[MAGNOLIA-4439] Activation key does not get created when it does not exist Created: 08/Jun/12  Updated: 26/Jun/12  Resolved: 11/Jun/12

Status: Closed
Project: Magnolia
Component/s: activation
Affects Version/s: 4.5.3
Fix Version/s: None

Type: Bug Priority: Neutral
Reporter: Edgar Vonk Assignee: Unassigned
Resolution: Not an issue Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: Text File 2012-06-26-abbott-project-error.txt     Text File 2012-06-26-demo-project-error.txt    
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

It seems the private activation key no longer gets created on first activation when it does not exist.

In our Magnolia web app we do not have an activation key by default. When we try to activate content the first time (the subscriber is configured correctly and running) this fails with the error 'Private key store doesn't exist at..'

It is easily reproduced in the Magnolia 4.5.3 EE distribution if you first remove the magnolia-activation-keypair.properties file from the magnoliaAuthor/WEB-INF/config/default dir, start up Magnolia and attempt to activate content.

In the log:

Caused by: java.lang.SecurityException: Private key store doesn't exist at [/Users/edgar/Downloads/magnolia-enterprise-4.5.3/apache-tomcat-6.0.32/webapps/magnoliaAuthor/WEB-INF/config/default/magnolia-activation-keypair.properties]. Please, ensure that [magnolia.author.key.location] actually points to the correct location
	at info.magnolia.cms.security.SecurityUtil.checkPrivateKeyStoreExistence(SecurityUtil.java:367)

I guess the workaround is to generate an activation key and store that manually on the filesystem or use the one provided in the Magnolia EE distribution?

PS: this mechanism is introduced for security reasons right? If so, why does Magnolia distribute the key in it's Magnolia EE distributions? With default Magnolia installations the very same key is now used all over the world. So much for security.



 Comments   
Comment by Edgar Vonk [ 08/Jun/12 ]

I say 'no longer' because it used to work in Magnolia 4.5.2 just fine. I did not test it on a plain 4.5.2 instance btw.

Comment by Ondrej Chytil [ 11/Jun/12 ]

Activation keys pair is not meant to be created on first activation of content, it's created in process of installation. On first activation it's just transfered to public instances (or on first activation after generating new key).

If you remove your magnolia-activation-keypair.properties file you can easily generate new one under menu Tools/Activation tools. Just make sure you have magnolia.author.key.location in your magnolia.properties file set to some location where you want the file to be created.

PS: this mechanism is introduced for security reasons right? If so, why does Magnolia distribute the key in it's Magnolia EE distributions? With default Magnolia installations the very same key is now used all over the world. So much for security.

Please take a look at the webapp provided by Magnolia - I mean really the war file (or some of the bundles) you can download from Nexus. You can see there is no magnolia-activation-keypair.properties file in the webapp. You can also test it by installing two magnolia author instances - if you then compare the generated keys you will see they are different.

Comment by Edgar Vonk [ 11/Jun/12 ]

Ah, sorry, I misunderstood the mechanism. Thanks for explaining Ondrej!

Generated at Mon Feb 12 03:55:48 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.