138)
    at org.apache.kafka.common.security.ssl.SslFactory.configure(SslFactory.java:95)
    at org.apache.kafka.common.network.SslChannelBuilder.configure(SslChannelBuilder.java:74)
    at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:192)
    at org.apache.kafka.common.network.ChannelBuilders.clientChannelBuilder(ChannelBuilders.java:81)
    at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:105)
    at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:737)
    ... 5 more
Caused by: java.io.IOException: keystore password was incorrect
    at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2117)
    at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:243)
    at java.base/java.security.KeyStore.load(KeyStore.java:1479)
    at org.apache.kafka.common.security.ssl.DefaultSslEngineFactory$FileBasedStore.load(DefaultSslEngineFactory.java:374)
    ... 15 more
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
    ... 19 more

[arpan57]

BTW: I am able to run the examples and created about 10 more users successfully in my environment. Only difference is I am using absolute path and not the relative but it shouldn't make a difference, if you run it from the correct location.

Looking at the stack trace : Caused by: java.io.IOException: keystore password was incorrect Can you make sure the password for keystore is correct. Can you run the following command without error?

keytool -list -keystore <yourkeystorelocation> -v It will ask for the password enter the password - make sure the same you use for ssl.keystore.password.

Regards, Arpan

[CsBigDataHub]

@arpan57 Thanks, I have comments after the values in my properties file and removing that worked. Weird, I thought I can have # to include comments in java properties. Probably # comments are supported in the beginning of the line but nor after a text value.

update

yes, this is my bad, looks like I cannot have comments on the same line of the property. https://stackoverflow.com/questions/31483870/properties-file-comment-on-the-same-line-as-a-property