Endevor B4G failed to start: PEM private key issue
search cancel

Endevor B4G failed to start: PEM private key issue

book

Article ID: 281192

calendar_today

Updated On:

Products

Endevor

Issue/Introduction

Endevor Bridge for Git failed to start with the following errors: 

***************************
APPLICATION FAILED TO START
***************************

Description:

Binding to target org.springframework.boot.context.properties.bind.BindException: Failed to bind properties under 'app' to com.ca.endevor.boot.config.AppProperties failed:

    Reason: 

    Reason: Validate Bitbucket Server connection error: com.ca.endevor.integration.connector.rest.exception.RestConnectorException: java.io.FileNotFoundException: /path_to/privkey.pem (No such file or directory)

....

java.lang.ClassCastException: class org.bouncycastle.asn1.pkcs.PrivateKeyInfo cannot be cast to class org.bouncycastle.openssl.PEMKeyPair (org.bouncycastle.asn1.pkcs.PrivateKeyInfo and org.bouncycastle.openssl.PEMKeyPair are in unnamed module of loader org.springframework.boot.loader.LaunchedURLClassLoader @32d2fa64)

 

Environment

Endevor V19

B4G 2.15

Git Server: Bitbucket

Cause

Follow Atlassian document and use the following command to generate the private key for the key pair.

openssl genrsa -out privkey.pem 2048

Specify the private key location in application.yml file

  bitbucket:
    # Open authentication properties
    oauth:
      # Location of your private key file, the corresponding public key is set in OAuth Application Link
      private-key: /path_to/privkey.pem

 

The generated private key has the PKCS#8 format (this format is not accepted): 

-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----

Only PKCS#1 format (traditional RSA key format) is accepted:

-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
 

Resolution

Issue 'openssl version' command to find out the openSSL version

If openSSL is 3.0 and above. 

check out openSSL 3.0 document and find out all the available options to generate an RSA private key.

-traditional

Write the key using the traditional PKCS#1 format instead of the PKCS#8 format.

 

Solution:

Use the following commands to create a PKCS#1 format privkey.pem, and extract public key (both keys are in PEM format)

openssl genrsa -out privkey.pem -traditional 2048

openssl rsa -pubout -in privkey.pem -out pubkey.pem

Cut and paste the pubkey.pem contents into JIRA (bitbucket Oauth application link)

Restart B4G application.

 

Additional Information

Use the same command 'openssl genrsa -out privkey.pem 2048'

  • If an older version of openSSL (such as 1.0) is used, the private key is in PKCS#1 format
  • If openSSL 3.0/3.1 is used, the private key is in PKCS#8 format
    • Adding -traditional option for openSSL 3.0/3.1 genrsa command to generate a private key in traditional PKCS#1 format
Powered by Wolken Software