geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vamsavardhana Reddy (JIRA)" <...@geronimo.apache.org>
Subject [jira] Commented: (GERONIMO-1503) keystore generated by KeyStore portlet could not be used to add either Jetty or Tomcat HTTPS Listeners
Date Mon, 30 Jan 2006 13:36:33 GMT
    [ http://issues.apache.org/jira/browse/GERONIMO-1503?page=comments#action_12364456 ] 

Vamsavardhana Reddy commented on GERONIMO-1503:
-----------------------------------------------

Q: Does this patch fix the Jetty problem that if an empty String is specified it is treated
as null (and presumably does not work)?
A: NO.  HTTPS Connector portlet does not allow specifying empty string as password.  In the
Connector portlet, if password fields are left empty, it is treated as either "password not
specified" or "password not being changed" (incase of edit) and the corresponding member is
not set/replaced in the Connector object.  If Connector portlet needs to allow empty string
for passwords, it needs some work.  We will have to forgo some conventions like "password
field left empy means password is not being changed" etc.

Q:  is there a change needed to the Keystore portlet to use the new GBean parameter?
A: NO.  No passwords are passed between the portlet and the KeyStoreGBean.  So, Keystore portlet
does not need to be changed.

Q: after applying the patch, can the keystore generated by the portlet be used by both Tomcat
and Jetty HTTPS connectors? 
A: YES.  configs/console-tomcat/src/plan/plan.xml makes sure that keystorePassword and keyPassword
are the same.  configs/console-jetty/src/plan/plan.xml specifies a non-empty string as keyPassword.

> keystore generated by KeyStore portlet could not be used to add either Jetty or Tomcat
HTTPS Listeners
> ------------------------------------------------------------------------------------------------------
>
>          Key: GERONIMO-1503
>          URL: http://issues.apache.org/jira/browse/GERONIMO-1503
>      Project: Geronimo
>         Type: Bug
>   Components: console, security, Tomcat, web
>     Versions: 1.0
>  Environment: WinXP, Sun JDK 1.4.2_08
>     Reporter: Vamsavardhana Reddy
>      Fix For: 1.0.1, 1.1
>  Attachments: GERONIMO-1503.patch
>
> ssl-keystore-1 generated by KeyStore portlet could not be used to add either Jetty or
Tomcat HTTPS Listeners.  Steps to regenerate this error.
> 1. Start Geronimo server
> 2. Using KeyStore portlet in Geronimo Console, generate keypair.  ("ssl-keystore-1" file
is created in this step)
> 3. Using WebServers portlet, add a new HTTPS Listener.  Enter "var/security/ssl-keystore-1"
in the keystore field in this step.
> The new HTTPS Listener fails to start.
> The following exception is logged when attempting to add a Jetty HTTPS Listener.
> 21:20:05,942 WARN  [SslListener] EXCEPTION
> java.security.UnrecoverableKeyException: Cannot recover key
>     at sun.security.provider.KeyProtector.recover(KeyProtector.java:301)
>     at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:120)
>     at java.security.KeyStore.getKey(KeyStore.java:289)
>     at com.sun.net.ssl.internal.ssl.X509KeyManagerImpl.<init>(DashoA12275)
>     at com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl.engineInit(DashoA12275)
>     at javax.net.ssl.KeyManagerFactory.init(DashoA12275)
>     at org.mortbay.http.SslListener.createFactory(SslListener.java:262)
>     at org.mortbay.http.SslListener.newServerSocket(SslListener.java:283)
>     at org.mortbay.util.ThreadedServer.open(ThreadedServer.java:477)
>     at org.apache.geronimo.jetty.connector.JettyConnector.doStart(JettyConnector.java:233)
>     at org.apache.geronimo.jetty.connector.HTTPSConnector.doStart(HTTPSConnector.java:128)
>     at org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance(GBeanInstance.java:936)
>     at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:325)
>     at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:110)
>     at org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java:132)
>     at org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:537)
>     at org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java:208)
>     at org.apache.geronimo.kernel.basic.ProxyMethodInterceptor$StartRecursiveInvoke.invoke(ProxyMethodInterceptor.java:365)
>     at org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96)
>     at org.apache.geronimo.jetty.JettyWebConnector$$EnhancerByCGLIB$$e76cef7.startRecursive(<generated>)
>     at org.apache.geronimo.console.webmanager.ConnectorPortlet.processAction(ConnectorPortlet.java:143)
>     at org.apache.pluto.core.PortletServlet.dispatch(PortletServlet.java:229)
>     at org.apache.pluto.core.PortletServlet.doGet(PortletServlet.java:158)
>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:595)
>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:688)
>     at org.apache.pluto.core.PortletServlet.service(PortletServlet.java:153)
>     at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:428)
>     at org.apache.geronimo.jetty.JettyServletHolder.handle(JettyServletHolder.java:99)
>     at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplicationHandler.java:830)
>     at org.mortbay.jetty.servlet.JSR154Filter.doFilter(JSR154Filter.java:170)
>     at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplicationHandler.java:821)
>     at org.mortbay.jetty.servlet.WebApplicationHandler.dispatch(WebApplicationHandler.java:471)
>     at org.mortbay.jetty.servlet.Dispatcher.dispatch(Dispatcher.java:283)
>     at org.mortbay.jetty.servlet.Dispatcher.include(Dispatcher.java:163)
>     at org.apache.pluto.invoker.impl.PortletInvokerImpl.invoke(PortletInvokerImpl.java:120)
>     at org.apache.pluto.invoker.impl.PortletInvokerImpl.action(PortletInvokerImpl.java:68)
>     at org.apache.pluto.PortletContainerImpl.processPortletAction(PortletContainerImpl.java:164)
>     at org.apache.pluto.portalImpl.core.PortletContainerWrapperImpl.processPortletAction(PortletContainerWrapperImpl.java:82)
>     at org.apache.pluto.portalImpl.Servlet.doGet(Servlet.java:227)
>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:595)
>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:688)
>     at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:428)
>     at org.apache.geronimo.jetty.JettyServletHolder.handle(JettyServletHolder.java:99)
>     at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplicationHandler.java:830)
>     at org.mortbay.jetty.servlet.JSR154Filter.doFilter(JSR154Filter.java:170)
>     at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplicationHandler.java:821)
>     at org.mortbay.jetty.servlet.WebApplicationHandler.dispatch(WebApplicationHandler.java:471)
>     at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:568)
>     at org.mortbay.http.HttpContext.handle(HttpContext.java:1530)
>     at org.mortbay.jetty.servlet.WebApplicationContext.handle(WebApplicationContext.java:633)
>     at org.mortbay.http.HttpContext.handle(HttpContext.java:1482)
>     at org.mortbay.http.HttpServer.service(HttpServer.java:909)
>     at org.mortbay.http.HttpConnection.service(HttpConnection.java:816)
>     at org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:982)
>     at org.mortbay.http.HttpConnection.handle(HttpConnection.java:833)
>     at org.mortbay.http.SocketListener.handleConnection(SocketListener.java:244)
>     at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:357)
>     at org.mortbay.util.ThreadPool$PoolThread.run(ThreadPool.java:534)
> 21:20:06,042 ERROR [GBeanInstanceState] Error while starting; GBean is now in the FAILED
state: objectName="geronimo.server:J2EEApplication=null,J2EEModule=geronimo/jetty/1.0/car,J2EEServer=geronimo,j2eeType=GBean,name=JettyWebConnector-HTTPS-ssl-keystore-1"
> java.io.IOException: Could not create JsseListener: java.security.UnrecoverableKeyException:
Cannot recover key
>     at org.mortbay.http.SslListener.newServerSocket(SslListener.java:314)
>     at org.mortbay.util.ThreadedServer.open(ThreadedServer.java:477)
>     at org.apache.geronimo.jetty.connector.JettyConnector.doStart(JettyConnector.java:233)
>     at org.apache.geronimo.jetty.connector.HTTPSConnector.doStart(HTTPSConnector.java:128)
>     at org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance(GBeanInstance.java:936)
>     at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:325)
>     at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:110)
>     at org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java:132)
>     at org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:537)
>     at org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java:208)
>     at org.apache.geronimo.kernel.basic.ProxyMethodInterceptor$StartRecursiveInvoke.invoke(ProxyMethodInterceptor.java:365)
>     at org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96)
>     at org.apache.geronimo.jetty.JettyWebConnector$$EnhancerByCGLIB$$e76cef7.startRecursive(<generated>)
>     at org.apache.geronimo.console.webmanager.ConnectorPortlet.processAction(ConnectorPortlet.java:143)
>     at org.apache.pluto.core.PortletServlet.dispatch(PortletServlet.java:229)
>     at org.apache.pluto.core.PortletServlet.doGet(PortletServlet.java:158)
>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:595)
>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:688)
>     at org.apache.pluto.core.PortletServlet.service(PortletServlet.java:153)
>     at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:428)
>     at org.apache.geronimo.jetty.JettyServletHolder.handle(JettyServletHolder.java:99)
>     at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplicationHandler.java:830)
>     at org.mortbay.jetty.servlet.JSR154Filter.doFilter(JSR154Filter.java:170)
>     at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplicationHandler.java:821)
>     at org.mortbay.jetty.servlet.WebApplicationHandler.dispatch(WebApplicationHandler.java:471)
>     at org.mortbay.jetty.servlet.Dispatcher.dispatch(Dispatcher.java:283)
>     at org.mortbay.jetty.servlet.Dispatcher.include(Dispatcher.java:163)
>     at org.apache.pluto.invoker.impl.PortletInvokerImpl.invoke(PortletInvokerImpl.java:120)
>     at org.apache.pluto.invoker.impl.PortletInvokerImpl.action(PortletInvokerImpl.java:68)
>     at org.apache.pluto.PortletContainerImpl.processPortletAction(PortletContainerImpl.java:164)
>     at org.apache.pluto.portalImpl.core.PortletContainerWrapperImpl.processPortletAction(PortletContainerWrapperImpl.java:82)
>     at org.apache.pluto.portalImpl.Servlet.doGet(Servlet.java:227)
>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:595)
>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:688)
>     at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:428)
>     at org.apache.geronimo.jetty.JettyServletHolder.handle(JettyServletHolder.java:99)
>     at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplicationHandler.java:830)
>     at org.mortbay.jetty.servlet.JSR154Filter.doFilter(JSR154Filter.java:170)
>     at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplicationHandler.java:821)
>     at org.mortbay.jetty.servlet.WebApplicationHandler.dispatch(WebApplicationHandler.java:471)
>     at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:568)
>     at org.mortbay.http.HttpContext.handle(HttpContext.java:1530)
>     at org.mortbay.jetty.servlet.WebApplicationContext.handle(WebApplicationContext.java:633)
>     at org.mortbay.http.HttpContext.handle(HttpContext.java:1482)
>     at org.mortbay.http.HttpServer.service(HttpServer.java:909)
>     at org.mortbay.http.HttpConnection.service(HttpConnection.java:816)
>     at org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:982)
>     at org.mortbay.http.HttpConnection.handle(HttpConnection.java:833)
>     at org.mortbay.http.SocketListener.handleConnection(SocketListener.java:244)
>     at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:357)
>     at org.mortbay.util.ThreadPool$PoolThread.run(ThreadPool.java:534)

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message