search

opensearch-project / performance-analyzer

📈 Get detailed performance metrics from your cluster independently of the Java Virtual Machine (JVM)
https://opensearch.org/docs/latest/monitoring-plugins/pa/index/
Apache License 2.0
32 stars 66 forks source link

[BUG] Performance-Analyzer does not support PKCS#1 encoded private keys #605

Open dancristiancecoi opened 7 months ago

dancristiancecoi commented 7 months ago

What is the bug?

Performance-Analyzer does not appear to support PKCS#1 encoded private keys when I enable TLS.

When I use a PKCS#1 private key, I get the following error: 

6:23:48.626 [main] ERROR org.opensearch.performanceanalyzer.PerformanceAnalyzerWebServer - Unable to create HttpServer
java.lang.ClassCastException: class org.bouncycastle.openssl.PEMKeyPair cannot be cast to class org.bouncycastle.asn1.pkcs.PrivateKeyInfo (org.bouncycastle.openssl.PEMKeyPair and org.bouncycastle.asn1.pkcs.PrivateKeyInfo are in unnamed module of loader 'app')
        at org.opensearch.performanceanalyzer.CertificateUtils.getPrivateKey(CertificateUtils.java:58) ~[performance-analyzer-rca-2.11.0.0.jar:?]
        at org.opensearch.performanceanalyzer.CertificateUtils.createKeyStore(CertificateUtils.java:68) ~[performance-analyzer-rca-2.11.0.0.jar:?]
        at org.opensearch.performanceanalyzer.PerformanceAnalyzerWebServer.createHttpsServer(PerformanceAnalyzerWebServer.java:108) ~[performance-analyzer-rca-2.11.0.0.jar:?]
        at org.opensearch.performanceanalyzer.PerformanceAnalyzerWebServer.createInternalServer(PerformanceAnalyzerWebServer.java:44) [performance-analyzer-rca-2.11.0.0.jar:?]
        at org.opensearch.performanceanalyzer.PerformanceAnalyzerApp.createClientServers(PerformanceAnalyzerApp.java:348) [performance-analyzer-rca-2.11.0.0.jar:?]
        at org.opensearch.performanceanalyzer.PerformanceAnalyzerApp.createClientServers(PerformanceAnalyzerApp.java:320) [performance-analyzer-rca-2.11.0.0.jar:?]
        at org.opensearch.performanceanalyzer.PerformanceAnalyzerApp.main(PerformanceAnalyzerApp.java:113) [performance-analyzer-rca-2.11.0.0.jar:?]

Here is the relevant section of the config: 

https-enabled = true
certificate-file-path = /usr/share/elasticsearch/config/tls/nodecert.pem
private-key-file-path = /usr/share/elasticsearch/config/tls/nodekey.pem

The key has this format: 

-----BEGIN RSA PRIVATE KEY-----
base64-encoded Bytes
-----END RSA PRIVATE KEY-----

PKCS#8 encoded private keys work fine. Furthermore, everything works correctly if I convert the previously failing private key to PKCS#8

What is the expected behavior? Performance-Analyzer should start correctly when using a PKCS#1/RSA private key

What is your host/environment? OpenSearch 2.11 running in a Red Hat Enterprise Linux 8 container

dblock commented 4 weeks ago

[Triage -- attendees 1, 2, 3, 4, 5, 6, 7]

Looks like a valid feature request.