Home Original page

docker-java 2.1.1 bug PrivateKeyInfo cannot be cast to PEMKeyPair

I followed https://docs.docker.com/engine/articles/https/ which resulted in generating an RSA key for the client (x509 ASCII PEM format). I configured the Jenkins docker to connect to the docker server via TLS client auth. When I run the doTestConnection() method I get the following exception.

...
Caused by: com.github.dockerjava.api.DockerClientException: org.bouncycastle.asn1.pkcs.PrivateKeyInfo cannot be cast to org.bouncycastle.openssl.PEMKeyPair
    at com.github.dockerjava.core.LocalDirectorySSLConfig.getSSLContext(LocalDirectorySSLConfig.java:57)
    at com.github.dockerjava.jaxrs.DockerCmdExecFactoryImpl.init(DockerCmdExecFactoryImpl.java:138)
    ... 61 more
Caused by: java.lang.ClassCastException: org.bouncycastle.asn1.pkcs.PrivateKeyInfo cannot be cast to org.bouncycastle.openssl.PEMKeyPair
    at com.github.dockerjava.core.CertificateUtils.loadPrivateKey(CertificateUtils.java:127)
    at com.github.dockerjava.core.CertificateUtils.createKeyStore(CertificateUtils.java:45)
    at com.github.dockerjava.core.LocalDirectorySSLConfig.getSSLContext(LocalDirectorySSLConfig.java:50)
    ... 62 more

After tracking down the source I discovered the exception is caused by this line of docker-java-2.1.1.

I discovered the solution is to convert the RSA key into a longer format:

openssl rsa -in key.pem -text -out key.pem

After conversion, the exception goes away and the connection succeeds. I feel this is a bug in docker-java-2.1.1. See jenkinsci/docker-plugin#371 for more info on how I troubleshoot the issue.