geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vasily Zakharov (JIRA)" <j...@apache.org>
Subject [jira] Updated: (GERONIMO-3757) KeyStore type can't be changed
Date Tue, 22 Jan 2008 02:30:34 GMT

     [ https://issues.apache.org/jira/browse/GERONIMO-3757?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Vasily Zakharov updated GERONIMO-3757:
--------------------------------------

    Attachment: Geronimo-3757.patch

Vamsavardhana,

Thank you a lot for the patch! Now I see it's more complex than I expected.

I had to also update the org.apache.geronimo.console.ca.BaseCAHandler and org.apache.console.ca.ConfirmCAHandler
for the build to succeed. With these two updates the patch applied fine and the build succeeded.

Here I apply the updated patch.


> KeyStore type can't be changed
> ------------------------------
>
>                 Key: GERONIMO-3757
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3757
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 2.0.2, 2.0.x, 2.1
>            Reporter: Vasily Zakharov
>         Attachments: Geronimo-3757.patch, GERONIMO-3757.patch
>
>
> For now (r612905), Geronimo is hardcoded to use JKS keystore type, which prevents Geronimo
from running on Harmony or other JDKs that have no JKS implementation:
> org.apache.geronimo.security.keystore.FileKeystoreInstance, line 635:
>             KeyStore tempKeystore = KeyStore.getInstance(JKS);
> org.apache.geronimo.security.keystore.FileKeystoreManager, line 364:
>             KeyStore keystore = KeyStore.getInstance(FileKeystoreInstance.JKS);
> To workaround this issue, one can change JKS to KeyStore.getDefaultType() (this returns
"BKS" for Harmony) or particular other keystore type, but this requires source recompilation.
Replacing var/security/keystores/geronimo-default with the proper keystore type file is not
a problem.
> A proper solution seems to apply the fix above to use the JDK-default keystore type,
and provide FileKeystoreInstance with an additional configuration option, keystoreType, that
would allow to change the keystore type through config.xml without recompilation, like this:
> <module name="org.apache.geronimo.configs/server-security-config/2.0.2/car">
>   <gbean name="geronimo-default">
>     <attribute name="keystoreType">PKCS12</attribute>
>     <attribute name="keystorePath">var/security/keystores/geronimo-pkcs12</attribute>
>   </gbean>
> </module>
> This issue if a follow up to GERONIMO-2015.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message