Re: Tomcat 7 not working with javax.net.ssl.keyStorePassword property

[Mark Thomas]

On 22/11/2011 20:42, Satish Mittal wrote:
> Hi All,
> 
> I have observed a regression between tomcat 5 and tomcat 7.

That is https://issues.apache.org/bugzilla/show_bug.cgi?id=38774 that
was fixed only in the 5.5.x branch.

I'm not a huge fan of using system properties for configuration so I
prefer the Tomcat 6+ approach that requires explicit configuration (even
though some system properties are still used as fall back).

Mark


> 
> In my tomcat webapp, before I spawn another tomcat webapp process, I pass
> on the keystore password by setting the system property
> "javax.net.ssl.keyStorePassword" to keystore password, instead of writing
> the keystore password in plain-text as an attribute in server.xml.
> 
> This used to work in tomcat 5. However in tomcat 7, the same
> webapp/keystore throws the following error:
> 
> Nov 22, 2011 8:04:45 PM org.apache.coyote.AbstractProtocol init
> SEVERE: Failed to initialize end point associated with ProtocolHandler
> ["http-bio-8096"]
> java.io.IOException: Keystore was tampered with, or password was incorrect
> at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
>  at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
> at java.security.KeyStore.load(KeyStore.java:1185)
>  at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:407)
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:306)
>  at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:565)
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:505)
>  at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:449)
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:158)
>  at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:373)
> at
> org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:498)
>  at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:369)
> at
> org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
>  at org.apache.catalina.connector.Connector.initInternal(Connector.java:909)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
>  at
> org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
>  at
> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:781)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
>  at org.apache.catalina.startup.Catalina.load(Catalina.java:573)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:596)
>  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>  at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
>  at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:449)
>  at java.lang.Thread.run(Thread.java:619)
> Caused by: java.security.UnrecoverableKeyException: Password verification
> failed
> at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
>  ... 28 more
> Nov 22, 2011 8:04:47 PM org.apache.catalina.core.StandardService
> initInternal
> SEVERE: Failed to initialize connector [Connector[HTTP/1.1-8096]]
> org.apache.catalina.LifecycleException: Failed to initialize component
> [Connector[HTTP/1.1-8096]]
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
>  at
> org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
>  at
> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:781)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
>  at org.apache.catalina.startup.Catalina.load(Catalina.java:573)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:596)
>  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>  at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
>  at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:449)
>  at java.lang.Thread.run(Thread.java:619)
> Caused by: org.apache.catalina.LifecycleException: Protocol handler
> initialization failed
> at org.apache.catalina.connector.Connector.initInternal(Connector.java:911)
>  at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
> ... 14 more
> Caused by: java.io.IOException: Keystore was tampered with, or password was
> incorrect
> at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
>  at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
> at java.security.KeyStore.load(KeyStore.java:1185)
>  at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:407)
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:306)
>  at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:565)
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:505)
>  at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:449)
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:158)
>  at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:373)
> at
> org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:498)
>  at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:369)
> at
> org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
>  at org.apache.catalina.connector.Connector.initInternal(Connector.java:909)
> ... 15 more
> Caused by: java.security.UnrecoverableKeyException: Password verification
> failed
> at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
>  ... 28 more
> 
> Due to this error, the HTTPS connector is not initializing. The keystore is
> perfectly valid, since it works with tomcat 5.
> 
> Has anyone else observed this issue with tomcat 7? Any ideas/pointers how
> to fix it?
> 
> Thanks in advance,
> Satish Mittal
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org