geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alexey Petrenko (JIRA)" <j...@apache.org>
Subject [jira] Commented: (GERONIMO-3757) KeyStore type can't be changed
Date Fri, 25 Jan 2008 21:32:34 GMT

    [ https://issues.apache.org/jira/browse/GERONIMO-3757?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12562692#action_12562692
] 

Alexey Petrenko commented on GERONIMO-3757:
-------------------------------------------

{quote}
1. defaultType can not be null. Ideally, KeyStore.getInstance(KeyStore.getDefaultType()) is
expected to not throw any exceptions.
{quote}
Yes, we expect that KeyStore.getDefaultType() will not throw an exception.

But the code
{code:java}
        for(String type: tempKeystoreTypes) {
            if(type.equalsIgnoreCase(KeyStore.getDefaultType())) {
                defaultType = type;
                break;
            }
        }
{code}
assumes that it is possible that there will not be default type in the type list. Otherwise
it can be changed to simple
{code:java}
defaultType =KeyStore.getDefaultType();

{quote}
2. The keystoreTypes is the list of types that will be shown for selection while creating
a keystore using Keystores portlet. It does not matter what the defaultType is. If defaultType
is in keystoreTypes, it will be selected, otherwise the first one in the list will be selected.
We are using these to prevent users from selecting a keystore type that can not have an empty
keystore.
{quote}
ok. thanks.

> KeyStore type can't be changed
> ------------------------------
>
>                 Key: GERONIMO-3757
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3757
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 2.0.2, 2.0.x, 2.1
>            Reporter: Vasily Zakharov
>         Attachments: Geronimo-3757-trunk.patch, Geronimo-3757.patch, Geronimo-3757.patch,
GERONIMO-3757.patch
>
>
> For now (r612905), Geronimo is hardcoded to use JKS keystore type, which prevents Geronimo
from running on Harmony or other JDKs that have no JKS implementation:
> org.apache.geronimo.security.keystore.FileKeystoreInstance, line 635:
>             KeyStore tempKeystore = KeyStore.getInstance(JKS);
> org.apache.geronimo.security.keystore.FileKeystoreManager, line 364:
>             KeyStore keystore = KeyStore.getInstance(FileKeystoreInstance.JKS);
> To workaround this issue, one can change JKS to KeyStore.getDefaultType() (this returns
"BKS" for Harmony) or particular other keystore type, but this requires source recompilation.
Replacing var/security/keystores/geronimo-default with the proper keystore type file is not
a problem.
> A proper solution seems to apply the fix above to use the JDK-default keystore type,
and provide FileKeystoreInstance with an additional configuration option, keystoreType, that
would allow to change the keystore type through config.xml without recompilation, like this:
> <module name="org.apache.geronimo.configs/server-security-config/2.0.2/car">
>   <gbean name="geronimo-default">
>     <attribute name="keystoreType">PKCS12</attribute>
>     <attribute name="keystorePath">var/security/keystores/geronimo-pkcs12</attribute>
>   </gbean>
> </module>
> This issue if a follow up to GERONIMO-2015.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message