Bug 793451 (JBEPP-534)

Summary: Remote gadgets don't work under https mode
Product: [JBoss] JBoss Enterprise Portal Platform 5 Reporter: Michal Vanco <mvanco>
Component: PortalAssignee: Thomas Heute <theute>
Status: CLOSED NEXTRELEASE QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: 5.0.1.GACC: epp-bugs, mvecera
Target Milestone: ---   
Target Release: 5.1.0.ER03   
Hardware: Unspecified   
OS: Unspecified   
URL: http://jira.jboss.org/jira/browse/JBEPP-534
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
EPP5.0.1 running under https mode
Last Closed: 2010-10-22 09:07:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
F_testSNF_PRL_13_AddRemoteAndCreateNewGadget-2.jpg.png
none
F_testSNF_PRL_28_AddDragDropInDashboardInApplicationRegistry-3.jpg.png none

Description Michal Vanco 2010-10-06 07:57:28 UTC 
project_key: JBEPP

When adding gadget directly on dashboard (using plus button), I get:

The url is invalid. Please enter a correct url of a gadget xml or of an
RSS feed.
-----------

When adding gadget in App.registry I get:

Data in url: 'xml' is not valid

I used this gadget URL: http://www.google.com/ig/modules/datetime.xml

See the screenshots.
Comment 1 Michal Vanco 2010-10-06 07:58:32 UTC 
Attachment: Added: F_testSNF_PRL_13_AddRemoteAndCreateNewGadget-2.jpg.png
Attachment: Added: F_testSNF_PRL_28_AddDragDropInDashboardInApplicationRegistry-3.jpg.png
Comment 2 Thomas Heute 2010-10-06 08:00:22 UTC 
Link: Added: This issue is related to GTNPORTAL-1535
Comment 3 Thomas Heute 2010-10-19 16:11:05 UTC 
Comment: When adding a gadget on the dashboard it expects a valid certificate (signed by a CA)

18:06:20,125 ERROR [STDERR] javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
18:06:20,126 ERROR [STDERR] 	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
18:06:20,126 ERROR [STDERR] 	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
18:06:20,126 ERROR [STDERR] 	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
18:06:20,126 ERROR [STDERR] 	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
18:06:20,126 ERROR [STDERR] 	at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
18:06:20,126 ERROR [STDERR] 	at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
18:06:20,126 ERROR [STDERR] 	at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
18:06:20,126 ERROR [STDERR] 	at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
18:06:20,126 ERROR [STDERR] 	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
18:06:20,126 ERROR [STDERR] 	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
18:06:20,126 ERROR [STDERR] 	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)
18:06:20,126 ERROR [STDERR] 	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
18:06:20,126 ERROR [STDERR] 	at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
18:06:20,126 ERROR [STDERR] 	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
18:06:20,126 ERROR [STDERR] 	at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:896)
18:06:20,126 ERROR [STDERR] 	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
18:06:20,127 ERROR [STDERR] 	at org.exoplatform.portal.webui.application.GadgetUtil.fetchGagdetMetadata(GadgetUtil.java:94)
18:06:20,127 ERROR [STDERR] 	at org.exoplatform.portal.webui.application.UIGadget.getMetadata(UIGadget.java:205)
Comment 4 Thomas Heute 2010-10-19 16:23:49 UTC 
It works after you add the certificate to the JRE CA 
keytool -import -alias toto -keystore /home/theute/Tools/Java/jdk1.6.0_14/jre/lib/security/cacerts -file ~/mycertificate
Where mycertificate is the one created for SSL.

Would deserve some documentation...
Comment 5 Prabhat Jha 2010-10-21 10:29:27 UTC 
Thomas, is there a doc jira for it or should this be used?
Comment 6 Thomas Heute 2010-10-21 11:42:01 UTC 
Nope there is no doc, should be part of install guide probably.
I keep it open for that reason (In theory I should close it and open a doc task but I'm being lazy :) )
Comment 7 Thomas Heute 2010-10-22 09:07:28 UTC 
Link: Added: This issue related JBEPP-569
Comment 8 Thomas Heute 2010-10-22 09:07:47 UTC 
Created a Jira about documentation
Comment 9 Scott Mumford 2010-11-08 10:14:13 UTC 
Release Notes Docs Status: Added: Documented as Resolved Issue
Release Notes Text: Added: Users may have previously encountered errors when trying to add a remote gadget to a portal instance running on a HTTPS domain.

The error stated that the URL was invalid even when correct. This was because the Application Registry was expecting a valid certificate signed by a CA to verify the URL.

This error can be avoided by adding the certificate to the JRE CA with the command:
keytool -import -alias toto -keystore /home/USER/Tools/Java/JDK_VERSION/jre/lib/security/cacerts -file ~/mycertificate

(Where mycertificate is the certificate created for SSL)

This information has also been added to the JBoss Enterprise Portal Platform User Guide.