[MAGNOLIA-4439] Activation key does not get created when it does not exist Created: 08/Jun/12 Updated: 26/Jun/12 Resolved: 11/Jun/12 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | activation |
| Affects Version/s: | 4.5.3 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Neutral |
| Reporter: | Edgar Vonk | Assignee: | Unassigned |
| Resolution: | Not an issue | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
|
| Template: |
|
| Acceptance criteria: |
Empty
|
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
| Bug DoR: |
[ ]*
Steps to reproduce, expected, and actual results filled
[ ]*
Affected version filled
|
| Date of First Response: |
| Description |
|
It seems the private activation key no longer gets created on first activation when it does not exist. In our Magnolia web app we do not have an activation key by default. When we try to activate content the first time (the subscriber is configured correctly and running) this fails with the error 'Private key store doesn't exist at..' It is easily reproduced in the Magnolia 4.5.3 EE distribution if you first remove the magnolia-activation-keypair.properties file from the magnoliaAuthor/WEB-INF/config/default dir, start up Magnolia and attempt to activate content. In the log: Caused by: java.lang.SecurityException: Private key store doesn't exist at [/Users/edgar/Downloads/magnolia-enterprise-4.5.3/apache-tomcat-6.0.32/webapps/magnoliaAuthor/WEB-INF/config/default/magnolia-activation-keypair.properties]. Please, ensure that [magnolia.author.key.location] actually points to the correct location
at info.magnolia.cms.security.SecurityUtil.checkPrivateKeyStoreExistence(SecurityUtil.java:367)
I guess the workaround is to generate an activation key and store that manually on the filesystem or use the one provided in the Magnolia EE distribution? PS: this mechanism is introduced for security reasons right? If so, why does Magnolia distribute the key in it's Magnolia EE distributions? With default Magnolia installations the very same key is now used all over the world. So much for security. |
| Comments |
| Comment by Edgar Vonk [ 08/Jun/12 ] |
|
I say 'no longer' because it used to work in Magnolia 4.5.2 just fine. I did not test it on a plain 4.5.2 instance btw. |
| Comment by Ondrej Chytil [ 11/Jun/12 ] |
|
Activation keys pair is not meant to be created on first activation of content, it's created in process of installation. On first activation it's just transfered to public instances (or on first activation after generating new key). If you remove your magnolia-activation-keypair.properties file you can easily generate new one under menu Tools/Activation tools. Just make sure you have magnolia.author.key.location in your magnolia.properties file set to some location where you want the file to be created.
Please take a look at the webapp provided by Magnolia - I mean really the war file (or some of the bundles) you can download from Nexus. You can see there is no magnolia-activation-keypair.properties file in the webapp. You can also test it by installing two magnolia author instances - if you then compare the generated keys you will see they are different. |
| Comment by Edgar Vonk [ 11/Jun/12 ] |
|
Ah, sorry, I misunderstood the mechanism. Thanks for explaining Ondrej! |