Bug 1369101

Summary: Store and key passwords incorrectly required in rhq-server.properties
Product: [JBoss] JBoss Operations Network Reporter: Filip Brychta <fbrychta>
Component: Core Server, UsabilityAssignee: Josejulio Martínez <jmartine>
Status: CLOSED ERRATA QA Contact: Filip Brychta <fbrychta>
Severity: high Docs Contact:
Priority: high    
Version: JON 3.3.6CC: jmartine, spinder
Target Milestone: ER01Keywords: Triaged
Target Release: JON 3.3.8   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-02-16 18:45:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Filip Brychta 2016-08-22 13:37:06 UTC 
Description of problem:
According to description in rhq-server.properties "# These are used when secure transports other than sslservlet are used" following properties should not be required when sslservet is used:
rhq.communications.connector.security.keystore.password=secret
rhq.communications.connector.security.keystore.key-password=secret
rhq.communications.connector.security.truststore.password=secret

but server.log contains exceptions when those passwords are incorrect.

Version-Release number of selected component (if applicable):
JON3.3.x

How reproducible:
Always

Steps to Reproduce:
1. set up two way ssl agent <> server communication using sslservlet
2. set properties mentioned above to incorrect values
3. start server

Actual results:
server.log contains exceptions e.g.
05:29:27,945 ERROR [org.jboss.as.ejb3.invocation] (pool-6-thread-1) JBAS014134: EJB Invocation failed on component StartupBean for method public abstract void org.rhq.enterprise.server.core.StartupLocal.init(): javax.ejb.EJBException: java.lang.RuntimeException: Cannot start the server-side communications services.
.
.Caused by: java.io.IOException: Error initializing server socket factory SSL context: Keystore was tampered with, or password was incorrect


Expected results:
Those properties should not be required when sslservlet is used.

Additional info:
I'm not sure how it should work when sslsocket is used. Is it ok that
rhq.server.tomcat.security.keystore.password
rhq.server.tomcat.security.truststore.password
 properties are required?
Comment 1 Josejulio Martínez 2016-12-13 06:43:15 UTC 
I think that is OK to require rhq.server.tomcat.*.password properties, as they are used for https, (i.e. https://the-server:7443).
Comment 2 Josejulio Martínez 2016-12-15 17:33:20 UTC 
This PR fixes the issue

https://github.com/rhq-project/rhq/pull/278
Comment 3 Josejulio Martínez 2017-01-09 16:03:23 UTC 
commit dd37febbc250ce797eed1232ca684e7523704520
Merge: 73b6d32 6f3df21
Author: Michael Burman <yak>
Date:   Thu Jan 5 20:41:44 2017 +0200

    Merge pull request #278 from josejulio/bugs/1369101
    
    Bug 1369101 - Only initialize securityServices if using sslsocket.

commit 6f3df21026d7dec585b7459a10f808afc325d0a2
Author: Josejulio Martínez <jmartine>
Date:   Tue Dec 13 00:41:45 2016 -0600

    Bug 1369101 - Only initialize securityServices if using sslsocket.
Comment 5 Simeon Pinder 2017-01-21 02:40:29 UTC 
Moving to ON_QA as available for test with build:
https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=534002

http://download.eng.bos.redhat.com/brewroot/packages/org.jboss.on-jboss-on-parent/3.3.0.GA/110/maven/org/jboss/on/jon-server-patch/3.3.0.GA/jon-server-patch-3.3.0.GA.zip maps to ER01 build of JON 3.3.8.
Comment 7 errata-xmlrpc 2017-02-16 18:45:22 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2017-0285.html