geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Bohn <joe.b...@earthlink.net>
Subject Re: 1.1 keystore portlet bugs & patches
Date Wed, 26 Jul 2006 21:02:49 GMT
Aaron,

Once again, thanks for the comments.  Some more responses inline.  I 
also renumbered the items to avoid the duplicate #2's ... sorry for the 
confusion.

Aaron Mulder wrote:
> On 7/26/06, Joe Bohn <joe.bohn@earthlink.net> wrote:
> 
>>
>> I think I understand your goals here Vamsi.  However, I'm not sure that
>> the portlet (as it currently stands) is a net positive or negative for
>> Geronimo, even with your changes.  It's not a matter of "stress" tests.
>>     It looks like basic function tests (unit tests) aren't working with
>> this portlet.  I don't fully understand the function of this portlet and
>> perhaps that is clouding my judgment.
>>
>> Here's a list of the problems that I'm seeing (not necessarily complete):
>> 1)  You can hose the jetty server with one simple mouse click on the
>> available lock icon.  Even if we provided a warning prior to taking any
>> action, it is still not a safe situation.  There was a comment on the
>> dev list just before 1.1 went out that this could be fixed by setting
>> load="false" on the SSLConnector and making the keystore available after
>> server restart ... then restarting with the SSLConnector loaded again.
>> However, even after doing this the next restart of the server still
>> fails with the same error even though the console shows the keystore as
>> available.  I think this is a critical problem (see earlier post for one
>> proposal on how to fix this by requiring the password).
>>
>> 2) Serialization failures terminating tomcat after attempting to lock a
>> keystore so that it is unavailable.
>>
>> 3) The first panel indicates that the initial state of the keystores is
>> locked and unavailable.  However, it appears this is in error as the
>> default keystore is locked to edit but available.  This might just be
>> semantics but it sounds like the capability doesn't match the 
>> description.
> 
> 
> This is not my experience.  On a default install, if I look at that
> portlet, I see:
> 
> Editable=(locked icon)
> Available=(unlocked icon) 1 key available
> 
> Indicating that the keystore is available to be used by clients, but
> requires a password in order to edit.  If that's not what you see can
> you try again from a fresh install of Geronimo?

We are seeing the same thing.  What I was pointing out was that the text 
on the panel says "Keystores start out as locked against editing and 
also not available for usage by other components in the server."  The 
*not available* statement led me to think that the portlet should show:

Editable=(locked icon)
Available=(locked icon) not available

Again, it might just be a semantic problem with the wording on the panel 
rather than the state of keystore, but right now the two don't seem to 
match.

> 
>> 4) Unlocking for edit state or making the keystore available after it's
>> been locked seems to always result in serialization errors.
> 
> 
> This is the same as #2 above, and as I said, there's an easy
> workaround for the Serialization errors.

I'm not disputing your proposed change ... just listing some basic 
problems I'm seeing with the front-door code.   I listed this separately 
because it is a different scenario that fails both on jetty and tomcat. 
  This failure happens immediately on *unlock*.  The #2 failure is on 
the available *lock* but only when the server is terminated as opposed 
to when the action is issued.  And, IIRC, #2 only happens on tomcat. 
The same "available lock" operation on jetty results in #1 above.

> 
>> 5) The keystore itself is not selectable when edit is "locked". I assume
>> this is by design.  If you attempt to unlock the keystore for edit and
>> provide no password (or a bogus password), then in addition to the
>> exception being tossed for the bad password I would expect the keystore
>> to remain locked. However, the edit icon will show unlocked and you can
>> get to the edit fields of the keystore.
> 
> 
> It would be good to chage it to detect bad passwords and handle by not
> claiming that the keystore is unlocked.  That's also important for
> when you "make it available" not just when you "make it editable".

Not only would this be good, but it is the expected behavior when we 
challenge for a password to act accordingly if the correct password is 
not provided, isn't it?

> 
> To add to your list: we currently act like you can unlock specific
> keys in the keystore when you make the keystore available.  However, I
> think most consumers expect to get the one and only private key in the
> keystore.  It would be great to test with a keystore with two private
> keys and see if we can really allow you to select one or the other and
> have the HTTPS connectors use it accordingly.

Yep, sounds like another test case that should be run.

> 
> Finally, based on your questions below, you should do a bit more
> research on key/certificate plumbing.  A certificate is different from
> a CA signing request and a CA signing response.  It is appropriate to
> generate or upload a certificate but paste out a CA request and paste
> in a CA response.  The procedure is more or less to create or install
> an unsigned cert, then ask a CA to sign it, then update the cert to
> include the signature information.

Yes, I have admitted that I don't understand this all very well.  I was 
just trying to help get some more fixes into 1.1.1 when I stumbled on 
all the other problems with this portlet.

My questions below stem from the fact that clicking on the same link 
with and without the patch ("Add Trust Certificate") provides me with a 
different panel.  Without the patch this is looking for a Certificate 
file to import.  With the patch this is changed to accept "trusted 
certificate text" which must be copied from the file.   I assume that in 
both cases we're dealing with the certificate itself and not the CA 
request or CA response which I don't see referenced anywhere either with 
or without the patch.

As you pointed out, I'm getting in over my head here with my current 
knowledge (or lack thereof) around certificates and keys.  Perhaps I 
should just turn this whole mess over to you to resolve.  Interested? :-)

Thanks, Joe

> 
> Thanks,
>     Aaron
> 
>> These problems don't have anything to do with the patch ... but I think
>> they are higher priority than the items that the patch does address.
>>
>> Again, many of these "problems" may be my mis-understanding.  However,
>> I'm pretty sure that our users are not going to understand this any
>> better than I did and potentially get themselves into trouble (esp. with
>> Jetty).
>>
>> Vamsi,
>> On your patch I don't see a lot changes from the initial behavior.  Can
>> you explain how I can get to re-introduced function that had been
>> missing (preferably with a comment to GERONIMO-2218)?
>>
>> I'm also confused because I see things that I think are the functions
>> you list as missing even before I apply the patch.  For example, the
>> JIRAs indicated that you could not import a CA reply.  But isn't this
>> just the ability to import the certificate itself?  One difference
>> between the behavior with your patch versus the front-door code is how
>> the certificate is specified for import.  The front-door code imports by
>> selecting a certificate file (both jetty and tomcat) but with the patch
>> it is an input field that wants the certificate content. Can you help me
>> understand how it is better to cut and paste the content of the file
>> rather than just select the file or am I not comparing these correctly?
>>
>> Your patch also mentioned adding the capability to generate a
>> certificate.  Perhaps this is the reason for the input text field rather
>> than the file so that you can enter it free-form.  However, it seems we
>> would still want to support the file import.  Also, I don't see where we
>> would generate a certificate request with or without the patch.
>>
>> Joe
>>
>>
>>
>>
>> Vamsavardhana Reddy wrote:
>> > Hi Joe,
>> >
>> > I have not subject the new Keystore portlet to "stress test" (rather,
>> > the server under stress due to the keystore portlet).  My first 
>> priority
>> > was to get atleast the minimal functionality in place so that the
>> > keystore portlet is useful in a "production environment".  In my
>> > opinion, the idea of having the keystore portlet is to eliminate need
>> > for tools like "keytool" and "ikeyman".  More functions are needed in
>> > the portlet to get it on par with the tools mentioned above.  Once the
>> > basic functionality is in place, I will look at scenarios where the
>> > server is failing due to some side effects from the keystore portlet 
>> and
>> > provide fixes.
>> >
>> > Regards,
>> > Vamsi
>> > On 7/26/06, *Joe Bohn* <joe.bohn@earthlink.net
>> > <mailto:joe.bohn@earthlink.net>> wrote:
>> >
>> >
>> >     I was looking to see what else we need to get fixed in 1.1.1 and 
>> noticed
>> >     that there are several issues (in both 1.1 and 1.1.1) around the
>> >     keystore portlet.   I know nothing about the keystore portlet and
>> >     thought I'd check here (esp. with Aaron) before I started 
>> looking into
>> >     the patches that Vamsi has provided.   It appears that this is a 
>> real
>> >     problem spot (esp. given my initial experiment ... see below), 
>> so I'm
>> >     hoping that the patch from Vamsi works wonders :-) .
>> >
>> >     It seems like there are a number of issues (1196, 1531, 1984, 
>> and 2218)
>> >     which have all been grouped with one fix under 2218.  Some of these
>> >     sound like enhancements to me but since they appear to be 
>> addressing
>> >     function that was previously available in 1.0 but dropped from the
>> >     updated keystore portlet I assume they could be considered bug 
>> fixes.
>> >     Comments?
>> >
>> >     While just trying to get familiar with the keystore portlet as it
>> >     currently stands (w/o the 2218 patch) I managed to get 
>> serialization
>> >     errors that then reappeared each time I attempted to stop the 
>> server
>> >     (even with no additional changes).  I also managed to get the jetty
>> >     server into a state where it could not start with just two 
>> clicks of the
>> >     mouse from the portlet (one on the "unlocked" icon under 
>> "Available"
>> >     for
>> >     the geronimo-default keystore and then a second click on then 
>> "locked"
>> >     icon attempting to undo what I did with the first click).   The 
>> result
>> >     was the following set of stack traces on server restart (kinda 
>> funny
>> >     how
>> >     it wants me to unlock the keystore using the console when the 
>> server
>> >     itself won't even start).
>> >
>> >     Joe
>> >
>> >     Booting Geronimo Kernel (in Java 1.4.2_08)...
>> >     Starting Geronimo Application Server v1.1.1-SNAPSHOT
>> >     [*********>            ] 43%   8s Starting
>> >     geronimo/jetty/1.1.1-SNA...10:27:12,640 WARN  [SslListener] 
>> EXCEPTION
>> >     org.apache.geronimo.management.geronimo.KeystoreIsLocked: Keystore
>> >     'geronimo-default' is locked; please use the keystore page in 
>> the admin
>> >     console to unlock it
>> >              at
>> >     
>> org.apache.geronimo.security.keystore.FileKeystoreManager.createSSLServerFactory(FileKeystoreManager.java:300)

