[Bug 62507] New: Insufficient control over keystore loading to support DKS-keystores

Thu, 28 Jun 2018 09:50:56 -0700 

https://bz.apache.org/bugzilla/show_bug.cgi?id=62507

            Bug ID: 62507
           Summary: Insufficient control over keystore loading to support
                    DKS-keystores
           Product: Tomcat 8
           Version: 8.5.x-trunk
          Hardware: PC
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: Meta
          Assignee: dev@tomcat.apache.org
          Reporter: kenny_stim...@yahoo.com
  Target Milestone: ----

This ticket has been created out of a discussion originally raised here: 
https://github.com/spring-projects/spring-boot/issues/13590

Overview:
    I am trying to configure ssl using a dks-keystore through
'application.properties'. I raised a ticket with the team handling spring-boot
and they have stated that there is currently no mechanism for them to be able
to stop tomcat from calling 'java.security.KeyStore.load(InputStream, char[])'
in favor of 'java.security.KeyStore.load(URI, DomainLoadStoreParameter)'

Here is the stacktrace I provided, showing the path that is taken for the
configuration of the SSL context:
java.lang.UnsupportedOperationException: This keystore must be loaded using a
DomainLoadStoreParameter
        at
sun.security.provider.DomainKeyStore.engineLoad(DomainKeyStore.java:713)
~[na:1.8.0_111]
        at
sun.security.provider.DomainKeyStore$DKS.engineLoad(DomainKeyStore.java:68)
~[na:1.8.0_111]
        at java.security.KeyStore.load(KeyStore.java:1445) ~[na:1.8.0_111]
        at
org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:136)
~[tomcat-embed-core-8.5.14.jar!/:8.5.14]
        at
org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:187)
[tomcat-embed-core-8.5.14.jar!/:8.5.14]
        at
org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:185)
[tomcat-embed-core-8.5.14.jar!/:8.5.14]
        at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:112)
[tomcat-embed-core-8.5.14.jar!/:8.5.14]
        at
org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:85)
[tomcat-embed-core-8.5.14.jar!/:8.5.14]
        at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:225)
[tomcat-embed-core-8.5.14.jar!/:8.5.14]
        at
org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:978)
[tomcat-embed-core-8.5.14.jar!/:8.5.14]
        at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:628)
[tomcat-embed-core-8.5.14.jar!/:8.5.14]
        at
org.apache.catalina.connector.Connector.startInternal(Connector.java:993)
[tomcat-embed-core-8.5.14.jar!/:8.5.14]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
[tomcat-embed-core-8.5.14.jar!/:8.5.14]
        at
org.apache.catalina.core.StandardService.addConnector(StandardService.java:225)
[tomcat-embed-core-8.5.14.jar!/:8.5.14]
        at
org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.addPreviouslyRemovedConnectors(TomcatEmbeddedServletContainer.java:247)
[spring-boot-1.5.3.RELEASE.jar!/:1.5.3.RELEASE]
        at
org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.start(TomcatEmbeddedServletContainer.java:190)
[spring-boot-1.5.3.RELEASE.jar!/:1.5.3.RELEASE]
        at
org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.startEmbeddedServletContainer(EmbeddedWebApplicationContext.java:297)
[spring-boot-1.5.3.RELEASE.jar!/:1.5.3.RELEASE]
        at
org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.finishRefresh(EmbeddedWebApplicationContext.java:145)
[spring-boot-1.5.3.RELEASE.jar!/:1.5.3.RELEASE]
        at
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:545)
[spring-context-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
        at
org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122)
[spring-boot-1.5.3.RELEASE.jar!/:1.5.3.RELEASE]
        at
org.springframework.boot.SpringApplication.refresh(SpringApplication.java:737)
[spring-boot-1.5.3.RELEASE.jar!/:1.5.3.RELEASE]
        at
org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:370)
[spring-boot-1.5.3.RELEASE.jar!/:1.5.3.RELEASE]
        at
org.springframework.boot.SpringApplication.run(SpringApplication.java:314)
[spring-boot-1.5.3.RELEASE.jar!/:1.5.3.RELEASE]
        at
org.springframework.boot.SpringApplication.run(SpringApplication.java:1162)
[spring-boot-1.5.3.RELEASE.jar!/:1.5.3.RELEASE]
        at
org.springframework.boot.SpringApplication.run(SpringApplication.java:1151)
[spring-boot-1.5.3.RELEASE.jar!/:1.5.3.RELEASE]
        at [Redacted]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[na:1.8.0_111]
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
~[na:1.8.0_111]
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[na:1.8.0_111]
        at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_111]
        at
org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)
[giant2-ccp-example.jar:1.19.20-SNAPSHOT]
        at org.springframework.boot.loader.Launcher.launch(Launcher.java:87)
[giant2-ccp-example.jar:1.19.20-SNAPSHOT]
        at org.springframework.boot.loader.Launcher.launch(Launcher.java:50)
[giant2-ccp-example.jar:1.19.20-SNAPSHOT]
        at
org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51)
[giant2-ccp-example.jar:1.19.20-SNAPSHOT]

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to