Uploaded image for project: 'Karaf'
  1. Karaf
  2. KARAF-3660

Setting JMX SSL causes StringIndexOutOfBoundsException when setting keyPasswords without = symbol

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 4.0.0.M2
    • Fix Version/s: 2.4.2, 3.0.4, 4.0.0.M3
    • Component/s: karaf
    • Labels:
    • Environment:

      All

      Description

      When following the steps mentioned in https://issues.jboss.org/browse/ENTESB-1008 to configure the SSL based JMX access to the karaf container, If a user enters the "keyPasswords" in an incorrect manner (like without using the keyPasswords="keyAlias=keyPassword") format then it fails with the StringIndexOutOfBoundsException as following:

      2015-04-12 14:50:29,122 | ERROR | 0.0-SNAPSHOT/etc | ServiceRecipe                    | 10 - org.apache.aries.blueprint.core - 1.4.3 | Error retrieving service from ServiceRecipe[name='sample_keystore']
      org.osgi.service.blueprint.container.ComponentDefinitionException: Error setting property: PropertyDescriptor <name: keyPasswords, getter: null, setter: [class org.apache.karaf.jaas.config.impl.ResourceKeystoreInstance.setKeyPasswords(class java.lang.String)]
      	at org.apache.aries.blueprint.container.BeanRecipe.setProperty(BeanRecipe.java:941)[10:org.apache.aries.blueprint.core:1.4.3]
      	at org.apache.aries.blueprint.container.BeanRecipe.setProperties(BeanRecipe.java:907)[10:org.apache.aries.blueprint.core:1.4.3]
      	at org.apache.aries.blueprint.container.BeanRecipe.setProperties(BeanRecipe.java:888)[10:org.apache.aries.blueprint.core:1.4.3]
      	at org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:820)[10:org.apache.aries.blueprint.core:1.4.3]
      	at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:787)[10:org.apache.aries.blueprint.core:1.4.3]
      	at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:106)[10:org.apache.aries.blueprint.core:1.4.3]
      	at org.apache.aries.blueprint.container.ServiceRecipe.createService(ServiceRecipe.java:284)[10:org.apache.aries.blueprint.core:1.4.3]
      	at org.apache.aries.blueprint.container.ServiceRecipe.internalGetService(ServiceRecipe.java:251)[10:org.apache.aries.blueprint.core:1.4.3]
      	at org.apache.aries.blueprint.container.ServiceRecipe.internalCreate(ServiceRecipe.java:148)[10:org.apache.aries.blueprint.core:1.4.3]
      	at org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:79)[10:org.apache.aries.blueprint.core:1.4.3]
      	at java.util.concurrent.FutureTask.run(FutureTask.java:262)[:1.7.0_71]
      	at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:88)[10:org.apache.aries.blueprint.core:1.4.3]
      	at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:245)[10:org.apache.aries.blueprint.core:1.4.3]
      	at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:183)[10:org.apache.aries.blueprint.core:1.4.3]
      	at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:682)[10:org.apache.aries.blueprint.core:1.4.3]
      	at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:377)[10:org.apache.aries.blueprint.core:1.4.3]
      	at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:269)[10:org.apache.aries.blueprint.core:1.4.3]
      	at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:294)[10:org.apache.aries.blueprint.core:1.4.3]
      	at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:263)[10:org.apache.aries.blueprint.core:1.4.3]
      	at org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:253)[10:org.apache.aries.blueprint.core:1.4.3]
      	at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500)[19:org.apache.aries.util:1.1.0]
      	at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433)[19:org.apache.aries.util:1.1.0]
      	at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725)[19:org.apache.aries.util:1.1.0]
      	at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463)[19:org.apache.aries.util:1.1.0]