>>
>> >              at
>> >     
>> org.apache.geronimo.security.keystore.FileKeystoreManager$$FastClassByCGLIB$$4d9d2a71.invoke

>>
>> >     (<generated>)
>> >              at 
>> net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)

>>
>> >              at
>> >     org.apache.geronimo.gbean.runtime.GBeanOperation.invoke
>> >     (GBeanOperation.java:122)
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:817) 
>>
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
>> >              at
>> >     
>> org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:35)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96)

>>
>> >              at
>> >     
>> org.apache.geronimo.management.geronimo.KeystoreManager$$EnhancerByCGLIB$$be50f1ec.createSSLServerFactory(<generated>)

>>
>> >              at
>> >     
>> org.apache.geronimo.jetty.connector.GeronimoSSLListener.createFactory(GeronimoSSLListener.java

>>
>> >     :41)
>> >              at
>> >     org.mortbay.http.SslListener.newServerSocket(SslListener.java:283)
>> >              at
>> >     org.mortbay.util.ThreadedServer.open(ThreadedServer.java:477)
>> >              at
>> >     org.apache.geronimo.jetty.connector.JettyConnector.doStart
>> >     (JettyConnector.java:233)
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance(GBeanInstance.java:981)

>>
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java

>>
>> >     :267)
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:102)

>>
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:526) 
>>
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:111)

>>
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:146)

>>
>> >              at
>> >     org.apache.geronimo.gbean.runtime.GBeanDependency$1.running
>> >     (GBeanDependency.java:120)
>> >              at
>> >     
>> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:173)

>>
>> >              at
>> >     org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300
>> >     (BasicLifecycleMonitor.java:41)
>> >              at
>> >     
>> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:251)

>>
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart
>> >     (GBeanInstanceState.java:292)
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:102)

>>
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java
>> >     :526)
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:111)

>>
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:146)

>>
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:120)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:173)

>>
>> >
>> >              at
>> >     
>> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:41)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent

>>
>> >     (BasicLifecycleMonitor.java:251)
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:292)

>>
>> >              at
>> >     org.apache.geronimo.gbean.runtime.GBeanInstanceState.start
>> >     (GBeanInstanceState.java:102)
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java:124)

>>
>> >              at
>> >     org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive
>> >     (GBeanInstance.java:540)
>> >              at
>> >     
>> org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java:379)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGBeans 
>>
>> >     (ConfigurationUtil.java:374)
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.KernelConfigurationManager.start(KernelConfigurationManager.java:187)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration 
>>
>> >     (SimpleConfigurationManager.java:512)
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:493)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.SimpleConfigurationManager$$FastClassByCGLIB$$ce77a924.invoke

>>
>> >     (<generated>)
>> >              at 
>> net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)

>>
>> >              at
>> >     org.apache.geronimo.gbean.runtime.GBeanOperation.invoke
>> >     (GBeanOperation.java:122)
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:817) 
>>
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
>> >              at
>> >     
>> org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:35)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.EditableConfigurationManager$$EnhancerByCGLIB$$cd144e8e.startConfiguration(<generated>)

>>
>> >              at
>> >     org.apache.geronimo.system.main.Daemon.doStartup(Daemon.java:297)
>> >              at
>> >     org.apache.geronimo.system.main.Daemon.<init>(Daemon.java:74)
>> >              at 
>> org.apache.geronimo.system.main.Daemon.main(Daemon.java:377)
>> >     10:27:12,750 ERROR [GBeanInstanceState] Error while starting; 
>> GBean is
>> >     now in the FAILED state:
>> >     abstractName="geronimo/jetty/1.1.1-SNAPSHOT/car?ServiceModule=ge
>> >     
>> ronimo/jetty/1.1.1-SNAPSHOT/car,j2eeType=GBean,name=JettySSLConnector"
>> >     java.io.IOException: Could not create JsseListener:
>> >     org.apache.geronimo.management.geronimo.KeystoreIsLocked: Keystore
>> >     'geronimo-default' is locked; please use
>> >     the keystore page in the admin console to unlock it
>> >              at
>> >     org.mortbay.http.SslListener.newServerSocket (SslListener.java:314)
>> >              at
>> >     org.mortbay.util.ThreadedServer.open(ThreadedServer.java:477)
>> >              at
>> >     
>> org.apache.geronimo.jetty.connector.JettyConnector.doStart(JettyConnector.java:233)

>>
>> >              at
>> >     org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance
>> >     (GBeanInstance.java:981)
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:267)

>>
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java

>>
>> >     :102)
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:526) 
>>
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:111)

>>
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:146)

>>
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:120)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent
>> >     (BasicLifecycleMonitor.java:173)
>> >              at
>> >     
>> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:41)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent

>>
>> >     (BasicLifecycleMonitor.java:251)
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:292)

>>
>> >              at
>> >     org.apache.geronimo.gbean.runtime.GBeanInstanceState.start
>> >     (GBeanInstanceState.java:102)
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:526) 
>>
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java

>>
>> >     :111)
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:146)

>>
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:120)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:173)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:41)

>>
>> >
>> >              at
>> >     
>> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:251)

>>
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart
>> >     (GBeanInstanceState.java:292)
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:102)

>>
>> >              at
>> >     org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive
>> >     (GBeanInstanceState.java:124)
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:540)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java

>>
>> >     :379)
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGBeans(ConfigurationUtil.java:374)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.KernelConfigurationManager.start(KernelConfigurationManager.java

>>
>> >     :187)
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:512)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration 
>>
>> >     (SimpleConfigurationManager.java:493)
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.SimpleConfigurationManager$$FastClassByCGLIB$$ce77a924.invoke(<generated>)

>>
>> >              at net.sf.cglib.reflect.FastMethod.invoke 
>> (FastMethod.java:53)
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)

>>
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:122)

>>
>> >
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:817) 
>>
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
>> >              at
>> >     org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke
>> >     (RawOperationInvoker.java:35)
>> >              at
>> >     
>> org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.EditableConfigurationManager$$EnhancerByCGLIB$$cd144e8e.startConfiguration

>>
>> >     (<generated>)
>> >              at
>> >     org.apache.geronimo.system.main.Daemon.doStartup(Daemon.java:297)
>> >              at
>> >     org.apache.geronimo.system.main.Daemon.<init>(Daemon.java:74)
>> >              at org.apache.geronimo.system.main.Daemon.main
>> >     (Daemon.java:377)
>> >     10:27:12,796 WARN  [SslListener] EXCEPTION
>> >     org.apache.geronimo.management.geronimo.KeystoreIsLocked: Keystore
>> >     'geronimo-default' is locked; please use the keystore page in 
>> the admin
>> >     console to unlock it
>> >              at
>> >     
>> org.apache.geronimo.security.keystore.FileKeystoreManager.createSSLServerFactory(FileKeystoreManager.java:300)

>>
>> >              at
>> >     
>> org.apache.geronimo.security.keystore.FileKeystoreManager$$FastClassByCGLIB$$4d9d2a71.invoke

>>
>> >     (<generated>)
>> >              at 
>> net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)

