geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vamsavardhana Reddy (JIRA)" <...@geronimo.apache.org>
Subject [jira] Commented: (GERONIMO-2280) FileKeystoreInstance.getKeyManager() fails when there is more than one privatekey in the store
Date Sat, 05 Aug 2006 15:47:14 GMT
    [ http://issues.apache.org/jira/browse/GERONIMO-2280?page=comments#action_12425970 ] 
            
Vamsavardhana Reddy commented on GERONIMO-2280:
-----------------------------------------------

With this fix,
1. A keystore can have more than one private key in unlocked state.

2. If a user creates a second private key entry (with a different password that that of the
alias currently used by JettySSLConnector)  in the keystore "geronimo-default", this patch
enables successful server startup.  Otherwise server startup will fail (Scenario 1 from above).

3. keyAlias field can be made editable in Jetty edit HTTPS Connectors page.

> FileKeystoreInstance.getKeyManager() fails when there is more than one privatekey in
the store
> ----------------------------------------------------------------------------------------------
>
>                 Key: GERONIMO-2280
>                 URL: http://issues.apache.org/jira/browse/GERONIMO-2280
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 1.1, 1.1.1
>            Reporter: Vamsavardhana Reddy
>             Fix For: 1.2, 1.1.1, 1.1.x, 1.1.2
>
>         Attachments: GERONIMO-2280.patch
>
>
> FileKeystoreInstance.getKeyManager() fails when there is more than one privatekey in
the store.
> Scenario 1:  The method will throw UnrecoverableKeyException if the all the private key
entries in the keystore do not have the same password (as the entry of our interest).
> Scenario 2: Even if all the private key entries have the same password and the method
returns a KeyManager, there is no control on which enrty will be used.
> To overcome this, a temporary keystore (I call it a SubKeystore) can be generated and
initialized with the entry corresponding to the alias and used to init the KeyManagerFactory.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message