https://bz.apache.org/bugzilla/show_bug.cgi?id=62507
Bug ID: 62507 Summary: Insufficient control over keystore loading to support DKS-keystores Product: Tomcat 8 Version: 8.5.x-trunk Hardware: PC Status: NEW Severity: enhancement Priority: P2 Component: Meta Assignee: dev@tomcat.apache.org Reporter: kenny_stim...@yahoo.com Target Milestone: ---- This ticket has been created out of a discussion originally raised here: https://github.com/spring-projects/spring-boot/issues/13590 Overview: I am trying to configure ssl using a dks-keystore through 'application.properties'. I raised a ticket with the team handling spring-boot and they have stated that there is currently no mechanism for them to be able to stop tomcat from calling 'java.security.KeyStore.load(InputStream, char[])' in favor of 'java.security.KeyStore.load(URI, DomainLoadStoreParameter)' Here is the stacktrace I provided, showing the path that is taken for the configuration of the SSL context: java.lang.UnsupportedOperationException: This keystore must be loaded using a DomainLoadStoreParameter at sun.security.provider.DomainKeyStore.engineLoad(DomainKeyStore.java:713) ~[na:1.8.0_111] at sun.security.provider.DomainKeyStore$DKS.engineLoad(DomainKeyStore.java:68) ~[na:1.8.0_111] at java.security.KeyStore.load(KeyStore.java:1445) ~[na:1.8.0_111] at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:136) ~[tomcat-embed-core-8.5.14.jar!/:8.5.14] at org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:187) [tomcat-embed-core-8.5.14.jar!/:8.5.14] at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:185) [tomcat-embed-core-8.5.14.jar!/:8.5.14] at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:112) [tomcat-embed-core-8.5.14.jar!/:8.5.14] at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:85) [tomcat-embed-core-8.5.14.jar!/:8.5.14] at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:225) [tomcat-embed-core-8.5.14.jar!/:8.5.14] at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:978) [tomcat-embed-core-8.5.14.jar!/:8.5.14] at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:628) [tomcat-embed-core-8.5.14.jar!/:8.5.14] at org.apache.catalina.connector.Connector.startInternal(Connector.java:993) [tomcat-embed-core-8.5.14.jar!/:8.5.14] at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) [tomcat-embed-core-8.5.14.jar!/:8.5.14] at org.apache.catalina.core.StandardService.addConnector(StandardService.java:225) [tomcat-embed-core-8.5.14.jar!/:8.5.14] at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.addPreviouslyRemovedConnectors(TomcatEmbeddedServletContainer.java:247) [spring-boot-1.5.3.RELEASE.jar!/:1.5.3.RELEASE] at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.start(TomcatEmbeddedServletContainer.java:190) [spring-boot-1.5.3.RELEASE.jar!/:1.5.3.RELEASE] at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.startEmbeddedServletContainer(EmbeddedWebApplicationContext.java:297) [spring-boot-1.5.3.RELEASE.jar!/:1.5.3.RELEASE] at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.finishRefresh(EmbeddedWebApplicationContext.java:145) [spring-boot-1.5.3.RELEASE.jar!/:1.5.3.RELEASE] at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:545) [spring-context-4.3.8.RELEASE.jar!/:4.3.8.RELEASE] at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122) [spring-boot-1.5.3.RELEASE.jar!/:1.5.3.RELEASE] at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:737) [spring-boot-1.5.3.RELEASE.jar!/:1.5.3.RELEASE] at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:370) [spring-boot-1.5.3.RELEASE.jar!/:1.5.3.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:314) [spring-boot-1.5.3.RELEASE.jar!/:1.5.3.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:1162) [spring-boot-1.5.3.RELEASE.jar!/:1.5.3.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:1151) [spring-boot-1.5.3.RELEASE.jar!/:1.5.3.RELEASE] at [Redacted] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_111] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_111] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_111] at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_111] at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48) [giant2-ccp-example.jar:1.19.20-SNAPSHOT] at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) [giant2-ccp-example.jar:1.19.20-SNAPSHOT] at org.springframework.boot.loader.Launcher.launch(Launcher.java:50) [giant2-ccp-example.jar:1.19.20-SNAPSHOT] at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51) [giant2-ccp-example.jar:1.19.20-SNAPSHOT] -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org