xiezhi created GERONIMO-6440:
--------------------------------
Summary: unlock keystore action appears to be broken when running
server against Oracle JDK 1.7
Key: GERONIMO-6440
URL: https://issues.apache.org/jira/browse/GERONIMO-6440
Project: Geronimo
Issue Type: Bug
Security Level: public (Regular issues)
Components: JVM-compatibility
Affects Versions: 3.0-beta-1
Reporter: xiezhi
Priority: Blocker
To reproduce the issue, you can follow the steps below.
1.Start geronimo 3.0 server.
2.Use keytool command to create a keystore with a key. For example,
keytool -genkeypair -keystore test.jks -alias testkey -keyalg RSA -keysize 2048
-dname "cn=test.apache.org,c=US" -validity 365 -storepass welcome1
3.Copy the keystore to <geronimo-home>\var\security\keystores
4.use deploy encrypt to encrypt the password "welcome",go the encrypt string:
{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAEKvo5tkjHVqHlsBtDNRytadwdAADQUVT
add the string into config-substitution.properties like this:
test.jks =
{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAEKvo5tkjHVqHlsBtDNRytadwdAADQUVT
testkey =
{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAEKvo5tkjHVqHlsBtDNRytadwdAADQUVT
5. restart the server.
6. use deploy unlock-keystore command to unlock test.jks. For example,
deploy -u system -p manager unlock-keystore test.jks
The result is the unlock action seems to success. But you can find an ERROR
below in admin console. It will generate a incomplete j2ee-security module in
config.xml. When you restart the server, you will fail on it.
2013-02-27 11:41:06,564 WARN [FileKeystoreManager] keystoreType for new
keystore "test.jks" set to "jks" based on file extension.
2013-02-27 11:41:06,660 ERROR [LocalAttributeManager] Unable to format
attribute of type java.net.URI; no editor found
2013-02-27 11:41:06,660 WARN [BasicProxyManager] Could not load interface
org.apache.geronimo.security.keystore.FileKeystoreInsta
nce in provided ClassLoader for
org.apache.geronimo.framework/j2ee-security/3.0.0/car?ServiceModule=org.apache.geronimo.framework/
j2ee-security/3.0.0/car,j2eeType=Keystore,name=test.jks
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
