Re: Switch to in-memory key store in tomcat 8.5.23 fails application to load
On 15/02/18 07:52, Emil John wrote: > Context > --- > > Exact tomcat version, Operating Systems, other configurations- > > Current Tomcat version - 8.5.15 > Operating Systems - Windows/ Linux > Upgrading to tomcat version - 8.5.23 > Application - Java Application. > > I have an application with tomcat, say fooapp. I also have a custom > keystore type, say DKS (Java by default has the JKS keystore). During start > of my application, it loads the DKS keystore to get the certificate for the > application. This is done using the following changes in server.xml > > sslImplementationName="com.vmware.identity.tomcat.GKSAwareImpl" > store="CERT_STORE" > port="${bio-ssl-localhost.https.port}" > protocol="com.vmware.identity.tomcat. GKSAwareHttp11NioProtocol" > redirectPort="${bio-ssl-localhost.https.port}" > scheme="https" > secure="true" > maxHttpHeaderSize="16384"> > > > Problem > --- > > The new version of tomcat has a changed code that is causing my application > from not able to load the GKS keystore. > > In Tomcat 8.5.15, > getKeyManagers() method - if ks is not null, it simply proceeds further > doing the ks.isKeyEntry() etc.. > > In Tomcat 8.5.23, > getKeyManagers() method - if ks is initialized as before and create a new > reference - > KeyStore ks = certificate.getCertificateKeystore(); > KeyStore ksUsed = ks; > > After the below code, the ksUsed is getting back to JKS and fails to load > my custom keystore type "GKS" > > // Switch to in-memory key store String provider = > certificate.getCertificateKeystoreProvider(); if (provider == null) { > ksUsed = KeyStore.getInstance(certificate.getCertificateKeystoreType()); } > else { ksUsed = > KeyStore.getInstance(certificate.getCertificateKeystoreType(), provider); } > ksUsed.load(null, null); --> throws unimplmented method > > I am setting the provider type properly in java.security which is also used > while loading the application. > > Has anybody faced similar problem? You should try 8.5.24 or later since there was a further change in 8.5.24 in this area. You might want to talk to VMware support about the unimplemented method as I'd expect any custom KeyStore to support that usage. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Switch to in-memory key store in tomcat 8.5.23 fails application to load
Emil, On 15 Feb 2018, 8:52 PM +1300, Emil John, wrote: > Context > --- > > Exact tomcat version, Operating Systems, other configurations- > > Current Tomcat version - 8.5.15 > Operating Systems - Windows/ Linux > Upgrading to tomcat version - 8.5.23 > Application - Java Application. > > I have an application with tomcat, say fooapp. I also have a custom > keystore type, say DKS (Java by default has the JKS keystore). During start > of my application, it loads the DKS keystore to get the certificate for the > application. This is done using the following changes in server.xml > > sslImplementationName="com.vmware.identity.tomcat.GKSAwareImpl" > store="CERT_STORE" > port="${bio-ssl-localhost.https.port}" > protocol="com.vmware.identity.tomcat. GKSAwareHttp11NioProtocol" > redirectPort="${bio-ssl-localhost.https.port}" > scheme="https" > secure="true" > maxHttpHeaderSize="16384" > > > Problem > --- > > The new version of tomcat has a changed code that is causing my application > from not able to load the GKS keystore. > > In Tomcat 8.5.15, > getKeyManagers() method - if ks is not null, it simply proceeds further > doing the ks.isKeyEntry() etc.. > > In Tomcat 8.5.23, > getKeyManagers() method - if ks is initialized as before and create a new > reference - > KeyStore ks = certificate.getCertificateKeystore(); > KeyStore ksUsed = ks; > > After the below code, the ksUsed is getting back to JKS and fails to load > my custom keystore type "GKS" > > // Switch to in-memory key store String provider = > certificate.getCertificateKeystoreProvider(); if (provider == null) { > ksUsed = KeyStore.getInstance(certificate.getCertificateKeystoreType()); } > else { ksUsed = > KeyStore.getInstance(certificate.getCertificateKeystoreType(), provider); } > ksUsed.load(null, null); --> throws unimplmented method > > I am setting the provider type properly in java.security which is also used > while loading the application. > > Has anybody faced similar problem? I had a similar problem – not quite the same but close enough. I ended up creating another key store type that wraps around my existing types. See my threads here http://markmail.org/message/5vus3jpsp5secm44 Cheers, Ing > > Thanks, > Emil
Switch to in-memory key store in tomcat 8.5.23 fails application to load
Context --- Exact tomcat version, Operating Systems, other configurations- Current Tomcat version - 8.5.15 Operating Systems - Windows/ Linux Upgrading to tomcat version - 8.5.23 Application - Java Application. I have an application with tomcat, say fooapp. I also have a custom keystore type, say DKS (Java by default has the JKS keystore). During start of my application, it loads the DKS keystore to get the certificate for the application. This is done using the following changes in server.xml throws unimplmented method I am setting the provider type properly in java.security which is also used while loading the application. Has anybody faced similar problem? Thanks, Emil