[ https://issues.apache.org/jira/browse/GERONIMO-3757?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12562179#action_12562179 ]
cap edited comment on GERONIMO-3757 at 1/24/08 11:58 AM: --------------------------------------------------------------------- Guys, I suggest to change CreateKeystoreHandler static initializer to something like that: === cut === {noformat} static { // Get all the KeyStore algorithms supported. keystoreTypes = new HashSet<String>(); Provider[] providers = Security.getProviders(); char []emptystore = "emptystore".toCharArray(); for(Provider provider: providers) { for(Provider.Service service: provider.getServices()) { if(service.getType().equals("KeyStore")) { // Not all types of keystores can be saved to disk when empty. // Do not add those types that will fail creation of an empty keystore. ByteArrayOutputStream baos = null; try { KeyStore ks = KeyStore.getInstance(type); ks.load(null); baos = new ByteArrayOutputStream(); ks.store(baos, emptystore); String type = service.getAlgorithm(); keystoreTypes.add(type); if(type.equalsIgnoreCase(KeyStore.getDefaultType())) { defaultType = type; } } catch(Throwable t) { } finally { if(baos != null) { try {baos.close();} catch(Exception ignored){} } } } } } } {noformat} === cut === This implementation will save few processor ticks and few object creations. was (Author: cap): Guys, I suggest to change CreateKeystoreHandler static initializer to something like that: === cut === {noformat} static { // Get all the KeyStore algorithms supported. keystoreTypes = new HashSet<String>(); Provider[] providers = Security.getProviders(); byte []emptystore = "emptystore".toCharArray(); for(Provider provider: providers) { for(Provider.Service service: provider.getServices()) { if(service.getType().equals("KeyStore")) { // Not all types of keystores can be saved to disk when empty. // Do not add those types that will fail creation of an empty keystore. ByteArrayOutputStream baos = null; try { KeyStore ks = KeyStore.getInstance(type); ks.load(null); baos = new ByteArrayOutputStream(); ks.store(baos, emptystore); String type = service.getAlgorithm(); keystoreTypes.add(type); if(type.equalsIgnoreCase(KeyStore.getDefaultType())) { defaultType = type; } } catch(Throwable t) { } finally { if(baos != null) { try {baos.close();} catch(Exception ignored){} } } } } } } {noformat} === cut === This implementation will save few processor ticks and few object creations. > KeyStore type can't be changed > ------------------------------ > > Key: GERONIMO-3757 > URL: https://issues.apache.org/jira/browse/GERONIMO-3757 > Project: Geronimo > Issue Type: Bug > Security Level: public(Regular issues) > Components: security > Affects Versions: 2.0.2, 2.0.x, 2.1 > Reporter: Vasily Zakharov > Attachments: Geronimo-3757.patch, Geronimo-3757.patch, > GERONIMO-3757.patch > > > For now (r612905), Geronimo is hardcoded to use JKS keystore type, which > prevents Geronimo from running on Harmony or other JDKs that have no JKS > implementation: > org.apache.geronimo.security.keystore.FileKeystoreInstance, line 635: > KeyStore tempKeystore = KeyStore.getInstance(JKS); > org.apache.geronimo.security.keystore.FileKeystoreManager, line 364: > KeyStore keystore = > KeyStore.getInstance(FileKeystoreInstance.JKS); > To workaround this issue, one can change JKS to KeyStore.getDefaultType() > (this returns "BKS" for Harmony) or particular other keystore type, but this > requires source recompilation. Replacing > var/security/keystores/geronimo-default with the proper keystore type file is > not a problem. > A proper solution seems to apply the fix above to use the JDK-default > keystore type, and provide FileKeystoreInstance with an additional > configuration option, keystoreType, that would allow to change the keystore > type through config.xml without recompilation, like this: > <module name="org.apache.geronimo.configs/server-security-config/2.0.2/car"> > <gbean name="geronimo-default"> > <attribute name="keystoreType">PKCS12</attribute> > <attribute > name="keystorePath">var/security/keystores/geronimo-pkcs12</attribute> > </gbean> > </module> > This issue if a follow up to GERONIMO-2015. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.