geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vamsavardhana Reddy (JIRA)" <...@geronimo.apache.org>
Subject [jira] Updated: (GERONIMO-1503) keystore generated by KeyStore portlet could not be used to add either Jetty or Tomcat HTTPS Listeners
Date Thu, 19 Jan 2006 19:22:42 GMT
     [ http://issues.apache.org/jira/browse/GERONIMO-1503?page=all ]

Vamsavardhana Reddy updated GERONIMO-1503:
------------------------------------------

    Attachment: GERONIMO-1503.patch

Investigating the problem revealed that only keystorePassword is set for the KeyStoreGBean.
 An empty string is being used as keyPassword.  Because of this, both Jetty and Tomcat HTTPS
Connectors are not able to recover the key.

o Tomcat HTTPS Connector requires that the keystorePassword and keyPassword are same and only
keystorePassword is specified while creating HTTPS Connector.
o Jetty HTTPS Connector allows to specify a keyPassword.  But when an empty string is specified
as keyPassword, it uses null instead of "".

GERONIMO-1503.patch: Adds keyPassword attribute to KeyStoreGBean.

> keystore generated by KeyStore portlet could not be used to add either Jetty or Tomcat
HTTPS Listeners
> ------------------------------------------------------------------------------------------------------
>
>          Key: GERONIMO-1503
>          URL: http://issues.apache.org/jira/browse/GERONIMO-1503
>      Project: Geronimo
>         Type: Bug
>   Components: console
>     Versions: 1.0, 1.0-M5
>  Environment: WinXP, Sun JDK 1.4.2_08
>     Reporter: Vamsavardhana Reddy
>  Attachments: GERONIMO-1503.patch
>
> ssl-keystore-1 generated by KeyStore portlet could not be used to add either Jetty or
Tomcat HTTPS Listeners.  Steps to regenerate this error.
> 1. Start Geronimo server
> 2. Using KeyStore portlet in Geronimo Console, generate keypair.  ("ssl-keystore-1" file
is created in this step)
> 3. Using WebServers portlet, add a new HTTPS Listener.  Enter "var/security/ssl-keystore-1"
in the keystore field in this step.
> The new HTTPS Listener fails to start.
> The following exception is logged when attempting to add a Jetty HTTPS Listener.
> 21:20:05,942 WARN  [SslListener] EXCEPTION
> java.security.UnrecoverableKeyException: Cannot recover key
>     at sun.security.provider.KeyProtector.recover(KeyProtector.java:301)
>     at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:120)
>     at java.security.KeyStore.getKey(KeyStore.java:289)
>     at com.sun.net.ssl.internal.ssl.X509KeyManagerImpl.<init>(DashoA12275)
>     at com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl.engineInit(DashoA12275)
>     at javax.net.ssl.KeyManagerFactory.init(DashoA12275)
>     at org.mortbay.http.SslListener.createFactory(SslListener.java:262)
>     at org.mortbay.http.SslListener.newServerSocket(SslListener.java:283)
>     at org.mortbay.util.ThreadedServer.open(ThreadedServer.java:477)
>     at org.apache.geronimo.jetty.connector.JettyConnector.doStart(JettyConnector.java:233)
>     at org.apache.geronimo.jetty.connector.HTTPSConnector.doStart(HTTPSConnector.java:128)
>     at org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance(GBeanInstance.java:936)
>     at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:325)
>     at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:110)
>     at org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java:132)
>     at org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:537)
>     at org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java:208)
>     at org.apache.geronimo.kernel.basic.ProxyMethodInterceptor$StartRecursiveInvoke.invoke(ProxyMethodInterceptor.java:365)
>     at org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96)
>     at org.apache.geronimo.jetty.JettyWebConnector$$EnhancerByCGLIB$$e76cef7.startRecursive(<generated>)
>     at org.apache.geronimo.console.webmanager.ConnectorPortlet.processAction(ConnectorPortlet.java:143)
>     at org.apache.pluto.core.PortletServlet.dispatch(PortletServlet.java:229)
>     at org.apache.pluto.core.PortletServlet.doGet(PortletServlet.java:158)
>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:595)
>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:688)
>     at org.apache.pluto.core.PortletServlet.service(PortletServlet.java:153)
>     at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:428)
>     at org.apache.geronimo.jetty.JettyServletHolder.handle(JettyServletHolder.java:99)
>     at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplicationHandler.java:830)
>     at org.mortbay.jetty.servlet.JSR154Filter.doFilter(JSR154Filter.java:170)
>     at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplicationHandler.java:821)
>     at org.mortbay.jetty.servlet.WebApplicationHandler.dispatch(WebApplicationHandler.java:471)
>     at org.mortbay.jetty.servlet.Dispatcher.dispatch(Dispatcher.java:283)
>     at org.mortbay.jetty.servlet.Dispatcher.include(Dispatcher.java:163)
>     at org.apache.pluto.invoker.impl.PortletInvokerImpl.invoke(PortletInvokerImpl.java:120)
>     at org.apache.pluto.invoker.impl.PortletInvokerImpl.action(PortletInvokerImpl.java:68)
>     at org.apache.pluto.PortletContainerImpl.processPortletAction(PortletContainerImpl.java:164)
>     at org.apache.pluto.portalImpl.core.PortletContainerWrapperImpl.processPortletAction(PortletContainerWrapperImpl.java:82)
>     at org.apache.pluto.portalImpl.Servlet.doGet(Servlet.java:227)
>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:595)
>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:688)
>     at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:428)
>     at org.apache.geronimo.jetty.JettyServletHolder.handle(JettyServletHolder.java:99)
>     at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplicationHandler.java:830)
>     at org.mortbay.jetty.servlet.JSR154Filter.doFilter(JSR154Filter.java:170)
>     at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplicationHandler.java:821)
>     at org.mortbay.jetty.servlet.WebApplicationHandler.dispatch(WebApplicationHandler.java:471)
>     at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:568)
>     at org.mortbay.http.HttpContext.handle(HttpContext.java:1530)
>     at org.mortbay.jetty.servlet.WebApplicationContext.handle(WebApplicationContext.java:633)
>     at org.mortbay.http.HttpContext.handle(HttpContext.java:1482)
>     at org.mortbay.http.HttpServer.service(HttpServer.java:909)
>     at org.mortbay.http.HttpConnection.service(HttpConnection.java:816)
>     at org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:982)
>     at org.mortbay.http.HttpConnection.handle(HttpConnection.java:833)
>     at org.mortbay.http.SocketListener.handleConnection(SocketListener.java:244)
>     at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:357)
>     at org.mortbay.util.ThreadPool$PoolThread.run(ThreadPool.java:534)
> 21:20:06,042 ERROR [GBeanInstanceState] Error while starting; GBean is now in the FAILED
state: objectName="geronimo.server:J2EEApplication=null,J2EEModule=geronimo/jetty/1.0/car,J2EEServer=geronimo,j2eeType=GBean,name=JettyWebConnector-HTTPS-ssl-keystore-1"
> java.io.IOException: Could not create JsseListener: java.security.UnrecoverableKeyException:
Cannot recover key
>     at org.mortbay.http.SslListener.newServerSocket(SslListener.java:314)
>     at org.mortbay.util.ThreadedServer.open(ThreadedServer.java:477)
>     at org.apache.geronimo.jetty.connector.JettyConnector.doStart(JettyConnector.java:233)
>     at org.apache.geronimo.jetty.connector.HTTPSConnector.doStart(HTTPSConnector.java:128)
>     at org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance(GBeanInstance.java:936)
>     at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:325)
>     at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:110)
>     at org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java:132)
>     at org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:537)
>     at org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java:208)
>     at org.apache.geronimo.kernel.basic.ProxyMethodInterceptor$StartRecursiveInvoke.invoke(ProxyMethodInterceptor.java:365)
>     at org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96)
>     at org.apache.geronimo.jetty.JettyWebConnector$$EnhancerByCGLIB$$e76cef7.startRecursive(<generated>)
>     at org.apache.geronimo.console.webmanager.ConnectorPortlet.processAction(ConnectorPortlet.java:143)
>     at org.apache.pluto.core.PortletServlet.dispatch(PortletServlet.java:229)
>     at org.apache.pluto.core.PortletServlet.doGet(PortletServlet.java:158)
>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:595)
>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:688)
>     at org.apache.pluto.core.PortletServlet.service(PortletServlet.java:153)
>     at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:428)
>     at org.apache.geronimo.jetty.JettyServletHolder.handle(JettyServletHolder.java:99)
>     at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplicationHandler.java:830)
>     at org.mortbay.jetty.servlet.JSR154Filter.doFilter(JSR154Filter.java:170)
>     at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplicationHandler.java:821)
>     at org.mortbay.jetty.servlet.WebApplicationHandler.dispatch(WebApplicationHandler.java:471)
>     at org.mortbay.jetty.servlet.Dispatcher.dispatch(Dispatcher.java:283)
>     at org.mortbay.jetty.servlet.Dispatcher.include(Dispatcher.java:163)
>     at org.apache.pluto.invoker.impl.PortletInvokerImpl.invoke(PortletInvokerImpl.java:120)
>     at org.apache.pluto.invoker.impl.PortletInvokerImpl.action(PortletInvokerImpl.java:68)
>     at org.apache.pluto.PortletContainerImpl.processPortletAction(PortletContainerImpl.java:164)
>     at org.apache.pluto.portalImpl.core.PortletContainerWrapperImpl.processPortletAction(PortletContainerWrapperImpl.java:82)
>     at org.apache.pluto.portalImpl.Servlet.doGet(Servlet.java:227)
>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:595)
>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:688)
>     at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:428)
>     at org.apache.geronimo.jetty.JettyServletHolder.handle(JettyServletHolder.java:99)
>     at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplicationHandler.java:830)
>     at org.mortbay.jetty.servlet.JSR154Filter.doFilter(JSR154Filter.java:170)
>     at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplicationHandler.java:821)
>     at org.mortbay.jetty.servlet.WebApplicationHandler.dispatch(WebApplicationHandler.java:471)
>     at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:568)
>     at org.mortbay.http.HttpContext.handle(HttpContext.java:1530)
>     at org.mortbay.jetty.servlet.WebApplicationContext.handle(WebApplicationContext.java:633)
>     at org.mortbay.http.HttpContext.handle(HttpContext.java:1482)
>     at org.mortbay.http.HttpServer.service(HttpServer.java:909)
>     at org.mortbay.http.HttpConnection.service(HttpConnection.java:816)
>     at org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:982)
>     at org.mortbay.http.HttpConnection.handle(HttpConnection.java:833)
>     at org.mortbay.http.SocketListener.handleConnection(SocketListener.java:244)
>     at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:357)
>     at org.mortbay.util.ThreadPool$PoolThread.run(ThreadPool.java:534)

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message