Uploaded image for project: 'Apache Knox'
  1. Apache Knox
  2. KNOX-2434

Knox should fallback to JDK default keystore/truststore type instead of hardcoding JKS

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.4.0
    • Fix Version/s: 1.5.0
    • Component/s: Server
    • Labels:
      None

      Description

      Currently Knox has a few configuration options for overriding the keystore/truststore type and if these are not specified it falls back to hardcoded "JKS". This should fallback instead of the JDK default configured keystore/truststore type. This will cause issues when an administrator wants to control the keystore type globally at the JDK level. This happens when doing FIPS crypto modules.

      It would be better to use KeyStore.getDefaultType() instead of hardcoding JKS.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                krisden Kevin Risden
                Reporter:
                krisden Kevin Risden
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 0.5h
                  0.5h