Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-42094

[Artifactory] Publishing Docker Build-Info requires

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Following this guide
      Running on slave:

      docker pull hello-world
      

      we've got trace:

      Feb 16, 2017 11:34:01 AM io.netty.util.internal.logging.Slf4JLogger warn
      WARNING: An exception was thrown by org.littleshoot.proxy.impl.ConnectionFlow$2.operationComplete()
      net.lightbody.bmp.mitm.exception.MitmException: Error creating SSLEngine for connection to client to impersonate upstream host: registry-1.docker.io
      	at net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager.clientSslEngineFor(ImpersonatingMitmManager.java:227)
      	at org.littleshoot.proxy.impl.ProxyToServerConnection$3.execute(ProxyToServerConnection.java:739)
      	at org.littleshoot.proxy.impl.ConnectionFlow.doProcessCurrentStep(ConnectionFlow.java:140)
      	at org.littleshoot.proxy.impl.ConnectionFlow.processCurrentStep(ConnectionFlow.java:128)
      	at org.littleshoot.proxy.impl.ConnectionFlow.advance(ConnectionFlow.java:90)
      	at org.littleshoot.proxy.impl.ConnectionFlowStep.onSuccess(ConnectionFlowStep.java:83)
      	at org.littleshoot.proxy.impl.ConnectionFlow$2.operationComplete(ConnectionFlow.java:149)
      	at io.netty.util.concurrent.DefaultPromise.notifyListener0(DefaultPromise.java:514)
      	at io.netty.util.concurrent.DefaultPromise.notifyListenersNow(DefaultPromise.java:488)
      	at io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:427)
      	at io.netty.util.concurrent.DefaultPromise.addListener(DefaultPromise.java:170)
      	at io.netty.channel.DefaultChannelPromise.addListener(DefaultChannelPromise.java:93)
      	at io.netty.channel.DefaultChannelPromise.addListener(DefaultChannelPromise.java:28)
      	at org.littleshoot.proxy.impl.ConnectionFlow.doProcessCurrentStep(ConnectionFlow.java:140)
      	at org.littleshoot.proxy.impl.ConnectionFlow.access$000(ConnectionFlow.java:14)
      	at org.littleshoot.proxy.impl.ConnectionFlow$1.run(ConnectionFlow.java:124)
      	at io.netty.util.concurrent.PromiseTask$RunnableAdapter.call(PromiseTask.java:38)
      	at io.netty.util.concurrent.PromiseTask.run(PromiseTask.java:73)
      	at io.netty.util.concurrent.SingleThreadEventExecutor.safeExecute(SingleThreadEventExecutor.java:451)
      	at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:418)
      	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:401)
      	at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:877)
      	at java.lang.Thread.run(Thread.java:745)
      Caused by: com.google.common.util.concurrent.UncheckedExecutionException: java.lang.ClassCastException: org.bouncycastle.asn1.pkcs.PrivateKeyInfo cannot be cast to org.bouncycastle.openssl.PEMKeyPair
      	at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2234)
      	at com.google.common.cache.LocalCache.get(LocalCache.java:3965)
      	at com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4764)
      	at net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager.getHostnameImpersonatingSslContext(ImpersonatingMitmManager.java:242)
      	at net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager.clientSslEngineFor(ImpersonatingMitmManager.java:223)
      	... 22 more
      Caused by: java.lang.ClassCastException: org.bouncycastle.asn1.pkcs.PrivateKeyInfo cannot be cast to org.bouncycastle.openssl.PEMKeyPair
      	at net.lightbody.bmp.mitm.tools.BouncyCastleSecurityProviderTool.decodePemEncodedPrivateKey(BouncyCastleSecurityProviderTool.java:232)
      	at net.lightbody.bmp.mitm.tools.DefaultSecurityProviderTool.decodePemEncodedPrivateKey(DefaultSecurityProviderTool.java:94)
      	at net.lightbody.bmp.mitm.PemFileCertificateSource.loadCertificateAndKeyFiles(PemFileCertificateSource.java:79)
      	at net.lightbody.bmp.mitm.PemFileCertificateSource.access$0(PemFileCertificateSource.java:62)
      	at net.lightbody.bmp.mitm.PemFileCertificateSource$1.get(PemFileCertificateSource.java:32)
      	at net.lightbody.bmp.mitm.PemFileCertificateSource$1.get(PemFileCertificateSource.java:1)
      	at com.google.common.base.Suppliers$MemoizingSupplier.get(Suppliers.java:109)
      	at net.lightbody.bmp.mitm.PemFileCertificateSource.load(PemFileCertificateSource.java:59)
      	at net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager$2.get(ImpersonatingMitmManager.java:124)
      	at net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager$2.get(ImpersonatingMitmManager.java:1)
      	at com.google.common.base.Suppliers$MemoizingSupplier.get(Suppliers.java:109)
      	at net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager.createImpersonatingSslContext(ImpersonatingMitmManager.java:291)
      	at net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager.createImpersonatingSslContext(ImpersonatingMitmManager.java:271)
      	at net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager.access$3(ImpersonatingMitmManager.java:264)
      	at net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager$3.call(ImpersonatingMitmManager.java:245)
      	at net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager$3.call(ImpersonatingMitmManager.java:1)
      	at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4767)
      	at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3568)
      	at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2350)
      	at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2313)
      	at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2228)
      	... 26 more
      

      which is fixed by (found here)

      openssl rsa -in jfrog.proxy.key -text -out jfrog.proxy.key
      

        Attachments

          Activity

          Hide
          skulanov Sergey Kulanov added a comment -

          Hi, Roman Gurevitch probably you can comment on this ^, thank you

          Show
          skulanov Sergey Kulanov added a comment - Hi, Roman Gurevitch probably you can comment on this ^, thank you
          Hide
          romang Roman Gurevitch added a comment -

          Hi Sergey Kulanov, thanks for the comment.
          Could you elaborate more about your setup, have you changed the automatically generated certificates?

          Show
          romang Roman Gurevitch added a comment - Hi Sergey Kulanov , thanks for the comment. Could you elaborate more about your setup, have you changed the automatically generated certificates?
          Hide
          skulanov Sergey Kulanov added a comment -

          Roman Gurevitch, I've investigated a little.
          I don't use automatic certificate generation.

          I've found the issue, that in my case certificate was not encrypted, I've checked the code and find out the in case of automatic generation private key is encrypted
          https://github.com/jenkinsci/artifactory-plugin/blob/master/src/main/java/org/jfrog/hudson/pipeline/docker/proxy/CertManager.java#L45

          So the solution was to encrypt my pkey:

             # encrypt with password: AES-128-CBC
             ssh-keygen -p -f jfrog.proxy.key
          

          Probably this should be somehow reflected in documentation

          Show
          skulanov Sergey Kulanov added a comment - Roman Gurevitch , I've investigated a little. I don't use automatic certificate generation. I've found the issue, that in my case certificate was not encrypted, I've checked the code and find out the in case of automatic generation private key is encrypted https://github.com/jenkinsci/artifactory-plugin/blob/master/src/main/java/org/jfrog/hudson/pipeline/docker/proxy/CertManager.java#L45 So the solution was to encrypt my pkey: # encrypt with password: AES-128-CBC ssh-keygen -p -f jfrog.proxy.key Probably this should be somehow reflected in documentation

            People

            Assignee:
            eyalbe Eyal Ben Moshe
            Reporter:
            skulanov Sergey Kulanov
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: