[ https://issues.apache.org/jira/browse/GERONIMO-3757?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12563009#action_12563009 ]
Vamsavardhana Reddy commented on GERONIMO-3757: ----------------------------------------------- Completed: At revision: 615625 in trunk(2.1) o Allow creation of all possible keystore types supported. Keystore type is no longer restricted to JKS. o Added a type parameter to create keystore methods. o Keystores portlet will now allow creating and managing all types of keystores. o This revision will simplify the configuration changes required to run G on a JVM that does not support JKS keystores (for e.g., Harmony). ** As this "feature" required some interface changes, for e.g. KeystoreManager, KeystoreInstance etc., I would like to hear from others on considering this for branches\2.0 as it may break compatibility. > KeyStore type can't be changed > ------------------------------ > > Key: GERONIMO-3757 > URL: https://issues.apache.org/jira/browse/GERONIMO-3757 > Project: Geronimo > Issue Type: Bug > Security Level: public(Regular issues) > Components: console, security > Affects Versions: 2.0.2, 2.0.x, 2.1 > Reporter: Vasily Zakharov > Assignee: Vamsavardhana Reddy > Fix For: 2.0.x, 2.1 > > Attachments: GERONIMO-3757-2.0.patch, GERONIMO-3757-2.1.patch, > Geronimo-3757-trunk.patch, Geronimo-3757.patch, Geronimo-3757.patch, > GERONIMO-3757.patch > > > For now (r612905), Geronimo is hardcoded to use JKS keystore type, which > prevents Geronimo from running on Harmony or other JDKs that have no JKS > implementation: > org.apache.geronimo.security.keystore.FileKeystoreInstance, line 635: > KeyStore tempKeystore = KeyStore.getInstance(JKS); > org.apache.geronimo.security.keystore.FileKeystoreManager, line 364: > KeyStore keystore = > KeyStore.getInstance(FileKeystoreInstance.JKS); > To workaround this issue, one can change JKS to KeyStore.getDefaultType() > (this returns "BKS" for Harmony) or particular other keystore type, but this > requires source recompilation. Replacing > var/security/keystores/geronimo-default with the proper keystore type file is > not a problem. > A proper solution seems to apply the fix above to use the JDK-default > keystore type, and provide FileKeystoreInstance with an additional > configuration option, keystoreType, that would allow to change the keystore > type through config.xml without recompilation, like this: > <module name="org.apache.geronimo.configs/server-security-config/2.0.2/car"> > <gbean name="geronimo-default"> > <attribute name="keystoreType">PKCS12</attribute> > <attribute > name="keystorePath">var/security/keystores/geronimo-pkcs12</attribute> > </gbean> > </module> > This issue if a follow up to GERONIMO-2015. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.