[
https://issues.apache.org/jira/browse/GERONIMO-3757?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Vasily Zakharov updated GERONIMO-3757:
--------------------------------------
Attachment: Geronimo-3757.patch
Attached once more updated patch, with the following changes:
1. Added correct type support for keystores added automatically through
var/security/keystores directory, to avoid NPEs (described above) when trying
to work with those keystores through Keystores portlet.
1.2. Added getKeystoreType() method to
org.apache.geronimo.management.geronimo.KeystoreInstance and
org.apache.geronimo.security.keystore.FileKeystoreInstance classes.
1.3. Added using KeyStore.getDefaultType() method if specified keystore type is
null (which occurs when adding keystores from directory) to
org.apache.geronimo.security.keystore.FileKeystoreManager.getKeystore() and
createKeystore() methods.
2. Updated Keystores portlet to display the keystore type on the index page, to
improve usability and ease the testing of the changes.
2.1. Added getType() method to
org.apache.geronimo.console.keystores.BaseKeystoreHandler class.
2.2. Updated
applications/console/geronimo-console-standard/src/main/webapp/WEB-INF/view/keystore/index.jsp
file to add the respective Type column.
The patch works fine on both Sun and Harmony.
Vamsavardhana, could you please review the patch is ok? Thank you.
> KeyStore type can't be changed
> ------------------------------
>
> Key: GERONIMO-3757
> URL: https://issues.apache.org/jira/browse/GERONIMO-3757
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 2.0.2, 2.0.x, 2.1
> Reporter: Vasily Zakharov
> Attachments: Geronimo-3757.patch, Geronimo-3757.patch,
> GERONIMO-3757.patch
>
>
> For now (r612905), Geronimo is hardcoded to use JKS keystore type, which
> prevents Geronimo from running on Harmony or other JDKs that have no JKS
> implementation:
> org.apache.geronimo.security.keystore.FileKeystoreInstance, line 635:
> KeyStore tempKeystore = KeyStore.getInstance(JKS);
> org.apache.geronimo.security.keystore.FileKeystoreManager, line 364:
> KeyStore keystore =
> KeyStore.getInstance(FileKeystoreInstance.JKS);
> To workaround this issue, one can change JKS to KeyStore.getDefaultType()
> (this returns "BKS" for Harmony) or particular other keystore type, but this
> requires source recompilation. Replacing
> var/security/keystores/geronimo-default with the proper keystore type file is
> not a problem.
> A proper solution seems to apply the fix above to use the JDK-default
> keystore type, and provide FileKeystoreInstance with an additional
> configuration option, keystoreType, that would allow to change the keystore
> type through config.xml without recompilation, like this:
> <module name="org.apache.geronimo.configs/server-security-config/2.0.2/car">
> <gbean name="geronimo-default">
> <attribute name="keystoreType">PKCS12</attribute>
> <attribute
> name="keystorePath">var/security/keystores/geronimo-pkcs12</attribute>
> </gbean>
> </module>
> This issue if a follow up to GERONIMO-2015.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
