1369101 – Store and key passwords incorrectly required in rhq-server.properties

Bug 1369101 - Store and key passwords incorrectly required in rhq-server.properties

Summary: Store and key passwords incorrectly required in rhq-server.properties

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	JBoss Operations Network
Classification:	JBoss
Component:	Core Server, Usability
Sub Component:
Version:	JON 3.3.6
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	ER01
Target Release:	JON 3.3.8
Assignee:	Josejulio Martínez
QA Contact:	Filip Brychta
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-08-22 13:37 UTC by Filip Brychta
Modified:	2017-02-16 18:45 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2017-02-16 18:45:22 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1302322	0	medium	CLOSED	Secure server-agent communication using sslsocket incorrectly requires a truststore password	2021-02-22 00:41:40 UTC
Red Hat Product Errata	RHEA-2017:0285	0	normal	SHIPPED_LIVE	Red Hat JBoss Operations Network 3.3.8 bug fix update	2017-02-16 23:44:22 UTC

Internal Links: 1302322

Description Filip Brychta 2016-08-22 13:37:06 UTC

Description of problem:
According to description in rhq-server.properties "# These are used when secure transports other than sslservlet are used" following properties should not be required when sslservet is used:
rhq.communications.connector.security.keystore.password=secret
rhq.communications.connector.security.keystore.key-password=secret
rhq.communications.connector.security.truststore.password=secret

but server.log contains exceptions when those passwords are incorrect.

Version-Release number of selected component (if applicable):
JON3.3.x

How reproducible:
Always

Steps to Reproduce:
1. set up two way ssl agent <> server communication using sslservlet
2. set properties mentioned above to incorrect values
3. start server

Actual results:
server.log contains exceptions e.g.
05:29:27,945 ERROR [org.jboss.as.ejb3.invocation] (pool-6-thread-1) JBAS014134: EJB Invocation failed on component StartupBean for method public abstract void org.rhq.enterprise.server.core.StartupLocal.init(): javax.ejb.EJBException: java.lang.RuntimeException: Cannot start the server-side communications services.
.
.Caused by: java.io.IOException: Error initializing server socket factory SSL context: Keystore was tampered with, or password was incorrect


Expected results:
Those properties should not be required when sslservlet is used.

Additional info:
I'm not sure how it should work when sslsocket is used. Is it ok that
rhq.server.tomcat.security.keystore.password
rhq.server.tomcat.security.truststore.password
 properties are required?

Comment 1 Josejulio Martínez 2016-12-13 06:43:15 UTC

I think that is OK to require rhq.server.tomcat.*.password properties, as they are used for https, (i.e. https://the-server:7443).

Comment 2 Josejulio Martínez 2016-12-15 17:33:20 UTC

This PR fixes the issue

https://github.com/rhq-project/rhq/pull/278

Comment 3 Josejulio Martínez 2017-01-09 16:03:23 UTC

commit dd37febbc250ce797eed1232ca684e7523704520
Merge: 73b6d32 6f3df21
Author: Michael Burman <yak>
Date:   Thu Jan 5 20:41:44 2017 +0200

    Merge pull request #278 from josejulio/bugs/1369101
    
    Bug 1369101 - Only initialize securityServices if using sslsocket.

commit 6f3df21026d7dec585b7459a10f808afc325d0a2
Author: Josejulio Martínez <jmartine>
Date:   Tue Dec 13 00:41:45 2016 -0600

    Bug 1369101 - Only initialize securityServices if using sslsocket.

Comment 5 Simeon Pinder 2017-01-21 02:40:29 UTC

Moving to ON_QA as available for test with build:
https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=534002

http://download.eng.bos.redhat.com/brewroot/packages/org.jboss.on-jboss-on-parent/3.3.0.GA/110/maven/org/jboss/on/jon-server-patch/3.3.0.GA/jon-server-patch-3.3.0.GA.zip maps to ER01 build of JON 3.3.8.

Comment 7 errata-xmlrpc 2017-02-16 18:45:22 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2017-0285.html

Note You need to log in before you can comment on or make changes to this bug.