[jira] [Created] (QPID-3973) QPID Java SSLUtil does not support non-JKS key store types

Jesse Sightler created QPID-3973:
------------------------------------

             Summary: QPID Java SSLUtil does not support non-JKS key store types
                 Key: QPID-3973
                 URL: https://issues.apache.org/jira/browse/QPID-3973
             Project: Qpid
          Issue Type: Bug
          Components: Java Client, Java Common
    Affects Versions: 0.10
         Environment: Java 1.6 in FIPS mode (NSS)
            Reporter: Jesse Sightler


We are required to run our system in FIPS-compliant mode, using the NSS library for Java Security. In this mode, we cannot use JKS for private key storage.

Unfortunately, SSLUtil does not support configurable KeyStore types, and will throw an exception if we attempt to do this.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

     [ https://issues.apache.org/jira/browse/QPID-3973?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jesse Sightler updated QPID-3973:
---------------------------------

    Attachment: qpid-java.diff

Potential fix... accepts java system properties for defining the keystore and truststore type.
               
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

    [ https://issues.apache.org/jira/browse/QPID-3973?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13260984#comment-13260984 ]

Robbie Gemmell commented on QPID-3973:
--------------------------------------

Hi Jesse,

I don't believe this will have been change since 0.10, but I do know the code your patch updates has been modified significantly since then and as a result there is little to no chance it applies to the current codebase. Qpid 0.16 has long branched for release and should be out in the next couple of weeks, but if you wanted to produce an updated patch against the current trunk we can certainly look to include it in the 0.18 release ~July/Aug.

(sidenotes: the patch seems to have a scratch file in it, and we need you to grant permission for inclusion when attaching patches to JIRAs in order to actually use them).

Robbie
               
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

    [ https://issues.apache.org/jira/browse/QPID-3973?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13260997#comment-13260997 ]

Jason Wong commented on QPID-3973:
----------------------------------

Hi Robbie,

Thanks for the quick response.  We're working with Red Hat MRG-M which has its Java client library based on the 0.10 release.  We're also engaging with Red Hat support to get a patch created for the current MRG-M client libraries but wanted to put this out to the community as well.  As we get the patch created for the 0.10 release, we can also talk to support and the product team what is the best route of pushing the fix upstream for upcoming releases.

Thanks,
Jason
               
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

    [ https://issues.apache.org/jira/browse/QPID-3973?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13261025#comment-13261025 ]

Robbie Gemmell commented on QPID-3973:
--------------------------------------

Ok Jason thats great, thanks for sharing :)

As an update on my earlier sidenote: the icon that usually indicates attachments have been granted for inclusion appears to have disappeared from JIRAs I know I ticked the box myself on previously, so please disregard my comment if you actually did tick the box Jesse. I wonder if a JIRA upgrade has broken the plugin or it has simply been removed, I'll try to take a look about and/or ask the ASF infrastructure team tomorrow.

Robbie
               
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

    [ https://issues.apache.org/jira/browse/QPID-3973?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13261123#comment-13261123 ]

Jesse Sightler commented on QPID-3973:
--------------------------------------

Sorry about the scratch file in the patch. That was a mistake/leftover from my workspace.

I did check the box to allow ASF inclusion, so I'm not sure why that wouldn't show up.
               
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

    [ https://issues.apache.org/jira/browse/QPID-3973?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13270826#comment-13270826 ]

Jesse Sightler commented on QPID-3973:
--------------------------------------

I have now updated the patch based upon the latest code from SVN (and the readonly Git Repo). The pull request is at:
https://github.com/apache/qpid/pull/2

Diff is also attached.
               
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

     [ https://issues.apache.org/jira/browse/QPID-3973?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jesse Sightler updated QPID-3973:
---------------------------------

    Attachment: 2012_05_08_Master_Patch.diff

Updated to apply to trunk.
               
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

     [ https://issues.apache.org/jira/browse/QPID-3973?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jesse Sightler updated QPID-3973:
---------------------------------

        Fix Version/s: 0.17
    Affects Version/s: 0.17
                       0.14
   
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

     [ https://issues.apache.org/jira/browse/QPID-3973?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rob Godfrey reassigned QPID-3973:
---------------------------------

    Assignee: Rob Godfrey
   
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

    [ https://issues.apache.org/jira/browse/QPID-3973?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13279025#comment-13279025 ]

Rob Godfrey commented on QPID-3973:
-----------------------------------

Applied a lightly modified version of the patch.

The patch had a bug where the keyStoreType and keyStorePassword fields were passed in the wrong order on creation of the QpidClientX509KeyManager - this was picked up by one of the existing unit tests which failed on inital application of this patch.

There were also a couple of deviations from our style guidelines.
               
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

     [ https://issues.apache.org/jira/browse/QPID-3973?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rob Godfrey resolved QPID-3973.
-------------------------------

    Resolution: Fixed
   
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

     [ https://issues.apache.org/jira/browse/QPID-3973?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Robbie Gemmell updated QPID-3973:
---------------------------------

    Affects Version/s: 0.12
                       0.16
   
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]