>>
>> >              at
>> >     org.apache.geronimo.gbean.runtime.GBeanOperation.invoke
>> >     (GBeanOperation.java:122)
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:817) 
>>
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
>> >              at
>> >     
>> org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:35)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96)

>>
>> >              at
>> >     
>> org.apache.geronimo.management.geronimo.KeystoreManager$$EnhancerByCGLIB$$be50f1ec.createSSLServerFactory(<generated>)

>>
>> >              at
>> >     
>> org.apache.geronimo.jetty.connector.GeronimoSSLListener.createFactory(GeronimoSSLListener.java

>>
>> >     :41)
>> >              at
>> >     org.mortbay.http.SslListener.newServerSocket(SslListener.java:283)
>> >              at
>> >     org.mortbay.util.ThreadedServer.open(ThreadedServer.java:477)
>> >              at
>> >     org.apache.geronimo.jetty.connector.JettyConnector.doStart
>> >     (JettyConnector.java:233)
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance(GBeanInstance.java:981)

>>
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java

>>
>> >     :267)
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:102)

>>
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java

>>
>> >     :124)
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:540)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java:379)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGBeans(ConfigurationUtil.java:374)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.KernelConfigurationManager.start(KernelConfigurationManager.java

>>
>> >     :187)
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:512)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration 
>>
>> >     (SimpleConfigurationManager.java:493)
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.SimpleConfigurationManager$$FastClassByCGLIB$$ce77a924.invoke(<generated>)

>>
>> >              at net.sf.cglib.reflect.FastMethod.invoke 
>> (FastMethod.java:53)
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)

>>
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:122)

>>
>> >
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:817) 
>>
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
>> >              at
>> >     org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke
>> >     (RawOperationInvoker.java:35)
>> >              at
>> >     
>> org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.EditableConfigurationManager$$EnhancerByCGLIB$$cd144e8e.startConfiguration

>>
>> >     (<generated>)
>> >              at
>> >     org.apache.geronimo.system.main.Daemon.doStartup(Daemon.java:297)
>> >              at
>> >     org.apache.geronimo.system.main.Daemon.<init>(Daemon.java:74)
>> >              at org.apache.geronimo.system.main.Daemon.main
>> >     (Daemon.java:377)
>> >     10:27:12,906 ERROR [GBeanInstanceState] Error while starting; 
>> GBean is
>> >     now in the FAILED state:
>> >     abstractName="geronimo/jetty/1.1.1-SNAPSHOT/car?ServiceModule=ge
>> >     
>> ronimo/jetty/1.1.1-SNAPSHOT/car,j2eeType=GBean,name=JettySSLConnector"
>> >     java.io.IOException: Could not create JsseListener:
>> >     org.apache.geronimo.management.geronimo.KeystoreIsLocked: Keystore
>> >     'geronimo-default' is locked; please use
>> >     the keystore page in the admin console to unlock it
>> >              at
>> >     org.mortbay.http.SslListener.newServerSocket(SslListener.java:314)
>> >              at
>> >     org.mortbay.util.ThreadedServer.open(ThreadedServer.java:477)
>> >              at
>> >     org.apache.geronimo.jetty.connector.JettyConnector.doStart
>> >     (JettyConnector.java:233)
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance(GBeanInstance.java:981)

>>
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java

>>
>> >     :267)
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:102)

>>
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java

>>
>> >     :124)
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:540)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java:379)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGBeans(ConfigurationUtil.java:374)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.KernelConfigurationManager.start(KernelConfigurationManager.java

>>
>> >     :187)
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:512)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration 
>>
>> >     (SimpleConfigurationManager.java:493)
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.SimpleConfigurationManager$$FastClassByCGLIB$$ce77a924.invoke(<generated>)

>>
>> >              at net.sf.cglib.reflect.FastMethod.invoke 
>> (FastMethod.java:53)
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)

>>
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:122)

>>
>> >
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:817) 
>>
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
>> >              at
>> >     org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke
>> >     (RawOperationInvoker.java:35)
>> >              at
>> >     
>> org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.EditableConfigurationManager$$EnhancerByCGLIB$$cd144e8e.startConfiguration

