Bug 684963

Summary:	f13 pki-ca with tomcat6 tomcatjss java.lang.ClassNotFoundException: Error loading SSL Implementation org.apache.tomcat.util.net.jss.JSSImplementation
Product:	[Fedora] Fedora	Reporter:	Marc Sauton <msauton>
Component:	pki-ca	Assignee:	Kevin Wright <kwright>
Status:	CLOSED ERRATA	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	13	CC:	dennis, gsterlin, kwright
Target Milestone:	---
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	tomcatjss-2.1.1-1.fc15	Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2011-03-31 20:03:59 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:

Description Marc Sauton 2011-03-14 21:09:44 UTC

Description of problem:

Dot not know if this is already known and a supported combination:
JSS seem to break with
F13, pki-ca-1.3.6-1.fc13.noarch
tomcat6 and tomcatjss2


test environment:
Fedora release 13 (Goddard)
Linux ca1.example.com 2.6.33.3-85.fc13.x86_64 #1 SMP Thu May 6 18:09:49 UTC 2010 x86_64 x86_64 x86_64 GNU/Linux
pki-ca-1.3.6-1.fc13.noarch

I can have a working CA using
tomcatjss-1.2.1-1.fc13.noarch
tomcat5-5.5.27-7.4.fc12.noarch

but if I either update or install a newer F13 from tomcat5 and tomcatjss1.2 to tomcat6 and tomcatjss2 with:

Dependency Installed:
  jakarta-commons-dbcp.noarch 0:1.2.1-13.7.fc12        jakarta-commons-pool.x86_64 0:1.3-13.fc13      tomcat6.noarch 0:6.0.26-11.fc13      tomcat6-el-2.1-api.noarch 0:6.0.26-11.fc13      tomcat6-jsp-2.1-api.noarch 0:6.0.26-11.fc13      tomcat6-lib.noarch 0:6.0.26-11.fc13
  tomcat6-servlet-2.5-api.noarch 0:6.0.26-11.fc13

Updated:
  tomcatjss.noarch 0:2.0.0-1.fc13


Then JSS breaks if I restart or install a new CA instance:
SEVERE: Error initializing socket factory
java.lang.ClassNotFoundException: Error loading SSL Implementation org.apache.tomcat.util.net.jss.JSSImplementation :java.lang.ClassNotFoundException: org.apache.tomcat.util.net.jss.JSSImplementation
        at org.apache.tomcat.util.net.SSLImplementation.getInstance(SSLImplementation.java:79)


Version-Release number of selected component (if applicable):

Fedora release 13 (Goddard)
Linux ca1.example.com 2.6.33.3-85.fc13.x86_64 #1 SMP Thu May 6 18:09:49 UTC 2010 x86_64 x86_64 x86_64 GNU/Linux
pki-ca-1.3.6-1.fc13.noarch
  jakarta-commons-dbcp.noarch 0:1.2.1-13.7.fc12
  jakarta-commons-pool.x86_64 0:1.3-13.fc13
  tomcat6.noarch 0:6.0.26-11.fc13
  tomcat6-el-2.1-api.noarch 0:6.0.26-11.fc13
  tomcat6-jsp-2.1-api.noarch 0:6.0.26-11.fc13
  tomcat6-lib.noarch 0:6.0.26-11.fc13
  tomcat6-servlet-2.5-api.noarch 0:6.0.26-11.fc13
  tomcatjss.noarch 0:2.0.0-1.fc13


How reproducible:
always


Steps to Reproduce:
1. install F13
2. install pki-ca with tomcat6 and tomcatjss2
3. pki-create or pki-cat start will fail with exception

  
Actual results:

/etc/init.d/pki-cad start pki-ca1
...
Mar 14, 2011 4:51:41 PM org.apache.coyote.http11.Http11BaseProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-9448
Mar 14, 2011 4:51:41 PM org.apache.coyote.http11.Http11BaseProtocol init
SEVERE: Error initializing socket factory
java.lang.ClassNotFoundException: Error loading SSL Implementation org.apache.tomcat.util.net.jss.JSSImplementation :java.lang.ClassNotFoundException: org.apache.tomcat.util.net.jss.JSSImplementation
        at org.apache.tomcat.util.net.SSLImplementation.getInstance(SSLImplementation.java:79)
        at org.apache.coyote.http11.Http11BaseProtocol.checkSocketFactory(Http11BaseProtocol.java:730)
        at org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.java:121)
        at org.apache.catalina.connector.Connector.initialize(Connector.java:1017)
        at org.apache.catalina.core.StandardService.initialize(StandardService.java:578)
        at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:782)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:504)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:524)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:616)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
Mar 14, 2011 4:51:41 PM org.apache.catalina.startup.Catalina load
SEVERE: Catalina.start
LifecycleException:  Protocol handler initialization failed: java.lang.ClassNotFoundException: Error loading SSL Implementation org.apache.tomcat.util.net.jss.JSSImplementation :java.lang.ClassNotFoundException: org.apache.tomcat.util.net.jss.JSSImplementation
...
[14/Mar/2011:16:51:43][main]: CMS:Caught EBaseException
Failed to create jss service: org.mozilla.jss.CryptoManager$NotInitializedException
        at com.netscape.cmscore.security.JssSubsystem.init(JssSubsystem.java:257)
        at com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine.java:849)
        at com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngine.java:778)
        at com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:314)
        at com.netscape.certsrv.apps.CMS.init(CMS.java:152)
        at com.netscape.certsrv.apps.CMS.start(CMS.java:1499)
        at com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:85)
        at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1139)
        at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:966)
        at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3956)
        at org.apache.catalina.core.StandardContext.start(StandardContext.java:4230)
        at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
        at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
        at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:927)
        at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:890)
        at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
        at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1150)
        at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
        at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
        at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
        at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
        at org.apache.catalina.core.StandardService.start(StandardService.java:448)
        at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:616)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)

==> /var/log/pki-ca1/catalina.out <==
Failed to create jss service: org.mozilla.jss.CryptoManager$NotInitializedException

==> /var/log/pki-ca1/debug <==
[14/Mar/2011:16:51:43][main]: CMSEngine.shutdown()



Expected results:


Additional info:
same works with tomcat5 and tomcatjss1.2

Comment 1 Marc Sauton 2011-03-14 23:04:53 UTC

Looks like Dogtag 1.3 on F13 must use tomcat 5 and tomcatjss 1.2
This may not be a bug, but yum update or fresh install provides with a non working dogtag, and this can be a frustrating experience for users.
May be we should update
http://pki.fedoraproject.org/wiki/PKI_Install_Guide
or
http://pki.fedoraproject.org/wiki/PKI_Prerequisites
?

Comment 2 Fedora Update System 2011-03-27 19:15:42 UTC

tomcatjss-2.1.1-1.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/tomcatjss-2.1.1-1.fc15

Comment 3 Fedora Update System 2011-03-28 05:52:42 UTC

Package tomcatjss-2.1.1-1.fc15:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing tomcatjss-2.1.1-1.fc15'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/tomcatjss-2.1.1-1.fc15
then log in and leave karma (feedback).

Comment 4 Fedora Update System 2011-03-31 20:03:54 UTC

tomcatjss-2.1.1-1.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.