[jira] [Commented] (GERONIMO-6440) unlock keystore action appears to be broken when running server against Oracle JDK 1.7

[xiezhi (JIRA)]

[ 
https://issues.apache.org/jira/browse/GERONIMO-6440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13605954#comment-13605954
 ] 

xiezhi commented on GERONIMO-6440:
--

Jarek,totally agree. More efficient and nicer.

> unlock keystore action appears to be broken when running server against 
> Oracle JDK 1.7
> --
>
> Key: GERONIMO-6440
> URL: https://issues.apache.org/jira/browse/GERONIMO-6440
> Project: Geronimo
>  Issue Type: Bug
>  Security Level: public(Regular issues) 
>  Components: JVM-compatibility
>Affects Versions: 2.1.8, 2.2.1, 3.0-beta-1
>Reporter: xiezhi
>Assignee: Jarek Gawor
>Priority: Blocker
> Fix For: 3.0.1
>
> Attachments: PropertyEditors.java.patch
>
>
> To reproduce the issue, you can follow the steps below.
> 1.Start geronimo 3.0 server.
> 2.Use keytool command to create a keystore with a key. For example,
> keytool -genkeypair -keystore test.jks -alias testkey -keyalg RSA -keysize 
> 2048 -dname "cn=test.apache.org,c=US" -validity 365 -storepass welcome1
> 3.Copy the keystore to \var\security\keystores
> 4.use deploy encrypt to encrypt the password "welcome",go the encrypt string:
> {Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwEKvo5tkjHVqHlsBtDNRytadwdAADQUVT
> add the string into config-substitution.properties like this:
> test.jks = 
> {Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwEKvo5tkjHVqHlsBtDNRytadwdAADQUVT
> testkey = 
> {Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwEKvo5tkjHVqHlsBtDNRytadwdAADQUVT
> 5. restart the server.
> 6. use deploy unlock-keystore command to unlock test.jks. For example,
> deploy -u system -p manager unlock-keystore test.jks
> The result is the unlock action seems to success. But you can find an ERROR 
> below in admin console. It will generate a incomplete j2ee-security module in 
> config.xml. When you restart the server, you will fail on it.
> 2013-02-27 11:41:06,564 WARN  [FileKeystoreManager] keystoreType for new 
> keystore "test.jks" set to "jks" based on file extension.
> 2013-02-27 11:41:06,660 ERROR [LocalAttributeManager] Unable to format 
> attribute of type java.net.URI; no editor found
> 2013-02-27 11:41:06,660 WARN  [BasicProxyManager] Could not load interface 
> org.apache.geronimo.security.keystore.FileKeystoreInsta
> nce in provided ClassLoader for 
> org.apache.geronimo.framework/j2ee-security/3.0.0/car?ServiceModule=org.apache.geronimo.framework/
> j2ee-security/3.0.0/car,j2eeType=Keystore,name=test.jks

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (GERONIMO-6440) unlock keystore action appears to be broken when running server against Oracle JDK 1.7

[Jarek Gawor (JIRA)]

[ 
https://issues.apache.org/jira/browse/GERONIMO-6440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13605906#comment-13605906
 ] 

Jarek Gawor commented on GERONIMO-6440:
---

I applied slightly modified patch (to make it a bit more efficient) in revision 
1458076. Please verify.


> unlock keystore action appears to be broken when running server against 
> Oracle JDK 1.7
> --
>
> Key: GERONIMO-6440
> URL: https://issues.apache.org/jira/browse/GERONIMO-6440
> Project: Geronimo
>  Issue Type: Bug
>  Security Level: public(Regular issues) 
>  Components: JVM-compatibility
>Affects Versions: 2.1.8, 2.2.1, 3.0-beta-1
>Reporter: xiezhi
>Assignee: Jarek Gawor
>Priority: Blocker
> Attachments: PropertyEditors.java.patch
>
>
> To reproduce the issue, you can follow the steps below.
> 1.Start geronimo 3.0 server.
> 2.Use keytool command to create a keystore with a key. For example,
> keytool -genkeypair -keystore test.jks -alias testkey -keyalg RSA -keysize 
> 2048 -dname "cn=test.apache.org,c=US" -validity 365 -storepass welcome1
> 3.Copy the keystore to \var\security\keystores
> 4.use deploy encrypt to encrypt the password "welcome",go the encrypt string:
> {Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwEKvo5tkjHVqHlsBtDNRytadwdAADQUVT
> add the string into config-substitution.properties like this:
> test.jks = 
> {Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwEKvo5tkjHVqHlsBtDNRytadwdAADQUVT
> testkey = 
> {Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwEKvo5tkjHVqHlsBtDNRytadwdAADQUVT
> 5. restart the server.
> 6. use deploy unlock-keystore command to unlock test.jks. For example,
> deploy -u system -p manager unlock-keystore test.jks
> The result is the unlock action seems to success. But you can find an ERROR 
> below in admin console. It will generate a incomplete j2ee-security module in 
> config.xml. When you restart the server, you will fail on it.
> 2013-02-27 11:41:06,564 WARN  [FileKeystoreManager] keystoreType for new 
> keystore "test.jks" set to "jks" based on file extension.
> 2013-02-27 11:41:06,660 ERROR [LocalAttributeManager] Unable to format 
> attribute of type java.net.URI; no editor found
> 2013-02-27 11:41:06,660 WARN  [BasicProxyManager] Could not load interface 
> org.apache.geronimo.security.keystore.FileKeystoreInsta
> nce in provided ClassLoader for 
> org.apache.geronimo.framework/j2ee-security/3.0.0/car?ServiceModule=org.apache.geronimo.framework/
> j2ee-security/3.0.0/car,j2eeType=Keystore,name=test.jks

