Just an update on this problem.
There is still a problem with the locking (esp. in jetty) due to
multiple attributes (containing both the password value and null) for
the keystorePassword and keyPasswords. However, with the fix just
integrated for GERONIMO-2252 we at least have some recovery plan (modify
the config.xml to remove the null entries and the remain stored entries
will correctly unlock the keys).
Thanks to Vamsavardhana Reddy for finding the root cause of why the
passwords were being stored incorrectly. Now we just need to figure out
why we're ending up with multiple entries in config.xml for the same
attributes.
Joe
Joe Bohn wrote:
I'm still trying to figure out some critical problems with the keystore
processing on jetty.
The most serious problem that I've yet to resolve is a problem with the
lock/unlock of the keystore availability lock. A subsequent server
restart will fail because "Keystore 'geronimo-default' is locked". It
appears that we cannot recover from this error either. Even if I change
the config.xml for SSLConnector to load="false", restart the server,
unlock the keystore/key (again) I still get the same failure when I
attempt to start with the SSLConnector enabled.
At first I thought this was because of the duplicate attribute entries
referenced in an earlier post. In fact, I'm pretty sure that I edited
the config.xml to remove the "null" entries and was able to get the
server started. However, I have recently been unable to recover from
this error using the same mechanism. In fact it seems to create more
problems because after removing the null entries I now get an
UnrecoverableKeyException.
Any advice or recommendations? I'm beginning to wonder if we should
disable the keystore portlet for 1.1.1 so that the user can't shoot
himself in the foot.
Joe