geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vamsavardhana Reddy" <c1vams...@gmail.com>
Subject Re: [jira] Commented: (GERONIMO-2015) Let's replace JKS to PKCS12 key store type
Date Tue, 17 Oct 2006 17:49:11 GMT
        KeyStore jks = KeyStore.getInstance("JKS");
        KeyStore pkcs12 = KeyStore.getInstance("PKCS12");
        FileInputStream fin = new FileInputStream(inFile);
        jks.load(fin, password);
        fin.close();
        System.out.println("Loaded input keystore "+inFile);
        pkcs12.load(null, null);
        for(Enumeration e = jks.aliases(); e.hasMoreElements(); ) {
            String alias = (String) e.nextElement();
            if(jks.isCertificateEntry(alias)) {
                pkcs12.setCertificateEntry(alias, jks.getCertificate
(alias));
            } else {
                pkcs12.setKeyEntry(alias, jks.getKey(alias, password),
password, jks.getCertificateChain(alias));
            }
        }
        FileOutputStream fout = new FileOutputStream(outFile);
        pkcs12.store(fout, password);
        fout.close();


On 10/17/06, Nikolay Chugunov (JIRA) <dev@geronimo.apache.org> wrote:
>
>     [
> http://issues.apache.org/jira/browse/GERONIMO-2015?page=comments#action_12442965]
>
> Nikolay Chugunov commented on GERONIMO-2015:
> --------------------------------------------
>
> Vamsavardhana,
> Could you send code, you have written above
>
> > Let's replace JKS to PKCS12 key store type
> > ------------------------------------------
> >
> >                 Key: GERONIMO-2015
> >                 URL: http://issues.apache.org/jira/browse/GERONIMO-2015
> >             Project: Geronimo
> >          Issue Type: Improvement
> >      Security Level: public(Regular issues)
> >          Components: security
> >            Reporter: Nikolay Chugunov
> >             Fix For: 1.2
> >
> >         Attachments: jksToPKCS12-1.1.1.patch, JKSToPKCS12.java,
> jksToPKCS12.patch, keystore
> >
> >
> > Hello
> > Let's replace JKS to PKCS12 key store type; because PKCS12 is widely
> used key store and Geronimo may not work on non-Sun VMs.
> > To fix this problem I have created the patch for Geronimo sources.
> > In brief the patch (attached) replaces JKS to PKCS12 key store type in
> configurations files.
> > PKCS12 format of key store file is not java-specific and can be created
> and read by other programs, e.g. Internet Explorer. In addition PKCS12
> exists in Bouncy Castle (http://www.bouncycastle.org) security provider,
> while JKS is Sun specific key store and does not exist in Bouncy Castle.
> > Also it is needed to replace JKS to PKCS12 keystore file (attached) to
> assemblies/j2ee-tomcat-server/src/var/security,
> assemblies/j2ee-installer/src/var/security,
> assemblies/j2ee-jetty-server/src/var/security directories. Key store file
> was generating using JKSToPKCS12 class (attached). This class transfers key
> and certificate of Geronimo from JKS to PKCS12.
> > After I apply this patch to Geronimo 1.0 sources and build Geronimo I
> can login to Geronimo console over https.
>
> --
> This message is automatically generated by JIRA.
> -
> If you think it was sent incorrectly contact one of the administrators:
> http://issues.apache.org/jira/secure/Administrators.jspa
> -
> For more information on JIRA, see: http://www.atlassian.com/software/jira
>
>
>

Mime
View raw message