      	at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422)[19:org.apache.aries.util:1.1.0]
      	at org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179)[org.apache.felix.framework-4.9.0-SNAPSHOT.jar:]
      	at org.apache.felix.framework.util.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730)[org.apache.felix.framework-4.9.0-SNAPSHOT.jar:]
      	at org.apache.felix.framework.util.EventDispatcher.fireBundleEvent(EventDispatcher.java:485)[org.apache.felix.framework-4.9.0-SNAPSHOT.jar:]
      	at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4524)[org.apache.felix.framework-4.9.0-SNAPSHOT.jar:]
      	at org.apache.felix.framework.Felix.startBundle(Felix.java:2170)[org.apache.felix.framework-4.9.0-SNAPSHOT.jar:]
      	at org.apache.felix.framework.Felix.updateBundle(Felix.java:2482)[org.apache.felix.framework-4.9.0-SNAPSHOT.jar:]
      	at org.apache.felix.framework.BundleImpl.update(BundleImpl.java:995)[org.apache.felix.framework-4.9.0-SNAPSHOT.jar:]
      	at org.apache.felix.fileinstall.internal.DirectoryWatcher.update(DirectoryWatcher.java:1128)[4:org.apache.felix.fileinstall:3.5.0]
      	at org.apache.felix.fileinstall.internal.DirectoryWatcher.update(DirectoryWatcher.java:900)[4:org.apache.felix.fileinstall:3.5.0]
      	at org.apache.felix.fileinstall.internal.DirectoryWatcher.doProcess(DirectoryWatcher.java:481)[4:org.apache.felix.fileinstall:3.5.0]
      	at org.apache.felix.fileinstall.internal.DirectoryWatcher.process(DirectoryWatcher.java:358)[4:org.apache.felix.fileinstall:3.5.0]
      	at org.apache.felix.fileinstall.internal.DirectoryWatcher.run(DirectoryWatcher.java:310)[4:org.apache.felix.fileinstall:3.5.0]
      Caused by: java.lang.StringIndexOutOfBoundsException: String index out of range: -1
      	at java.lang.String.substring(String.java:1911)[:1.7.0_71]
      	at org.apache.karaf.jaas.config.impl.ResourceKeystoreInstance.setKeyPasswords(ResourceKeystoreInstance.java:133)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)[:1.7.0_71]
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)[:1.7.0_71]
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)[:1.7.0_71]
      	at java.lang.reflect.Method.invoke(Method.java:606)[:1.7.0_71]
      	at org.apache.aries.blueprint.utils.ReflectionUtils$MethodPropertyDescriptor.internalSet(ReflectionUtils.java:628)[10:org.apache.aries.blueprint.core:1.4.3]
      	at org.apache.aries.blueprint.utils.ReflectionUtils$PropertyDescriptor.set(ReflectionUtils.java:378)[10:org.apache.aries.blueprint.core:1.4.3]
      	at org.apache.aries.blueprint.container.BeanRecipe.setProperty(BeanRecipe.java:939)[10:org.apache.aries.blueprint.core:1.4.3]
      	... 36 more
      
      • =====================*
        Steps to Reproduce
      • =====================*

      1. Follow the Steps mentioned in the Doc https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Fuse/6.0/html/Security_Guide/files/ESBSecurityJmxSSL.html to configure the JMX access over SSL
      For your reference use the attached files which contains "jbossweb.keystore" , "keystore.xml", "org.apache.felix.fileinstall-keystore.cfg" and "org.apache.karaf.management.cfg"
      Place these above files inside the "apache-karaf-4.0.0-SNAPSHOT/etc" directory.

      2. Start the karaf container and then check the logs to find the mentioned error.

      *NOTE:* Every thing works fine if user will change the following in the file "etc/keystore.xml" to the standard way

                keyPasswords="jbossaliasJbossPassword"
      

      TO

                keyPasswords="jbossalias=JbossPassword"
      

        Attachments

        1. etc.zip
          3 kB
          Jay SenSharma
        2. log.zip
          3 kB
          Jay SenSharma

          Activity

            People

            • Assignee:
              jbonofre Jean-Baptiste Onofré
              Reporter:
              jaysensharma Jay SenSharma
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: