Re: Tomcat 8.5.16 - can't use Java keystore with multiple entries having different keypass for each entry?

2017-07-05 Thread Mark Thomas 
On 05/07/17 11:47, Frank Taffelt wrote:
>> I don't think that will work because you can't read the key out of the
>> keystore.
> 
> The keystore API has the getKey(alias,keypass) method that should give you 
> the key. copying the entry could be:
> 
> KeyStore newks = KeyStore.getInstance("JKS");
> newks.load(null, null);
> newks.setKeyEntry(alias,  ks.getKey(alias, keypass), keypass, 
> ks.getCertificateChain(alias));

Neat. Thanks works nicely.

Fix committed for 9.0.x and 8.5.x

You also get your name in the commit log and the change log.

http://svn.apache.org/viewvc?rev=1800867=rev
http://svn.apache.org/viewvc?rev=1800868=rev

Thanks,

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat 8.5.16 - can't use Java keystore with multiple entries having different keypass for each entry?

2017-07-05 Thread Frank Taffelt 
> I don't think that will work because you can't read the key out of the
> keystore.

The keystore API has the getKey(alias,keypass) method that should give you the 
key. copying the entry could be:

KeyStore newks = KeyStore.getInstance("JKS");
newks.load(null, null);
newks.setKeyEntry(alias,  ks.getKey(alias, keypass), keypass, 
ks.getCertificateChain(alias));

hth,
Frank

Re: Tomcat 8.5.16 - can't use Java keystore with multiple entries having different keypass for each entry?

2017-07-05 Thread Mark Thomas 
On 04/07/2017 07:32, Frank Taffelt wrote:
> Hi Thomas,
> 
>> By far the simplest solution is to have one keystore per private key.
> 
> so maybe this could go into the docs section.

Updated. Will be included in the next release (not the one currently
being voted on).

>> I find the JSSE API tricky to navigate at the best of times so it is possible
>> I have missed something. If I have, feel free to point me in the right
>> direction. Better yet, provide some code that shows how to use
>> KeyManagerFactory with a keystore that has multiple keys each with a 
>> different
>> password.
> 
> yes, i also wondered on the API of KMF having only one password on the init 
> method. Could creating a runtime inmemory keystore with the keyentry from the 
> original keystore help?

I don't think that will work because you can't read the key out of the
keystore.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: "End of life for Apache Tomcat 8.0.x" page title

2017-07-05 Thread Violeta Georgieva 
Hi,

2017-07-05 1:30 GMT+03:00 Adam Rauch :
>
> I noticed that the current  element for the new EOL page is:
"Apache Tomcat® - End of life for Apache Tomcat 6.0.x". You may want to
adjust the version to "8.0.x."

Thanks for spotting this.
It should be Ok now.

Regards,
Violeta

> Thanks,
> Adam
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>