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (GERONIMO-6440) unlock keystore action appears to be broken when running server against Oracle JDK 1.7

[xiezhi (JIRA)]

[ 
https://issues.apache.org/jira/browse/GERONIMO-6440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13600961#comment-13600961
 ] 

xiezhi commented on GERONIMO-6440:
--

I missed before. The root cause I guess is geronimo propertyeditor package 
couldn't be saved. So before call PropertyEditorManager to find an editor, 
verify the searchPath list, if miss geronimo propertyeditor package, add it.

> unlock keystore action appears to be broken when running server against 
> Oracle JDK 1.7
> --
>
> Key: GERONIMO-6440
> URL: https://issues.apache.org/jira/browse/GERONIMO-6440
> Project: Geronimo
>  Issue Type: Bug
>  Security Level: public(Regular issues) 
>  Components: JVM-compatibility
>Affects Versions: 3.0-beta-1
>Reporter: xiezhi
>Priority: Blocker
>
> To reproduce the issue, you can follow the steps below.
> 1.Start geronimo 3.0 server.
> 2.Use keytool command to create a keystore with a key. For example,
> keytool -genkeypair -keystore test.jks -alias testkey -keyalg RSA -keysize 
> 2048 -dname "cn=test.apache.org,c=US" -validity 365 -storepass welcome1
> 3.Copy the keystore to \var\security\keystores
> 4.use deploy encrypt to encrypt the password "welcome",go the encrypt string:
> {Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwEKvo5tkjHVqHlsBtDNRytadwdAADQUVT
> add the string into config-substitution.properties like this:
> test.jks = 
> {Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwEKvo5tkjHVqHlsBtDNRytadwdAADQUVT
> testkey = 
> {Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwEKvo5tkjHVqHlsBtDNRytadwdAADQUVT
> 5. restart the server.
> 6. use deploy unlock-keystore command to unlock test.jks. For example,
> deploy -u system -p manager unlock-keystore test.jks
> The result is the unlock action seems to success. But you can find an ERROR 
> below in admin console. It will generate a incomplete j2ee-security module in 
> config.xml. When you restart the server, you will fail on it.
> 2013-02-27 11:41:06,564 WARN  [FileKeystoreManager] keystoreType for new 
> keystore "test.jks" set to "jks" based on file extension.
> 2013-02-27 11:41:06,660 ERROR [LocalAttributeManager] Unable to format 
> attribute of type java.net.URI; no editor found
> 2013-02-27 11:41:06,660 WARN  [BasicProxyManager] Could not load interface 
> org.apache.geronimo.security.keystore.FileKeystoreInsta
> nce in provided ClassLoader for 
> org.apache.geronimo.framework/j2ee-security/3.0.0/car?ServiceModule=org.apache.geronimo.framework/
> j2ee-security/3.0.0/car,j2eeType=Keystore,name=test.jks

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (GERONIMO-6440) unlock keystore action appears to be broken when running server against Oracle JDK 1.7

[xiezhi (JIRA)]

[ 
https://issues.apache.org/jira/browse/GERONIMO-6440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13596951#comment-13596951
 ] 

xiezhi commented on GERONIMO-6440:
--

The root cause is there is no action in Oracle JDK1.7 when 
ThreadGroupContext.getContext().getPropertyEditorFinder().find(targetType) 
couldn't find a PropertyEditor.

In Oracle JDK1.6 the PropertyEditorManager uses three techniques for locating 
an editor for a give type.
1. It provides a registerEditor method to allow an editor to be specifically 
registered for a given type.
2. It tries to locate a suitable class by adding "Editor" to the full qualified 
classname of the given type (e.g. "foo.bah.FozEditor").
3. It takes the simple classname (without the package name) adds "Editor" to it 
and looks in a search-path of packages for a matching class
Obviously, it misses the last 2 techniques in 1.7.

So I think we should add the missed techniques in 
org.apache.geronimo.common.propertyeditor.findEditor(Class).

