Details
Description
For now (r612905), Geronimo is hardcoded to use JKS keystore type, which prevents Geronimo from running on Harmony or other JDKs that have no JKS implementation:
org.apache.geronimo.security.keystore.FileKeystoreInstance, line 635:
KeyStore tempKeystore = KeyStore.getInstance(JKS);
org.apache.geronimo.security.keystore.FileKeystoreManager, line 364:
KeyStore keystore = KeyStore.getInstance(FileKeystoreInstance.JKS);
To workaround this issue, one can change JKS to KeyStore.getDefaultType() (this returns "BKS" for Harmony) or particular other keystore type, but this requires source recompilation. Replacing var/security/keystores/geronimo-default with the proper keystore type file is not a problem.
A proper solution seems to apply the fix above to use the JDK-default keystore type, and provide FileKeystoreInstance with an additional configuration option, keystoreType, that would allow to change the keystore type through config.xml without recompilation, like this:
<module name="org.apache.geronimo.configs/server-security-config/2.0.2/car">
<gbean name="geronimo-default">
<attribute name="keystoreType">PKCS12</attribute>
<attribute name="keystorePath">var/security/keystores/geronimo-pkcs12</attribute>
</gbean>
</module>
This issue if a follow up to GERONIMO-2015.
Attachments
Attachments
Issue Links
- is related to
-
GERONIMO-2015 Let's replace JKS to PKCS12 key store type
- Closed