dev@glassfish.java.net

Grizzly startup error when JKS keystore/truststore password is different from default?

From: Kedar Mhaswade <Kedar.Mhaswade_at_Sun.COM>
Date: Thu, 16 Jul 2009 22:54:19 -0700

I created a domain with non-default keystore.jks (and cacerts.jks) password.
Thus, this password is other than "changeit".

I then enabled the http-listener-2 which is secure.

I then defined two system properties -Djavax.net.ssl.keyStorePassword and
-Djavax.net.ssl.trustStorePassword to be same as my store password.

The startup of domain results in following exception [1].

I plowing through Grizzly code, it appears to me that these settings are
ignored. I could be wrong.

Do we have any security test that does something similar? Does it work?

Thanks,
Kedar

[1]

Jul 16, 2009 10:37:52 PM com.sun.grizzly.util.net.jsse.JSSESocketFactory getStore
SEVERE: Failed to load keystore type JKS with path
/Users/kedar/Work/V3/src/trunk/target/glassfishv3/glassfish/domains/domain1/config/keystore.jks
due to Keystore was tampered with, or password was incorrect
java.io.IOException: Keystore was tampered with, or password was incorrect
        at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
        at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
        at java.security.KeyStore.load(KeyStore.java:1185)
        at
com.sun.grizzly.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:318)
        at
com.sun.grizzly.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:266)
        at
com.sun.grizzly.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JSSE14SocketFactory.java:198)
        at
com.sun.grizzly.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:162)
        at
com.sun.grizzly.config.GrizzlyEmbeddedHttps.initializeSSL(GrizzlyEmbeddedHttps.java:404)
        at
com.sun.grizzly.config.GrizzlyEmbeddedHttps.configureSSL(GrizzlyEmbeddedHttps.java:190)
        at
com.sun.grizzly.config.GrizzlyEmbeddedHttps.configure(GrizzlyEmbeddedHttps.java:100)
        at
com.sun.grizzly.config.GrizzlyServiceListener.initializeListener(GrizzlyServiceListener.java:88)
        at
com.sun.grizzly.config.GrizzlyServiceListener.configure(GrizzlyServiceListener.java:77)
        at
com.sun.enterprise.v3.services.impl.GrizzlyListener.configure(GrizzlyListener.java:63)
        at
com.sun.enterprise.v3.services.impl.GrizzlyProxy.configureGrizzly(GrizzlyProxy.java:119)
        at com.sun.enterprise.v3.services.impl.GrizzlyProxy.<init>(GrizzlyProxy.java:110)
        at
com.sun.enterprise.v3.services.impl.GrizzlyService.createNetworkProxy(GrizzlyService.java:390)
        at
com.sun.enterprise.v3.services.impl.GrizzlyService.postConstruct(GrizzlyService.java:284)
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.