[
https://issues.apache.org/jira/browse/QPID-6242?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14223441#comment-14223441
]
Keith Wall commented on QPID-6242:
----------------------------------
On Windows, this change does not work for me. I am testing on Windows 7 HE
within a VM (Parallels on the Mac). C: drive is NTFS.
# Define QPID_WORK to point to C:\Temp\qpidwork
# Start Qpid from command prompt
# Stop Qpid (^C)
# Add "confidentialConfigurationEncryptionProvider" : "AESKeyFile" to
%QPID_WORK%\config.json
# Restart Qpd. Restart fails with the following exception
It seems that .keys directory is being created with too restrictive permissions
and the code tries to recreate the file. Looking through Explorer I see the
directory has only "Special Permission".
2014-11-24 19:43:26,021 INFO [main] (broker.startup) - [Broker] BRK-1001 :
Startup : Version: 0.32-SNAPSHOT Build: Unversioned directory
2014-11-24 19:43:26,023 INFO [main] (broker.platform) - [Broker] BRK-1010 :
Platform : JVM : Oracle Corporation version: 1.7.0_11-b21 OS : Windows 7
version: 6.1 arch: amd64
2014-11-24 19:43:26,024 INFO [main] (broker.max_memory) - [Broker] BRK-1011 :
Maximum Memory : 2,130,051,072 bytes
2014-11-24 19:43:26,376 ERROR [main] (model.AbstractConfiguredObject) - Failed
to open object with name 'Broker'. Object will be put into ERROR state.
java.lang.IllegalArgumentException: Cannot create key file:
C:\Temp\qpidwork\.keys\Broker_Broker.key (Access is denied)
at
org.apache.qpid.server.security.encryption.AESKeyFileEncrypterFactory.createAndPopulateKeyFile(AESKeyFileEncrypterFactory.java:201)
at
org.apache.qpid.server.security.encryption.AESKeyFileEncrypterFactory.createEncrypter(AESKeyFileEncrypterFactory.java:81)
at
org.apache.qpid.server.model.adapter.BrokerAdapter.postResolve(BrokerAdapter.java:145)
at
org.apache.qpid.server.model.AbstractConfiguredObject.doResolution(AbstractConfiguredObject.java:685)
at
org.apache.qpid.server.model.AbstractConfiguredObject.open(AbstractConfiguredObject.java:437)
at
org.apache.qpid.server.registry.ApplicationRegistry.initialise(ApplicationRegistry.java:85)
at org.apache.qpid.server.Broker.startupImpl(Broker.java:179)
at org.apache.qpid.server.Broker.access$000(Broker.java:52)
at org.apache.qpid.server.Broker$1.run(Broker.java:135)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:415)
at org.apache.qpid.server.Broker.startup(Broker.java:130)
at org.apache.qpid.server.Main.startBroker(Main.java:458)
at org.apache.qpid.server.Main.execute(Main.java:314)
at org.apache.qpid.server.Main.<init>(Main.java:147)
at org.apache.qpid.server.Main.main(Main.java:138)
Caused by: java.io.FileNotFoundException:
C:\Temp\qpidwork\.keys\Broker_Broker.key (Access is denied)
at java.io.FileOutputStream.open(Native Method)
at java.io.FileOutputStream.<init>(FileOutputStream.java:212)
at java.io.FileOutputStream.<init>(FileOutputStream.java:165)
at
org.apache.qpid.server.security.encryption.AESKeyFileEncrypterFactory.createAndPopulateKeyFile(AESKeyFileEncrypterFactory.java:192)
... 15 more
2014-11-24 19:43:26,381 INFO [main] (broker.fatal_error) - [Broker] BRK-1016 :
Fatal error : Cannot create key file: C:\Temp\qpidwork\.keys\Broker_Broker.key
(Access is denied) : See log file for more information
2014-11-24 19:43:26,382 INFO [main] (broker.stopped) - [Broker] BRK-1005 :
Stopped
> [Java Broker] AESKeyFileEncrypterFactory does not work on non-posix
> filesystems
> -------------------------------------------------------------------------------
>
> Key: QPID-6242
> URL: https://issues.apache.org/jira/browse/QPID-6242
> Project: Qpid
> Issue Type: Bug
> Components: Java Broker
> Affects Versions: 0.30
> Reporter: Rob Godfrey
> Assignee: Rob Godfrey
> Fix For: 0.31
>
>
> The AESFileEncrypterFactory assumes that using PosixFilePermissions will
> work, but this assumption is not true on Windows environments. An alternate
> mechanism is required to secure the file on Windows and other non-posix
> permissioned filesystems.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
