[GLASSFISH-11418] UnrecoverableKeyException: Cannot recover key after upgrade Created: 11/Jan/10  Updated: 13/Dec/10

Status: Open
Project: glassfish
Component/s: upgrade_tool
Affects Version/s: v2.1.1
Fix Version/s: None

Type: Bug Priority: Minor
Reporter: jomu78 Assignee: roisinflannery
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Operating System: All
Platform: All


Attachments: Text File domain1_upgrade.log    
Issuezilla Id: 11,418
Tags: future-exclude

 Description   

After an upgrade from 2.1 to 2.1.1 with set admin and master password the
following exception occurred.

[#|2010-01-11T10:23:11.900+0100|WARNING|sun-appserver2.1|javax.enterprise.system.stream.err|_ThreadID=10;_ThreadName=main;_RequestID=733cc7ca-7481-4fb3-8516-6a53f78d4837;|java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.enterprise.server.PELaunch.main(PELaunch.java:415)
Caused by: java.lang.ExceptionInInitializerError
at
com.sun.enterprise.security.SecurityLifecycle.onInitialization(SecurityLifecycle.java:101)
at
com.sun.enterprise.server.ApplicationServer.onInitialization(ApplicationServer.java:265)
at
com.sun.enterprise.server.ondemand.OnDemandServer.onInitialization(OnDemandServer.java:103)
at com.sun.enterprise.server.PEMain.run(PEMain.java:399)
at com.sun.enterprise.server.PEMain.main(PEMain.java:336)
... 5 more
Caused by: java.lang.IllegalStateException:
java.security.UnrecoverableKeyException: Cannot recover key
at com.sun.enterprise.security.SSLUtils.<clinit>(SSLUtils.java:128)
... 10 more
Caused by: java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(KeyProtector.java:311)
at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:121)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:38)
at java.security.KeyStore.getKey(KeyStore.java:763)
at
com.sun.net.ssl.internal.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:113)
at
com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:48)
at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:239)
at com.sun.enterprise.security.SSLUtils.initKeyManagers(SSLUtils.java:320)
at com.sun.enterprise.security.SSLUtils.<clinit>(SSLUtils.java:106)
... 10 more



 Comments   
Comment by jomu78 [ 11/Jan/10 ]

workaround: reset the masterpassword using the asadmin tool
asadmin change-master-password --save-master-password <domainname>

Comment by jomu78 [ 11/Jan/10 ]

Created an attachment (id=4153)
domain upgrade log

Comment by Bobby Bissett [ 11/Jan/10 ]

Thanks for including the workaround. I'll see if this is something that will be fixed in sustaining
engineering or not.

Comment by roisinflannery [ 19/Feb/10 ]

Assigning to myself

Comment by roisinflannery [ 23/Feb/10 ]

Unable to reproduce:

1) I installed sges2.1
/space/roisin/sges21

2) Changed the masterpassword:
asadmin change-master-password --savemasterpassword=true

3) Installed sges211
/space/roisin/211

4) Perform the upgrade
/space/roisin/211/bin/asupgrade -c -s /space/roisin/9083/sges21/domains/domain1
-t /space/roisin/9083/211

Valid values for source and Target are as follows :

If upgrading from Sun Java System Application Server 8.x or 9.x, specify domain
directory for Source. The target directory should be the domains root.

Enter the Admin User:admin
Enter the Admin Password:
Enter the Master password: **NEW PASSWORD ENTERED HERE**
Starting Upgrade Harness
(....text removed...)
Finished Upgrade
/.asadminpass removed.
Deleting Temporary password files

5) Start up 211 and it worked fine, no errors.

-------Analysis---------

From my tests, upgrade works correctly with new master password from 2.1. I
think that perhaps you are confused between --savemasterpassword=true, and
passwordfile option?

--savemasterpassword=true saves the master password into .asadminpass in the
home dir, and it is encoded
--passwordfile is an option you can pass in, pointing to your own file where the
passwords are in plaintext.

Does this make it more clear? Please let me know if I am missing a step in
reproducing this?

Comment by Bobby Bissett [ 08/Oct/10 ]

Adding future-exclude keyword as this issue does not apply to the 3.X upgrade
tool. The target milestone needs to be reset appropriately.





Generated at Mon Feb 20 08:39:00 UTC 2017 using JIRA 6.2.3#6260-sha1:63ef1d6dac3f4f4d7db4c1effd405ba38ccdc558.