> unlock keystore action appears to be broken when running server against 
> Oracle JDK 1.7
> --
>
> Key: GERONIMO-6440
> URL: https://issues.apache.org/jira/browse/GERONIMO-6440
> Project: Geronimo
>  Issue Type: Bug
>  Security Level: public(Regular issues) 
>  Components: JVM-compatibility
>Affects Versions: 3.0-beta-1
>Reporter: xiezhi
>Priority: Blocker
>
> To reproduce the issue, you can follow the steps below.
> 1.Start geronimo 3.0 server.
> 2.Use keytool command to create a keystore with a key. For example,
> keytool -genkeypair -keystore test.jks -alias testkey -keyalg RSA -keysize 
> 2048 -dname "cn=test.apache.org,c=US" -validity 365 -storepass welcome1
> 3.Copy the keystore to \var\security\keystores
> 4.use deploy encrypt to encrypt the password "welcome",go the encrypt string:
> {Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwEKvo5tkjHVqHlsBtDNRytadwdAADQUVT
> add the string into config-substitution.properties like this:
> test.jks = 
> {Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwEKvo5tkjHVqHlsBtDNRytadwdAADQUVT
> testkey = 
> {Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwEKvo5tkjHVqHlsBtDNRytadwdAADQUVT
> 5. restart the server.
> 6. use deploy unlock-keystore command to unlock test.jks. For example,
> deploy -u system -p manager unlock-keystore test.jks
> The result is the unlock action seems to success. But you can find an ERROR 
> below in admin console. It will generate a incomplete j2ee-security module in 
> config.xml. When you restart the server, you will fail on it.
> 2013-02-27 11:41:06,564 WARN  [FileKeystoreManager] keystoreType for new 
> keystore "test.jks" set to "jks" based on file extension.
> 2013-02-27 11:41:06,660 ERROR [LocalAttributeManager] Unable to format 
> attribute of type java.net.URI; no editor found
> 2013-02-27 11:41:06,660 WARN  [BasicProxyManager] Could not load interface 
> org.apache.geronimo.security.keystore.FileKeystoreInsta
> nce in provided ClassLoader for 
> org.apache.geronimo.framework/j2ee-security/3.0.0/car?ServiceModule=org.apache.geronimo.framework/
> j2ee-security/3.0.0/car,j2eeType=Keystore,name=test.jks

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (GERONIMO-6440) unlock keystore action appears to be broken when running server against Oracle JDK 1.7

[xiezhi (JIRA)]

[ 
https://issues.apache.org/jira/browse/GERONIMO-6440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13588028#comment-13588028
 ] 

xiezhi commented on GERONIMO-6440:
--

The root cause is Oracle JDk has done some change from JDK 1.6 to 1.7.
A java source named java.beans.PropertyEditorManager.java has changed it's 
method findEditor(Class targetType). The change makes findEditor couldn't 
return a valuable result(Actually it is null). Then server will throw a 
InvalidAttributeException with the message "Unable to format attribute of type 
java.net.URI; no editor found."

> unlock keystore action appears to be broken when running server against 
> Oracle JDK 1.7
> --
>
> Key: GERONIMO-6440
> URL: https://issues.apache.org/jira/browse/GERONIMO-6440
> Project: Geronimo
>  Issue Type: Bug
>  Security Level: public(Regular issues) 
>  Components: JVM-compatibility
>Affects Versions: 3.0-beta-1
>Reporter: xiezhi
>Priority: Blocker
>
> To reproduce the issue, you can follow the steps below.
> 1.Start geronimo 3.0 server.
> 2.Use keytool command to create a keystore with a key. For example,
> keytool -genkeypair -keystore test.jks -alias testkey -keyalg RSA -keysize 
> 2048 -dname "cn=test.apache.org,c=US" -validity 365 -storepass welcome1
> 3.Copy the keystore to \var\security\keystores
> 4.use deploy encrypt to encrypt the password "welcome",go the encrypt string:
> {Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwEKvo5tkjHVqHlsBtDNRytadwdAADQUVT
> add the string into config-substitution.properties like this:
> test.jks = 
> {Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwEKvo5tkjHVqHlsBtDNRytadwdAADQUVT
> testkey = 
> {Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwEKvo5tkjHVqHlsBtDNRytadwdAADQUVT
> 5. restart the server.
> 6. use deploy unlock-keystore command to unlock test.jks. For example,
> deploy -u system -p manager unlock-keystore test.jks
> The result is the unlock action seems to success. But you can find an ERROR 
> below in admin console. It will generate a incomplete j2ee-security module in 
> config.xml. When you restart the server, you will fail on it.
> 2013-02-27 11:41:06,564 WARN  [FileKeystoreManager] keystoreType for new 
> keystore "test.jks" set to "jks" based on file extension.
> 2013-02-27 11:41:06,660 ERROR [LocalAttributeManager] Unable to format 
> attribute of type java.net.URI; no editor found
> 2013-02-27 11:41:06,660 WARN  [BasicProxyManager] Could not load interface 
> org.apache.geronimo.security.keystore.FileKeystoreInsta
> nce in provided ClassLoader for 
> org.apache.geronimo.framework/j2ee-security/3.0.0/car?ServiceModule=org.apache.geronimo.framework/
> j2ee-security/3.0.0/car,j2eeType=Keystore,name=test.jks

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira