Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-42094

[Artifactory] Publishing Docker Build-Info requires

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • artifactory-plugin
    • Artifactory Plugin: 2.9.1
      Jenkins: 2.7.4
      docker client: 1.12.3

      Following this guide
      Running on slave:

      docker pull hello-world
      

      we've got trace:

      Feb 16, 2017 11:34:01 AM io.netty.util.internal.logging.Slf4JLogger warn
      WARNING: An exception was thrown by org.littleshoot.proxy.impl.ConnectionFlow$2.operationComplete()
      net.lightbody.bmp.mitm.exception.MitmException: Error creating SSLEngine for connection to client to impersonate upstream host: registry-1.docker.io
      	at net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager.clientSslEngineFor(ImpersonatingMitmManager.java:227)
      	at org.littleshoot.proxy.impl.ProxyToServerConnection$3.execute(ProxyToServerConnection.java:739)
      	at org.littleshoot.proxy.impl.ConnectionFlow.doProcessCurrentStep(ConnectionFlow.java:140)
      	at org.littleshoot.proxy.impl.ConnectionFlow.processCurrentStep(ConnectionFlow.java:128)
      	at org.littleshoot.proxy.impl.ConnectionFlow.advance(ConnectionFlow.java:90)
      	at org.littleshoot.proxy.impl.ConnectionFlowStep.onSuccess(ConnectionFlowStep.java:83)
      	at org.littleshoot.proxy.impl.ConnectionFlow$2.operationComplete(ConnectionFlow.java:149)
      	at io.netty.util.concurrent.DefaultPromise.notifyListener0(DefaultPromise.java:514)
      	at io.netty.util.concurrent.DefaultPromise.notifyListenersNow(DefaultPromise.java:488)
      	at io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:427)
      	at io.netty.util.concurrent.DefaultPromise.addListener(DefaultPromise.java:170)
      	at io.netty.channel.DefaultChannelPromise.addListener(DefaultChannelPromise.java:93)
      	at io.netty.channel.DefaultChannelPromise.addListener(DefaultChannelPromise.java:28)
      	at org.littleshoot.proxy.impl.ConnectionFlow.doProcessCurrentStep(ConnectionFlow.java:140)
      	at org.littleshoot.proxy.impl.ConnectionFlow.access$000(ConnectionFlow.java:14)
      	at org.littleshoot.proxy.impl.ConnectionFlow$1.run(ConnectionFlow.java:124)
      	at io.netty.util.concurrent.PromiseTask$RunnableAdapter.call(PromiseTask.java:38)
      	at io.netty.util.concurrent.PromiseTask.run(PromiseTask.java:73)
      	at io.netty.util.concurrent.SingleThreadEventExecutor.safeExecute(SingleThreadEventExecutor.java:451)
      	at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:418)
      	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:401)
      	at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:877)
      	at java.lang.Thread.run(Thread.java:745)
      Caused by: com.google.common.util.concurrent.UncheckedExecutionException: java.lang.ClassCastException: org.bouncycastle.asn1.pkcs.PrivateKeyInfo cannot be cast to org.bouncycastle.openssl.PEMKeyPair
      	at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2234)
      	at com.google.common.cache.LocalCache.get(LocalCache.java:3965)
      	at com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4764)
      	at net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager.getHostnameImpersonatingSslContext(ImpersonatingMitmManager.java:242)
      	at net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager.clientSslEngineFor(ImpersonatingMitmManager.java:223)
      	... 22 more
      Caused by: java.lang.ClassCastException: org.bouncycastle.asn1.pkcs.PrivateKeyInfo cannot be cast to org.bouncycastle.openssl.PEMKeyPair
      	at net.lightbody.bmp.mitm.tools.BouncyCastleSecurityProviderTool.decodePemEncodedPrivateKey(BouncyCastleSecurityProviderTool.java:232)
      	at net.lightbody.bmp.mitm.tools.DefaultSecurityProviderTool.decodePemEncodedPrivateKey(DefaultSecurityProviderTool.java:94)
      	at net.lightbody.bmp.mitm.PemFileCertificateSource.loadCertificateAndKeyFiles(PemFileCertificateSource.java:79)
      	at net.lightbody.bmp.mitm.PemFileCertificateSource.access$0(PemFileCertificateSource.java:62)
      	at net.lightbody.bmp.mitm.PemFileCertificateSource$1.get(PemFileCertificateSource.java:32)
      	at net.lightbody.bmp.mitm.PemFileCertificateSource$1.get(PemFileCertificateSource.java:1)
      	at com.google.common.base.Suppliers$MemoizingSupplier.get(Suppliers.java:109)
      	at net.lightbody.bmp.mitm.PemFileCertificateSource.load(PemFileCertificateSource.java:59)
      	at net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager$2.get(ImpersonatingMitmManager.java:124)
      	at net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager$2.get(ImpersonatingMitmManager.java:1)
      	at com.google.common.base.Suppliers$MemoizingSupplier.get(Suppliers.java:109)
      	at net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager.createImpersonatingSslContext(ImpersonatingMitmManager.java:291)
      	at net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager.createImpersonatingSslContext(ImpersonatingMitmManager.java:271)
      	at net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager.access$3(ImpersonatingMitmManager.java:264)
      	at net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager$3.call(ImpersonatingMitmManager.java:245)
      	at net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager$3.call(ImpersonatingMitmManager.java:1)
      	at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4767)
      	at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3568)
      	at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2350)
      	at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2313)
      	at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2228)
      	... 26 more
      

      which is fixed by (found here)

      openssl rsa -in jfrog.proxy.key -text -out jfrog.proxy.key
      

          [JENKINS-42094] [Artifactory] Publishing Docker Build-Info requires

          Hi, romang probably you can comment on this ^, thank you

          Sergey Kulanov added a comment - Hi, romang probably you can comment on this ^, thank you

          Hi skulanov, thanks for the comment.
          Could you elaborate more about your setup, have you changed the automatically generated certificates?

          Roman Gurevitch added a comment - Hi skulanov , thanks for the comment. Could you elaborate more about your setup, have you changed the automatically generated certificates?

          romang, I've investigated a little.
          I don't use automatic certificate generation.

          I've found the issue, that in my case certificate was not encrypted, I've checked the code and find out the in case of automatic generation private key is encrypted
          https://github.com/jenkinsci/artifactory-plugin/blob/master/src/main/java/org/jfrog/hudson/pipeline/docker/proxy/CertManager.java#L45

          So the solution was to encrypt my pkey:

             # encrypt with password: AES-128-CBC
             ssh-keygen -p -f jfrog.proxy.key
          

          Probably this should be somehow reflected in documentation

          Sergey Kulanov added a comment - romang , I've investigated a little. I don't use automatic certificate generation. I've found the issue, that in my case certificate was not encrypted, I've checked the code and find out the in case of automatic generation private key is encrypted https://github.com/jenkinsci/artifactory-plugin/blob/master/src/main/java/org/jfrog/hudson/pipeline/docker/proxy/CertManager.java#L45 So the solution was to encrypt my pkey: # encrypt with password: AES-128-CBC ssh-keygen -p -f jfrog.proxy.key Probably this should be somehow reflected in documentation

            eyalbe Eyal Ben Moshe
            skulanov Sergey Kulanov
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: