Discussion:
Adding authentication
Adam Blank
2018-12-07 14:41:43 UTC
Permalink
Hi,

I'm not sure if this would be more of a Zookeeper or Solr question, but I'm
hoping you can help me. I'm trying to add user authentication to my
SolrCloud configuration (to secure my Solr admin consoles). I have 3
Zookeeper servers and 2 Solr nodes running. Zookeeper version 3.4.6 and
Solr version 5.5.0 on AIX. I have uploaded a security.json file to
Zookeeper using Solr's zkcli.sh script, and now I am prompted for a
username/password when logging into the Solr admin console as expected.
However, I am receiving the following error in my Solr log after rebooting:

2018-11-30 19:02:55.105 ERROR
(recoveryExecutor-3-thread-2-processing-n:<Solr IP Address>:8983_solr
x:formdoc_shard1_replica1 s:shard1 c:formdoc r:core_node1) [c:formdoc
s:shard1 r:core_node1 x:formdoc_shard1
_replica1] o.a.s.c.RecoveryStrategy Error while trying to recover.
core=formdoc_shard1_replica1:java.util.concurrent.ExecutionException:
org.apache.solr.common.SolrException: java.security.InvalidKeyExcep
tion: Invalid RSA key for encrypting; n (1024) < 2048
at java.util.concurrent.FutureTask.report(FutureTask.java:133)
at java.util.concurrent.FutureTask.get(FutureTask.java:203)
at
org.apache.solr.cloud.RecoveryStrategy.sendPrepRecoveryCmd(RecoveryStrategy.java:596)
at
org.apache.solr.cloud.RecoveryStrategy.doRecovery(RecoveryStrategy.java:353)
at
org.apache.solr.cloud.RecoveryStrategy.run(RecoveryStrategy.java:224)
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:522)
at java.util.concurrent.FutureTask.run(FutureTask.java:277)
at
org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor$1.run(ExecutorUtil.java:231)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.lang.Thread.run(Thread.java:785)
Caused by: org.apache.solr.common.SolrException:
java.security.InvalidKeyException: Invalid RSA key for encrypting; n (1024)
< 2048
at
org.apache.solr.util.CryptoKeys$RSAKeyPair.encrypt(CryptoKeys$RSAKeyPair.java:67)
at
org.apache.solr.security.PKIAuthenticationPlugin.setHeader(PKIAuthenticationPlugin.java:287)
at
org.apache.solr.security.PKIAuthenticationPlugin$HttpHeaderClientConfigurer.process(PKIAuthenticationPlugin.java:257)
at
org.apache.http.protocol.ImmutableHttpProcessor.process(ImmutableHttpProcessor.java:132)
at
org.apache.http.protocol.HttpRequestExecutor.preProcess(HttpRequestExecutor.java:166)
at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:485)
at
org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
at
org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:481)
at
org.apache.solr.client.solrj.impl.HttpSolrClient$1.call(HttpSolrClient.java:284)
at
org.apache.solr.client.solrj.impl.HttpSolrClient$1.call(HttpSolrClient.java:280)
... 5 more
Caused by: java.security.InvalidKeyException: Invalid RSA key for
encrypting; n (1024) < 2048
at com.rsa.cryptoj.o.fy.engineInit(Unknown Source)
at com.rsa.cryptoj.o.fy.engineInit(Unknown Source)
at javax.crypto.Cipher.a(Unknown Source)
at javax.crypto.Cipher.a(Unknown Source)
at javax.crypto.Cipher.init(Unknown Source)
at javax.crypto.Cipher.init(Unknown Source)
at
org.apache.solr.util.CryptoKeys$RSAKeyPair.encrypt(CryptoKeys$RSAKeyPair.java:62)
... 17 more

I tried updating the Java class
org/apache/solr/util/CryptoKeys$RSAKeyPair.class
in ./server/solr-webapp/webapp/WEB-INF/lib/solr-core-5.5.0.jar to change
the hardcoded value of 1024 to 2048, however then I received the following
error:

2018-11-30 19:11:17.387 ERROR
(recoveryExecutor-3-thread-1-processing-n:<Solr IP Address>:8983_solr
x:formdoc_shard2_replica1 s:shard2 c:formdoc r:core_node2) [c:formdoc
s:shard2 r:core_node2 x:formdoc_shard2
_replica1] o.a.s.c.RecoveryStrategy Error while trying to recover.
core=formdoc_shard2_replica1:java.util.concurrent.ExecutionException:
org.apache.solr.common.SolrException: javax.crypto.IllegalBlockSize
Exception: Invalid input.
at java.util.concurrent.FutureTask.report(FutureTask.java:133)
at java.util.concurrent.FutureTask.get(FutureTask.java:203)
at
org.apache.solr.cloud.RecoveryStrategy.sendPrepRecoveryCmd(RecoveryStrategy.java:596)
at
org.apache.solr.cloud.RecoveryStrategy.doRecovery(RecoveryStrategy.java:353)
at
org.apache.solr.cloud.RecoveryStrategy.run(RecoveryStrategy.java:224)
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:522)
at java.util.concurrent.FutureTask.run(FutureTask.java:277)
at
org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor$1.run(ExecutorUtil.java:231)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.lang.Thread.run(Thread.java:785)
Caused by: org.apache.solr.common.SolrException:
javax.crypto.IllegalBlockSizeException: Invalid input.
at
org.apache.solr.util.CryptoKeys$RSAKeyPair.encrypt(CryptoKeys$RSAKeyPair.java:67)
at
org.apache.solr.security.PKIAuthenticationPlugin.setHeader(PKIAuthenticationPlugin.java:287)
at
org.apache.solr.security.PKIAuthenticationPlugin$HttpHeaderClientConfigurer.process(PKIAuthenticationPlugin.java:257)
at
org.apache.http.protocol.ImmutableHttpProcessor.process(ImmutableHttpProcessor.java:132)
at
org.apache.http.protocol.HttpRequestExecutor.preProcess(HttpRequestExecutor.java:166)
at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:485)
at
org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
at
org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:481)
at
org.apache.solr.client.solrj.impl.HttpSolrClient$1.call(HttpSolrClient.java:284)
at
org.apache.solr.client.solrj.impl.HttpSolrClient$1.call(HttpSolrClient.java:280)
... 5 more
Caused by: javax.crypto.IllegalBlockSizeException: Invalid input.
at com.rsa.cryptoj.o.fy.engineDoFinal(Unknown Source)
at javax.crypto.Cipher.doFinal(Unknown Source)
at
org.apache.solr.util.CryptoKeys$RSAKeyPair.encrypt(CryptoKeys$RSAKeyPair.java:63)
... 17 more

I appreciate any suggestions you can offer.

Thanks,
Adam
Noble Paul
2018-12-08 04:56:35 UTC
Permalink
This is a Solr problem and not ZK problem.

This is something we have encountered before.
Which version of java are you using?
Post by Adam Blank
Hi,
I'm not sure if this would be more of a Zookeeper or Solr question, but I'm
hoping you can help me. I'm trying to add user authentication to my
SolrCloud configuration (to secure my Solr admin consoles). I have 3
Zookeeper servers and 2 Solr nodes running. Zookeeper version 3.4.6 and
Solr version 5.5.0 on AIX. I have uploaded a security.json file to
Zookeeper using Solr's zkcli.sh script, and now I am prompted for a
username/password when logging into the Solr admin console as expected.
2018-11-30 19:02:55.105 ERROR
(recoveryExecutor-3-thread-2-processing-n:<Solr IP Address>:8983_solr
x:formdoc_shard1_replica1 s:shard1 c:formdoc r:core_node1) [c:formdoc
s:shard1 r:core_node1 x:formdoc_shard1
_replica1] o.a.s.c.RecoveryStrategy Error while trying to recover.
org.apache.solr.common.SolrException: java.security.InvalidKeyExcep
tion: Invalid RSA key for encrypting; n (1024) < 2048
at java.util.concurrent.FutureTask.report(FutureTask.java:133)
at java.util.concurrent.FutureTask.get(FutureTask.java:203)
at
org.apache.solr.cloud.RecoveryStrategy.sendPrepRecoveryCmd(RecoveryStrategy.java:596)
at
org.apache.solr.cloud.RecoveryStrategy.doRecovery(RecoveryStrategy.java:353)
at
org.apache.solr.cloud.RecoveryStrategy.run(RecoveryStrategy.java:224)
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:522)
at java.util.concurrent.FutureTask.run(FutureTask.java:277)
at
org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor$1.run(ExecutorUtil.java:231)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.lang.Thread.run(Thread.java:785)
java.security.InvalidKeyException: Invalid RSA key for encrypting; n (1024)
< 2048
at
org.apache.solr.util.CryptoKeys$RSAKeyPair.encrypt(CryptoKeys$RSAKeyPair.java:67)
at
org.apache.solr.security.PKIAuthenticationPlugin.setHeader(PKIAuthenticationPlugin.java:287)
at
org.apache.solr.security.PKIAuthenticationPlugin$HttpHeaderClientConfigurer.process(PKIAuthenticationPlugin.java:257)
at
org.apache.http.protocol.ImmutableHttpProcessor.process(ImmutableHttpProcessor.java:132)
at
org.apache.http.protocol.HttpRequestExecutor.preProcess(HttpRequestExecutor.java:166)
at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:485)
at
org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
at
org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:481)
at
org.apache.solr.client.solrj.impl.HttpSolrClient$1.call(HttpSolrClient.java:284)
at
org.apache.solr.client.solrj.impl.HttpSolrClient$1.call(HttpSolrClient.java:280)
... 5 more
Caused by: java.security.InvalidKeyException: Invalid RSA key for
encrypting; n (1024) < 2048
at com.rsa.cryptoj.o.fy.engineInit(Unknown Source)
at com.rsa.cryptoj.o.fy.engineInit(Unknown Source)
at javax.crypto.Cipher.a(Unknown Source)
at javax.crypto.Cipher.a(Unknown Source)
at javax.crypto.Cipher.init(Unknown Source)
at javax.crypto.Cipher.init(Unknown Source)
at
org.apache.solr.util.CryptoKeys$RSAKeyPair.encrypt(CryptoKeys$RSAKeyPair.java:62)
... 17 more
I tried updating the Java class
org/apache/solr/util/CryptoKeys$RSAKeyPair.class
in ./server/solr-webapp/webapp/WEB-INF/lib/solr-core-5.5.0.jar to change
the hardcoded value of 1024 to 2048, however then I received the following
2018-11-30 19:11:17.387 ERROR
(recoveryExecutor-3-thread-1-processing-n:<Solr IP Address>:8983_solr
x:formdoc_shard2_replica1 s:shard2 c:formdoc r:core_node2) [c:formdoc
s:shard2 r:core_node2 x:formdoc_shard2
_replica1] o.a.s.c.RecoveryStrategy Error while trying to recover.
org.apache.solr.common.SolrException: javax.crypto.IllegalBlockSize
Exception: Invalid input.
at java.util.concurrent.FutureTask.report(FutureTask.java:133)
at java.util.concurrent.FutureTask.get(FutureTask.java:203)
at
org.apache.solr.cloud.RecoveryStrategy.sendPrepRecoveryCmd(RecoveryStrategy.java:596)
at
org.apache.solr.cloud.RecoveryStrategy.doRecovery(RecoveryStrategy.java:353)
at
org.apache.solr.cloud.RecoveryStrategy.run(RecoveryStrategy.java:224)
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:522)
at java.util.concurrent.FutureTask.run(FutureTask.java:277)
at
org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor$1.run(ExecutorUtil.java:231)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.lang.Thread.run(Thread.java:785)
javax.crypto.IllegalBlockSizeException: Invalid input.
at
org.apache.solr.util.CryptoKeys$RSAKeyPair.encrypt(CryptoKeys$RSAKeyPair.java:67)
at
org.apache.solr.security.PKIAuthenticationPlugin.setHeader(PKIAuthenticationPlugin.java:287)
at
org.apache.solr.security.PKIAuthenticationPlugin$HttpHeaderClientConfigurer.process(PKIAuthenticationPlugin.java:257)
at
org.apache.http.protocol.ImmutableHttpProcessor.process(ImmutableHttpProcessor.java:132)
at
org.apache.http.protocol.HttpRequestExecutor.preProcess(HttpRequestExecutor.java:166)
at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:485)
at
org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
at
org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:481)
at
org.apache.solr.client.solrj.impl.HttpSolrClient$1.call(HttpSolrClient.java:284)
at
org.apache.solr.client.solrj.impl.HttpSolrClient$1.call(HttpSolrClient.java:280)
... 5 more
Caused by: javax.crypto.IllegalBlockSizeException: Invalid input.
at com.rsa.cryptoj.o.fy.engineDoFinal(Unknown Source)
at javax.crypto.Cipher.doFinal(Unknown Source)
at
org.apache.solr.util.CryptoKeys$RSAKeyPair.encrypt(CryptoKeys$RSAKeyPair.java:63)
... 17 more
I appreciate any suggestions you can offer.
Thanks,
Adam
--
-----------------------------------------------------
Noble Paul
Continue reading on narkive:
Loading...