>>
>> >     (<generated>)
>> >              at
>> >     org.apache.geronimo.system.main.Daemon.doStartup(Daemon.java:297)
>> >              at
>> >     org.apache.geronimo.system.main.Daemon.<init>(Daemon.java:74)
>> >              at org.apache.geronimo.system.main.Daemon.main
>> >     (Daemon.java:377)
>> >     [*********>            ] 43%   9s Startup failed
>> >     org.apache.geronimo.kernel.config.LifecycleException: start of
>> >     geronimo/jetty/1.1.1-SNAPSHOT/car failed
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration 
>>
>> >     (SimpleConfigurationManager.java:529)
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:493)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.SimpleConfigurationManager$$FastClassByCGLIB$$ce77a924.invoke

>>
>> >     (<generated>)
>> >              at 
>> net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)

>>
>> >              at
>> >     org.apache.geronimo.gbean.runtime.GBeanOperation.invoke
>> >     (GBeanOperation.java:122)
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:817) 
>>
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
>> >              at
>> >     
>> org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:35)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.EditableConfigurationManager$$EnhancerByCGLIB$$cd144e8e.startConfiguration(<generated>)

>>
>> >              at
>> >     org.apache.geronimo.system.main.Daemon.doStartup(Daemon.java:297)
>> >              at
>> >     org.apache.geronimo.system.main.Daemon.<init>(Daemon.java:74)
>> >              at 
>> org.apache.geronimo.system.main.Daemon.main(Daemon.java:377)
>> >     Caused by: 
>> org.apache.geronimo.kernel.config.InvalidConfigException:
>> >     Unknown start exception
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGBeans(ConfigurationUtil.java:440)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.KernelConfigurationManager.start(KernelConfigurationManager.java

>>
>> >     :187)
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:512)

>>
>> >              ... 13 more
>> >     Caused by: 
>> org.apache.geronimo.gbean.InvalidConfigurationException :
>> >     Configuration geronimo/jetty/1.1.1-SNAPSHOT/car failed to start 
>> due to
>> >     the following reasons
>> >     :
>> >        The service
>> >     
>> ServiceModule=geronimo/jetty/1.1.1-SNAPSHOT/car,j2eeType=GBean,name=JettySSLConnector

>>
>> >     did not start because the doStart method threw an exception.
>> >
>> >     java.io.IOException: Could not create JsseListener:
>> >     org.apache.geronimo.management.geronimo.KeystoreIsLocked: Keystore
>> >     'geronimo-default' is locked; please use
>> >     the keystore page in the admin console to unlock it
>> >              at
>> >     org.mortbay.http.SslListener.newServerSocket(SslListener.java:314)
>> >              at
>> >     org.mortbay.util.ThreadedServer.open(ThreadedServer.java:477)
>> >              at
>> >     org.apache.geronimo.jetty.connector.JettyConnector.doStart
>> >     (JettyConnector.java:233)
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance(GBeanInstance.java:981)

>>
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java

>>
>> >     :267)
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:102)

>>
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java

>>
>> >     :124)
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:540)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java:379)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGBeans(ConfigurationUtil.java:374)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.KernelConfigurationManager.start(KernelConfigurationManager.java

>>
>> >     :187)
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:512)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration 
>>
>> >     (SimpleConfigurationManager.java:493)
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.SimpleConfigurationManager$$FastClassByCGLIB$$ce77a924.invoke(<generated>)

>>
>> >              at net.sf.cglib.reflect.FastMethod.invoke 
>> (FastMethod.java:53)
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)

>>
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:122)

>>
>> >
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:817) 
>>
>> >              at
>> >     
>> org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
>> >              at
>> >     org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke
>> >     (RawOperationInvoker.java:35)
>> >              at
>> >     
>> org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96)

>>
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.EditableConfigurationManager$$EnhancerByCGLIB$$cd144e8e.startConfiguration

>>
>> >     (<generated>)
>> >              at
>> >     org.apache.geronimo.system.main.Daemon.doStartup(Daemon.java:297)
>> >              at
>> >     org.apache.geronimo.system.main.Daemon.<init>(Daemon.java:74)
>> >              at org.apache.geronimo.system.main.Daemon.main
>> >     (Daemon.java:377)
>> >
>> >
>> >              at
>> >     
>> org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGBeans(ConfigurationUtil.java:403)

>>
>> >              ... 15 more
>> >     Server shutdown begun              tartup failed
>> >     Server shutdown completed
>> >
>> >
>> >
>> >
>>
> 
> 

Mime
View raw message