On 15/02/18 07:52, Emil John wrote: > Context > ----------- > > Exact tomcat version, Operating Systems, other configurations- > > Current Tomcat version - 8.5.15 > Operating Systems - Windows/ Linux > Upgrading to tomcat version - 8.5.23 > Application - Java Application. > > I have an application with tomcat, say fooapp. I also have a custom > keystore type, say DKS (Java by default has the JKS keystore). During start > of my application, it loads the DKS keystore to get the certificate for the > application. This is done using the following changes in server.xml > > <Connector SSLEnabled="true" > sslImplementationName="com.vmware.identity.tomcat.GKSAwareImpl" > store="CERT_STORE" > port="${bio-ssl-localhost.https.port}" > protocol="com.vmware.identity.tomcat. GKSAwareHttp11NioProtocol" > redirectPort="${bio-ssl-localhost.https.port}" > scheme="https" > secure="true" > maxHttpHeaderSize="16384"> > <Certificate certificateKeystoreType="GKS" > > > Problem > ----------- > > The new version of tomcat has a changed code that is causing my application > from not able to load the GKS keystore. > > In Tomcat 8.5.15, > getKeyManagers() method - if ks is not null, it simply proceeds further > doing the ks.isKeyEntry() etc.. > > In Tomcat 8.5.23, > getKeyManagers() method - if ks is initialized as before and create a new > reference - > KeyStore ks = certificate.getCertificateKeystore(); > KeyStore ksUsed = ks; > > After the below code, the ksUsed is getting back to JKS and fails to load > my custom keystore type "GKS" > > // Switch to in-memory key store String provider = > certificate.getCertificateKeystoreProvider(); if (provider == null) { > ksUsed = KeyStore.getInstance(certificate.getCertificateKeystoreType()); } > else { ksUsed = > KeyStore.getInstance(certificate.getCertificateKeystoreType(), provider); } > ksUsed.load(null, null); --> throws unimplmented method > > I am setting the provider type properly in java.security which is also used > while loading the application. > > Has anybody faced similar problem?
You should try 8.5.24 or later since there was a further change in 8.5.24 in this area. You might want to talk to VMware support about the unimplemented method as I'd expect any custom KeyStore to support that usage. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org