Uploaded image for project: 'Geronimo'
  1. Geronimo
  2. GERONIMO-6440

unlock keystore action appears to be broken when running server against Oracle JDK 1.7

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Blocker
    • Resolution: Fixed
    • 2.1.8, 2.2.1, 3.0-beta-1
    • 3.0.1
    • JVM-compatibility
    • Security Level: public (Regular issues)
    • None

    Description

      To reproduce the issue, you can follow the steps below.
      1.Start geronimo 3.0 server.
      2.Use keytool command to create a keystore with a key. For example,
      keytool -genkeypair -keystore test.jks -alias testkey -keyalg RSA -keysize 2048 -dname "cn=test.apache.org,c=US" -validity 365 -storepass welcome1
      3.Copy the keystore to <geronimo-home>\var\security\keystores
      4.use deploy encrypt to encrypt the password "welcome",go the encrypt string:

      {Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAEKvo5tkjHVqHlsBtDNRytadwdAADQUVT

      add the string into config-substitution.properties like this:

      test.jks = {Simple}

      rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAEKvo5tkjHVqHlsBtDNRytadwdAADQUVT
      testkey =

      {Simple}

      rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAEKvo5tkjHVqHlsBtDNRytadwdAADQUVT

      5. restart the server.
      6. use deploy unlock-keystore command to unlock test.jks. For example,
      deploy -u system -p manager unlock-keystore test.jks

      The result is the unlock action seems to success. But you can find an ERROR below in admin console. It will generate a incomplete j2ee-security module in config.xml. When you restart the server, you will fail on it.

      2013-02-27 11:41:06,564 WARN [FileKeystoreManager] keystoreType for new keystore "test.jks" set to "jks" based on file extension.

      2013-02-27 11:41:06,660 ERROR [LocalAttributeManager] Unable to format attribute of type java.net.URI; no editor found
      2013-02-27 11:41:06,660 WARN [BasicProxyManager] Could not load interface org.apache.geronimo.security.keystore.FileKeystoreInsta
      nce in provided ClassLoader for org.apache.geronimo.framework/j2ee-security/3.0.0/car?ServiceModule=org.apache.geronimo.framework/
      j2ee-security/3.0.0/car,j2eeType=Keystore,name=test.jks

      Attachments

        Activity

          People

            gawor@mcs.anl.gov Jarek Gawor
            xiezhi xiezhi
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: