[
https://issues.apache.org/jira/browse/GERONIMO-3757?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12561773#action_12561773
]
Vasily Zakharov commented on GERONIMO-3757:
-------------------------------------------
Vamsavardhana,
I've tested the patch, it seems to work fine.
The only problem I see with it is with keystores that I put to
var/security/keystores directory manually, as files. Those keystores are
visible through the Keystore portlet, but when I try to unlock them,
NullPointerException occurs as the keystore type is null.
I'm not sure if those keystores should be visible at all, as keystore type for
them is unknown - probably it would be wiser to hide them and ignore them,
unless they're properly described in configs.
> KeyStore type can't be changed
> ------------------------------
>
> Key: GERONIMO-3757
> URL: https://issues.apache.org/jira/browse/GERONIMO-3757
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 2.0.2, 2.0.x, 2.1
> Reporter: Vasily Zakharov
> Attachments: Geronimo-3757.patch, GERONIMO-3757.patch
>
>
> For now (r612905), Geronimo is hardcoded to use JKS keystore type, which
> prevents Geronimo from running on Harmony or other JDKs that have no JKS
> implementation:
> org.apache.geronimo.security.keystore.FileKeystoreInstance, line 635:
> KeyStore tempKeystore = KeyStore.getInstance(JKS);
> org.apache.geronimo.security.keystore.FileKeystoreManager, line 364:
> KeyStore keystore =
> KeyStore.getInstance(FileKeystoreInstance.JKS);
> To workaround this issue, one can change JKS to KeyStore.getDefaultType()
> (this returns "BKS" for Harmony) or particular other keystore type, but this
> requires source recompilation. Replacing
> var/security/keystores/geronimo-default with the proper keystore type file is
> not a problem.
> A proper solution seems to apply the fix above to use the JDK-default
> keystore type, and provide FileKeystoreInstance with an additional
> configuration option, keystoreType, that would allow to change the keystore
> type through config.xml without recompilation, like this:
> <module name="org.apache.geronimo.configs/server-security-config/2.0.2/car">
> <gbean name="geronimo-default">
> <attribute name="keystoreType">PKCS12</attribute>
> <attribute
> name="keystorePath">var/security/keystores/geronimo-pkcs12</attribute>
> </gbean>
> </module>
> This issue if a follow up to GERONIMO-2015.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
