KeyStore type can't be changed
------------------------------
Key: GERONIMO-3757
URL: https://issues.apache.org/jira/browse/GERONIMO-3757
Project: Geronimo
Issue Type: Bug
Security Level: public (Regular issues)
Components: security
Affects Versions: 2.0.2, 2.0.x, 2.1
Reporter: Vasily Zakharov
For now (r612905), Geronimo is hardcoded to use JKS keystore type, which
prevents Geronimo from running on Harmony or other JDKs that have no JKS
implementation:
org.apache.geronimo.security.keystore.FileKeystoreInstance, line 635:
KeyStore tempKeystore = KeyStore.getInstance(JKS);
org.apache.geronimo.security.keystore.FileKeystoreManager, line 364:
KeyStore keystore = KeyStore.getInstance(FileKeystoreInstance.JKS);
To workaround this issue, one can change JKS to KeyStore.getDefaultType() (this
returns "BKS" for Harmony) or particular other keystore type, but this requires
source recompilation. Replacing var/security/keystores/geronimo-default with
the proper keystore type file is not a problem.
A proper solution seems to apply the fix above to use the JDK-default keystore
type, and provide FileKeystoreInstance with an additional configuration option,
keystoreType, that would allow to change the keystore type through config.xml
without recompilation, like this:
<module name="org.apache.geronimo.configs/server-security-config/2.0.2/car">
<gbean name="geronimo-default">
<attribute name="keystoreType">PKCS12</attribute>
<attribute
name="keystorePath">var/security/keystores/geronimo-pkcs12</attribute>
</gbean>
</module>
This issue if a follow up to GERONIMO-2015.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
