[ http://issues.apache.org/jira/browse/GERONIMO-2280?page=comments#action_12425970 ] Vamsavardhana Reddy commented on GERONIMO-2280: -----------------------------------------------
With this fix, 1. A keystore can have more than one private key in unlocked state. 2. If a user creates a second private key entry (with a different password that that of the alias currently used by JettySSLConnector) in the keystore "geronimo-default", this patch enables successful server startup. Otherwise server startup will fail (Scenario 1 from above). 3. keyAlias field can be made editable in Jetty edit HTTPS Connectors page. > FileKeystoreInstance.getKeyManager() fails when there is more than one > privatekey in the store > ---------------------------------------------------------------------------------------------- > > Key: GERONIMO-2280 > URL: http://issues.apache.org/jira/browse/GERONIMO-2280 > Project: Geronimo > Issue Type: Bug > Security Level: public(Regular issues) > Components: security > Affects Versions: 1.1, 1.1.1 > Reporter: Vamsavardhana Reddy > Fix For: 1.2, 1.1.1, 1.1.x, 1.1.2 > > Attachments: GERONIMO-2280.patch > > > FileKeystoreInstance.getKeyManager() fails when there is more than one > privatekey in the store. > Scenario 1: The method will throw UnrecoverableKeyException if the all the > private key entries in the keystore do not have the same password (as the > entry of our interest). > Scenario 2: Even if all the private key entries have the same password and > the method returns a KeyManager, there is no control on which enrty will be > used. > To overcome this, a temporary keystore (I call it a SubKeystore) can be > generated and initialized with the entry corresponding to the alias and used > to init the KeyManagerFactory. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
