Re: [jira] Commented: (GERONIMO-2015) Let's replace JKS to PKCS12 key store type

Tue, 17 Oct 2006 10:49:39 -0700

        KeyStore jks = KeyStore.getInstance("JKS");
        KeyStore pkcs12 = KeyStore.getInstance("PKCS12");
        FileInputStream fin = new FileInputStream(inFile);
        jks.load(fin, password);
        fin.close();
        System.out.println("Loaded input keystore "+inFile);
        pkcs12.load(null, null);
        for(Enumeration e = jks.aliases(); e.hasMoreElements(); ) {
            String alias = (String) e.nextElement();
            if(jks.isCertificateEntry(alias)) {
                pkcs12.setCertificateEntry(alias, jks.getCertificate(alias));
            } else {
                pkcs12.setKeyEntry(alias, jks.getKey(alias, password), password, jks.getCertificateChain(alias));
            }
        }
        FileOutputStream fout = new FileOutputStream(outFile);
        pkcs12.store(fout, password);
        fout.close();


On 10/17/06, Nikolay Chugunov (JIRA) <dev@geronimo.apache.org> wrote:
    [ http://issues.apache.org/jira/browse/GERONIMO-2015?page=comments#action_12442965 ]

Nikolay Chugunov commented on GERONIMO-2015:
--------------------------------------------

Vamsavardhana,
Could you send code, you have written above

> Let's replace JKS to PKCS12 key store type
> ------------------------------------------
>
>                 Key: GERONIMO-2015
>                 URL: http://issues.apache.org/jira/browse/GERONIMO-2015
>             Project: Geronimo
>          Issue Type: Improvement
>      Security Level: public(Regular issues)
>          Components: security
>            Reporter: Nikolay Chugunov
>             Fix For: 1.2
>
>         Attachments: jksToPKCS12-1.1.1.patch, JKSToPKCS12.java, jksToPKCS12.patch, keystore
>
>
> Hello
> Let's replace JKS to PKCS12 key store type; because PKCS12 is widely used key store and Geronimo may not work on non-Sun VMs.
> To fix this problem I have created the patch for Geronimo sources.
> In brief the patch (attached) replaces JKS to PKCS12 key store type in configurations files.
> PKCS12 format of key store file is not java-specific and can be created and read by other programs, e.g. Internet Explorer. In addition PKCS12 exists in Bouncy Castle (http://www.bouncycastle.org) security provider, while JKS is Sun specific key store and does not exist in Bouncy Castle.
> Also it is needed to replace JKS to PKCS12 keystore file (attached) to assemblies/j2ee-tomcat-server/src/var/security, assemblies/j2ee-installer/src/var/security, assemblies/j2ee-jetty-server/src/var/security directories. Key store file was generating using JKSToPKCS12 class (attached). This class transfers key and certificate of Geronimo from JKS to PKCS12.
> After I apply this patch to Geronimo 1.0 sources and build Geronimo I can login to Geronimo console over https.

--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira



Reply via email to