[
https://issues.apache.org/jira/browse/GERONIMO-3757?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12562675#action_12562675
]
Vamsavardhana Reddy commented on GERONIMO-3757:
-----------------------------------------------
I also curious about CreateKeystoreHandler.defaultType variable...
1. As far as I understood from the code you want this variable to be null if
KeyStore.getDefaultType() is not in the list of available keystore types. Is
this possible?
>From the other hand null type treated as KeyStore.getDefaultType() later in
>the code. It is a bit confusing for me...
2. How will we handle situation if defaultType variable is not null but it is
impossible to create empty store for this type and the type will be removed
from the list on next step?
Response:
1. defaultType can not be null. Ideally,
KeyStore.getInstance(KeyStore.getDefaultType()) is expected to not throw any
exceptions.
2. The keystoreTypes is the list of types that will be shown for selection
while creating a keystore using Keystores portlet. It does not matter what the
defaultType is. If defaultType is in keystoreTypes, it will be selected,
otherwise the first one in the list will be selected. We are using these to
prevent users from selecting a keystore type that can not have an empty
keystore.
> KeyStore type can't be changed
> ------------------------------
>
> Key: GERONIMO-3757
> URL: https://issues.apache.org/jira/browse/GERONIMO-3757
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 2.0.2, 2.0.x, 2.1
> Reporter: Vasily Zakharov
> Attachments: Geronimo-3757-trunk.patch, Geronimo-3757.patch,
> Geronimo-3757.patch, GERONIMO-3757.patch
>
>
> For now (r612905), Geronimo is hardcoded to use JKS keystore type, which
> prevents Geronimo from running on Harmony or other JDKs that have no JKS
> implementation:
> org.apache.geronimo.security.keystore.FileKeystoreInstance, line 635:
> KeyStore tempKeystore = KeyStore.getInstance(JKS);
> org.apache.geronimo.security.keystore.FileKeystoreManager, line 364:
> KeyStore keystore =
> KeyStore.getInstance(FileKeystoreInstance.JKS);
> To workaround this issue, one can change JKS to KeyStore.getDefaultType()
> (this returns "BKS" for Harmony) or particular other keystore type, but this
> requires source recompilation. Replacing
> var/security/keystores/geronimo-default with the proper keystore type file is
> not a problem.
> A proper solution seems to apply the fix above to use the JDK-default
> keystore type, and provide FileKeystoreInstance with an additional
> configuration option, keystoreType, that would allow to change the keystore
> type through config.xml without recompilation, like this:
> <module name="org.apache.geronimo.configs/server-security-config/2.0.2/car">
> <gbean name="geronimo-default">
> <attribute name="keystoreType">PKCS12</attribute>
> <attribute
> name="keystorePath">var/security/keystores/geronimo-pkcs12</attribute>
> </gbean>
> </module>
> This issue if a follow up to GERONIMO-2015.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
