[ http://issues.apache.org/jira/browse/GERONIMO-1503?page=comments#action_12364456 ]
Vamsavardhana Reddy commented on GERONIMO-1503: ----------------------------------------------- Q: Does this patch fix the Jetty problem that if an empty String is specified it is treated as null (and presumably does not work)? A: NO. HTTPS Connector portlet does not allow specifying empty string as password. In the Connector portlet, if password fields are left empty, it is treated as either "password not specified" or "password not being changed" (incase of edit) and the corresponding member is not set/replaced in the Connector object. If Connector portlet needs to allow empty string for passwords, it needs some work. We will have to forgo some conventions like "password field left empy means password is not being changed" etc. Q: is there a change needed to the Keystore portlet to use the new GBean parameter? A: NO. No passwords are passed between the portlet and the KeyStoreGBean. So, Keystore portlet does not need to be changed. Q: after applying the patch, can the keystore generated by the portlet be used by both Tomcat and Jetty HTTPS connectors? A: YES. configs/console-tomcat/src/plan/plan.xml makes sure that keystorePassword and keyPassword are the same. configs/console-jetty/src/plan/plan.xml specifies a non-empty string as keyPassword. > keystore generated by KeyStore portlet could not be used to add either Jetty > or Tomcat HTTPS Listeners > ------------------------------------------------------------------------------------------------------ > > Key: GERONIMO-1503 > URL: http://issues.apache.org/jira/browse/GERONIMO-1503 > Project: Geronimo > Type: Bug > Components: console, security, Tomcat, web > Versions: 1.0 > Environment: WinXP, Sun JDK 1.4.2_08 > Reporter: Vamsavardhana Reddy > Fix For: 1.0.1, 1.1 > Attachments: GERONIMO-1503.patch > > ssl-keystore-1 generated by KeyStore portlet could not be used to add either > Jetty or Tomcat HTTPS Listeners. Steps to regenerate this error. > 1. Start Geronimo server > 2. Using KeyStore portlet in Geronimo Console, generate keypair. > ("ssl-keystore-1" file is created in this step) > 3. Using WebServers portlet, add a new HTTPS Listener. Enter > "var/security/ssl-keystore-1" in the keystore field in this step. > The new HTTPS Listener fails to start. > The following exception is logged when attempting to add a Jetty HTTPS > Listener. > 21:20:05,942 WARN [SslListener] EXCEPTION > java.security.UnrecoverableKeyException: Cannot recover key > at sun.security.provider.KeyProtector.recover(KeyProtector.java:301) > at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:120) > at java.security.KeyStore.getKey(KeyStore.java:289) > at com.sun.net.ssl.internal.ssl.X509KeyManagerImpl.<init>(DashoA12275) > at > com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl.engineInit(DashoA12275) > at javax.net.ssl.KeyManagerFactory.init(DashoA12275) > at org.mortbay.http.SslListener.createFactory(SslListener.java:262) > at org.mortbay.http.SslListener.newServerSocket(SslListener.java:283) > at org.mortbay.util.ThreadedServer.open(ThreadedServer.java:477) > at > org.apache.geronimo.jetty.connector.JettyConnector.doStart(JettyConnector.java:233) > at > org.apache.geronimo.jetty.connector.HTTPSConnector.doStart(HTTPSConnector.java:128) > at > org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance(GBeanInstance.java:936) > at > org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:325) > at > org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:110) > at > org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java:132) > at > org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:537) > at > org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java:208) > at > org.apache.geronimo.kernel.basic.ProxyMethodInterceptor$StartRecursiveInvoke.invoke(ProxyMethodInterceptor.java:365) > at > org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96) > at > org.apache.geronimo.jetty.JettyWebConnector$$EnhancerByCGLIB$$e76cef7.startRecursive(<generated>) > at > org.apache.geronimo.console.webmanager.ConnectorPortlet.processAction(ConnectorPortlet.java:143) > at org.apache.pluto.core.PortletServlet.dispatch(PortletServlet.java:229) > at org.apache.pluto.core.PortletServlet.doGet(PortletServlet.java:158) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:595) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:688) > at org.apache.pluto.core.PortletServlet.service(PortletServlet.java:153) > at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:428) > at > org.apache.geronimo.jetty.JettyServletHolder.handle(JettyServletHolder.java:99) > at > org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplicationHandler.java:830) > at org.mortbay.jetty.servlet.JSR154Filter.doFilter(JSR154Filter.java:170) > at > org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplicationHandler.java:821) > at > org.mortbay.jetty.servlet.WebApplicationHandler.dispatch(WebApplicationHandler.java:471) > at org.mortbay.jetty.servlet.Dispatcher.dispatch(Dispatcher.java:283) > at org.mortbay.jetty.servlet.Dispatcher.include(Dispatcher.java:163) > at > org.apache.pluto.invoker.impl.PortletInvokerImpl.invoke(PortletInvokerImpl.java:120) > at > org.apache.pluto.invoker.impl.PortletInvokerImpl.action(PortletInvokerImpl.java:68) > at > org.apache.pluto.PortletContainerImpl.processPortletAction(PortletContainerImpl.java:164) > at > org.apache.pluto.portalImpl.core.PortletContainerWrapperImpl.processPortletAction(PortletContainerWrapperImpl.java:82) > at org.apache.pluto.portalImpl.Servlet.doGet(Servlet.java:227) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:595) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:688) > at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:428) > at > org.apache.geronimo.jetty.JettyServletHolder.handle(JettyServletHolder.java:99) > at > org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplicationHandler.java:830) > at org.mortbay.jetty.servlet.JSR154Filter.doFilter(JSR154Filter.java:170) > at > org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplicationHandler.java:821) > at > org.mortbay.jetty.servlet.WebApplicationHandler.dispatch(WebApplicationHandler.java:471) > at > org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:568) > at org.mortbay.http.HttpContext.handle(HttpContext.java:1530) > at > org.mortbay.jetty.servlet.WebApplicationContext.handle(WebApplicationContext.java:633) > at org.mortbay.http.HttpContext.handle(HttpContext.java:1482) > at org.mortbay.http.HttpServer.service(HttpServer.java:909) > at org.mortbay.http.HttpConnection.service(HttpConnection.java:816) > at org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:982) > at org.mortbay.http.HttpConnection.handle(HttpConnection.java:833) > at > org.mortbay.http.SocketListener.handleConnection(SocketListener.java:244) > at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:357) > at org.mortbay.util.ThreadPool$PoolThread.run(ThreadPool.java:534) > 21:20:06,042 ERROR [GBeanInstanceState] Error while starting; GBean is now in > the FAILED state: > objectName="geronimo.server:J2EEApplication=null,J2EEModule=geronimo/jetty/1.0/car,J2EEServer=geronimo,j2eeType=GBean,name=JettyWebConnector-HTTPS-ssl-keystore-1" > java.io.IOException: Could not create JsseListener: > java.security.UnrecoverableKeyException: Cannot recover key > at org.mortbay.http.SslListener.newServerSocket(SslListener.java:314) > at org.mortbay.util.ThreadedServer.open(ThreadedServer.java:477) > at > org.apache.geronimo.jetty.connector.JettyConnector.doStart(JettyConnector.java:233) > at > org.apache.geronimo.jetty.connector.HTTPSConnector.doStart(HTTPSConnector.java:128) > at > org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance(GBeanInstance.java:936) > at > org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:325) > at > org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:110) > at > org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java:132) > at > org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:537) > at > org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java:208) > at > org.apache.geronimo.kernel.basic.ProxyMethodInterceptor$StartRecursiveInvoke.invoke(ProxyMethodInterceptor.java:365) > at > org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96) > at > org.apache.geronimo.jetty.JettyWebConnector$$EnhancerByCGLIB$$e76cef7.startRecursive(<generated>) > at > org.apache.geronimo.console.webmanager.ConnectorPortlet.processAction(ConnectorPortlet.java:143) > at org.apache.pluto.core.PortletServlet.dispatch(PortletServlet.java:229) > at org.apache.pluto.core.PortletServlet.doGet(PortletServlet.java:158) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:595) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:688) > at org.apache.pluto.core.PortletServlet.service(PortletServlet.java:153) > at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:428) > at > org.apache.geronimo.jetty.JettyServletHolder.handle(JettyServletHolder.java:99) > at > org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplicationHandler.java:830) > at org.mortbay.jetty.servlet.JSR154Filter.doFilter(JSR154Filter.java:170) > at > org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplicationHandler.java:821) > at > org.mortbay.jetty.servlet.WebApplicationHandler.dispatch(WebApplicationHandler.java:471) > at org.mortbay.jetty.servlet.Dispatcher.dispatch(Dispatcher.java:283) > at org.mortbay.jetty.servlet.Dispatcher.include(Dispatcher.java:163) > at > org.apache.pluto.invoker.impl.PortletInvokerImpl.invoke(PortletInvokerImpl.java:120) > at > org.apache.pluto.invoker.impl.PortletInvokerImpl.action(PortletInvokerImpl.java:68) > at > org.apache.pluto.PortletContainerImpl.processPortletAction(PortletContainerImpl.java:164) > at > org.apache.pluto.portalImpl.core.PortletContainerWrapperImpl.processPortletAction(PortletContainerWrapperImpl.java:82) > at org.apache.pluto.portalImpl.Servlet.doGet(Servlet.java:227) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:595) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:688) > at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:428) > at > org.apache.geronimo.jetty.JettyServletHolder.handle(JettyServletHolder.java:99) > at > org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplicationHandler.java:830) > at org.mortbay.jetty.servlet.JSR154Filter.doFilter(JSR154Filter.java:170) > at > org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplicationHandler.java:821) > at > org.mortbay.jetty.servlet.WebApplicationHandler.dispatch(WebApplicationHandler.java:471) > at > org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:568) > at org.mortbay.http.HttpContext.handle(HttpContext.java:1530) > at > org.mortbay.jetty.servlet.WebApplicationContext.handle(WebApplicationContext.java:633) > at org.mortbay.http.HttpContext.handle(HttpContext.java:1482) > at org.mortbay.http.HttpServer.service(HttpServer.java:909) > at org.mortbay.http.HttpConnection.service(HttpConnection.java:816) > at org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:982) > at org.mortbay.http.HttpConnection.handle(HttpConnection.java:833) > at > org.mortbay.http.SocketListener.handleConnection(SocketListener.java:244) > at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:357) > at org.mortbay.util.ThreadPool$PoolThread.run(ThreadPool.java:534) -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
