katello / katello-certs-tools Goto Github PK
View Code? Open in Web Editor NEWPython library for generating SSL certificates and RPMs that contain them.
License: GNU General Public License v2.0
katello-certs-tools's Issues
2.8.1 breaks Candlepin AMQP Broker
Ohai,
the change in 363f0e1 has broken the AMQP Broker part of Candlepin. Tomcat starts, but fails to listen on port 61613. Looking at /var/log/tomcat/localhost.<date>.log one sees the following traceback:
1) Error injecting constructor, java.io.IOException: Could not read key
at org.candlepin.pki.CertificateReader.<init>(CertificateReader.java:50)
at org.candlepin.guice.CandlepinModule.bindPki(CandlepinModule.java:303)
while locating org.candlepin.pki.CertificateReader
for the 1st parameter of org.candlepin.pki.impl.JSSPKIUtility.<init>(JSSPKIUtility.java:101)
while locating org.candlepin.pki.impl.JSSPKIUtility
at org.candlepin.guice.CandlepinModule.bindPki(CandlepinModule.java:302)
while locating org.candlepin.pki.PKIUtility
Caused by: java.io.IOException: Could not read key
at org.candlepin.pki.impl.ProviderBasedPrivateKeyReader$PKCS8EncryptedPrivateKeyPemParser.decode(ProviderBasedPrivateKeyReader.java:210)
at org.candlepin.pki.PrivateKeyReader$PrivateKeyPemParser.decode(PrivateKeyReader.java:47)
at org.candlepin.pki.impl.ProviderBasedPrivateKeyReader.readPem(ProviderBasedPrivateKeyReader.java:156)
at org.candlepin.pki.impl.ProviderBasedPrivateKeyReader.read(ProviderBasedPrivateKeyReader.java:82)
at org.candlepin.pki.impl.ProviderBasedPrivateKeyReader.read(ProviderBasedPrivateKeyReader.java:60)
at org.candlepin.pki.CertificateReader.readPrivateKey(CertificateReader.java:78)
at org.candlepin.pki.CertificateReader.<init>(CertificateReader.java:58)
at org.candlepin.pki.CertificateReader$$FastClassByGuice$$d3225fea.newInstance(<generated>)
at com.google.inject.internal.DefaultConstructionProxyFactory$FastClassProxy.newInstance(DefaultConstructionProxyFactory.java:89)
at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:114)
at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:91)
at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:306)
at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:168)
at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:39)
at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:42)
at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:65)
at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:113)
at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:91)
at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:306)
at com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:62)
at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:168)
at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:39)
at com.google.inject.internal.InternalInjectorCreator.loadEagerSingletons(InternalInjectorCreator.java:213)
at com.google.inject.internal.InternalInjectorCreator.injectDynamically(InternalInjectorCreator.java:184)
at com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:111)
at com.google.inject.Guice.createInjector(Guice.java:87)
at org.jboss.resteasy.plugins.guice.GuiceResteasyBootstrapServletContextListener.contextInitialized(GuiceResteasyBootstrapServletContextListener.java:56)
at org.candlepin.guice.CandlepinContextListener.contextInitialized(CandlepinContextListener.java:133)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:5127)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5643)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:875)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1260)
at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:2002)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: java.security.NoSuchAlgorithmException: 1.2.840.113549.1.5.13 SecretKeyFactory not available
at java.base/javax.crypto.SecretKeyFactory.<init>(SecretKeyFactory.java:122)
at java.base/javax.crypto.SecretKeyFactory.getInstance(SecretKeyFactory.java:168)
at org.candlepin.pki.impl.ProviderBasedPrivateKeyReader$PKCS8EncryptedPrivateKeyPemParser.decode(ProviderBasedPrivateKeyReader.java:203)
... 42 more
I debugged this a bit further and found the following interesting:
- the change of the
CRYPTOconstant toaes265is fine - the change to using
openssl genpkeyingenServerKeyis fine - the change to using
openssl genpkeyingenPrivateCaKeyis what's breaking it - I think the issue is the format of
/etc/candlepin/certs/candlepin-ca.key(it starts withBEGIN RSA PRIVATE KEYin the working case, and withBEGIN ENCRYPTED PRIVATE KEYin the failing case)
if I convert the key withopenssl rsa -in candlepin-ca.key -passin pass:<password> -passout pass:<password> -aes256Candlepin starts working again.
I don't really understand why the change to the CA key (which the Artemis broker doesn't even need, IMHO) breaks it, but I guess it's safest to just revert the genpkey part of the change and fix it at a later point.
should unique(s) just return set(s)?
Increase Keylength for the apache Certificate
When using just the foreman-installer, the keylength will be set at 4096 Bit.
But with Katello the Keylength will be set at 2048 Bit.
I think it would be nice, changing the Keylength from 2048 Bit to 4096 Bit
use strartswith/endswith instead of s[0] and s[-1]
- if len(s) > 2 and s[0] == '[' and s[-1] == ']':
+ if s.startswith('[') and s.endswith(']'):Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.