geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vasily Zakharov (JIRA)" <>
Subject [jira] Updated: (GERONIMO-3757) KeyStore type can't be changed
Date Tue, 22 Jan 2008 02:30:34 GMT


Vasily Zakharov updated GERONIMO-3757:

    Attachment: Geronimo-3757.patch


Thank you a lot for the patch! Now I see it's more complex than I expected.

I had to also update the and
for the build to succeed. With these two updates the patch applied fine and the build succeeded.

Here I apply the updated patch.

> KeyStore type can't be changed
> ------------------------------
>                 Key: GERONIMO-3757
>                 URL:
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 2.0.2, 2.0.x, 2.1
>            Reporter: Vasily Zakharov
>         Attachments: Geronimo-3757.patch, GERONIMO-3757.patch
> For now (r612905), Geronimo is hardcoded to use JKS keystore type, which prevents Geronimo
from running on Harmony or other JDKs that have no JKS implementation:
>, line 635:
>             KeyStore tempKeystore = KeyStore.getInstance(JKS);
>, line 364:
>             KeyStore keystore = KeyStore.getInstance(FileKeystoreInstance.JKS);
> To workaround this issue, one can change JKS to KeyStore.getDefaultType() (this returns
"BKS" for Harmony) or particular other keystore type, but this requires source recompilation.
Replacing var/security/keystores/geronimo-default with the proper keystore type file is not
a problem.
> A proper solution seems to apply the fix above to use the JDK-default keystore type,
and provide FileKeystoreInstance with an additional configuration option, keystoreType, that
would allow to change the keystore type through config.xml without recompilation, like this:
> <module name="org.apache.geronimo.configs/server-security-config/2.0.2/car">
>   <gbean name="geronimo-default">
>     <attribute name="keystoreType">PKCS12</attribute>
>     <attribute name="keystorePath">var/security/keystores/geronimo-pkcs12</attribute>
>   </gbean>
> </module>
> This issue if a follow up to GERONIMO-2015.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message