Hello,
I am planning to check-in the following changes to switch to JKS from
NSS in Glassfish V2/PE.
---------------------------------------------------------------------------------------------------------------------------------------------------------------
Index:
servermgmt/src/java/com/sun/enterprise/ee/admin/servermgmt/EEDomainsManager.java
===================================================================
RCS file:
/cvs/glassfish/admin-ee/servermgmt/src/java/com/sun/enterprise/ee/admin/servermgmt/EEDomainsManager.java,v
retrieving revision 1.1.1.1
diff -r1.1.1.1 EEDomainsManager.java
209,211c209,215
< createNSSCertDB(config, masterPassword);
< initializeNSSCertDB(config, masterPassword);
< addCertToAsadminKeystore(config);
---
> if("true".equals(System.getProperty(JKS_DB_PROPERTY))) {
> super.createSSLCertificateDatabase(config, masterPassword);
> } else {
> createNSSCertDB(config, masterPassword);
> initializeNSSCertDB(config, masterPassword);
> addCertToAsadminKeystore(config);
> }
213c217
<
---
>
464,468c468,476
< try {
< String dbdir =
layout.getNSSCertDBFile().getParentFile().getAbsolutePath();
< NssStore store = NssStore.getInstance(dbdir, false,
oldPassword);
< store.changePassword(oldPassword, newPassword);
< NssStore.closeInstance();
---
> try {
> if("true".equals(System.getProperty(JKS_DB_PROPERTY))) {
> super.changeSSLCertificateDatabasePassword(config,
oldPassword, newPassword);
> } else {
> String dbdir =
layout.getNSSCertDBFile().getParentFile().getAbsolutePath();
> NssStore store = NssStore.getInstance(dbdir, false,
oldPassword);
> store.changePassword(oldPassword, newPassword);
> NssStore.closeInstance();
> }
505c513
<
---
>
508a517,521
> //return if we are using JKS. Extra password options not
applicable
> //in this case.
> if("true".equals(System.getProperty(JKS_DB_PROPERTY))) {
> return null;
> }
519a533,535
>
> //Property to determine whether we are using JKS.
> public static final String JKS_DB_PROPERTY =
"com.sun.enterprise.security.jks";
Index: synchronization/dtds/na-startup-meta-data.xml
===================================================================
RCS file:
/cvs/glassfish/admin-ee/synchronization/dtds/na-startup-meta-data.xml,v
retrieving revision 1.1.1.1
diff -r1.1.1.1 na-startup-meta-data.xml
36a37,39
>
> <mapping source="${com.sun.aas.instanceRoot}/config/cacerts.jks"
destination="config" basedir="${com.sun.aas.instanceRoot}/"
timestamp-type="modification-time"
dest-timestamp-file="${com.sun.aas.instanceRoot}/config/.cacerts.jks.timestamp"/>
> <mapping source="${com.sun.aas.instanceRoot}/config/keystore.jks"
destination="config" basedir="${com.sun.aas.instanceRoot}/"
timestamp-type="modification-time"
dest-timestamp-file="${com.sun.aas.instanceRoot}/config/.keystore.jks.timestamp"/>
Index:
synchronization/src/java/com/sun/enterprise/ee/synchronization/BaseSynchronizationDriver.java
===================================================================
RCS file:
/cvs/glassfish/admin-ee/synchronization/src/java/com/sun/enterprise/ee/synchronization/BaseSynchronizationDriver.java,v
retrieving revision 1.2
diff -r1.2 BaseSynchronizationDriver.java
25a26
> import java.io.File;
179a181,190
> }
>
> String configDir =
System.getProperty("com.sun.aas.instanceRoot") +
> File.separator + "config";
> java.io.File nssFile = new File(configDir, "key3.db");
> if (!nssFile.exists()) {
> if (System.getProperty("javax.net.ssl.keyStore")
== null) {
> System.setProperty("javax.net.ssl.keyStore",
configDir +
> File.separator + "keystore.jks");
> }
Index: src/java/com/sun/enterprise/admin/server/core/AdminService.java
===================================================================
RCS file:
/cvs/glassfish/appserv-core/src/java/com/sun/enterprise/admin/server/core/AdminService.java,v
retrieving revision 1.13
diff -r1.13 AdminService.java
287a288,290
>
> //initialize JKS properties.
> setupJKS();
299a303,316
>
> private void setupJKS() {
> String configDir =
System.getProperty("com.sun.aas.instanceRoot") +
> File.separator + "config";
> java.io.File nssFile = new File(configDir, "key3.db");
> if (!nssFile.exists()) {
> if (System.getProperty("javax.net.ssl.keyStore") == null) {
> System.setProperty("javax.net.ssl.keyStore", configDir +
> File.separator + "keystore.jks");
> System.setProperty("javax.net.ssl.trustStore",
configDir +
> File.separator + "cacerts.jks");
> }
> }
> }
---------------------------------------------------------------------------------------------------------------------------------------------------------------
*Description:*
This is the temporary change for milestone 2 till we have profiles
implementation available.Here we are trying to do minimum code change to
provide JKS support in Glassfish V2/PE. We are adding a new
property(-Dcom.sun.enterprise.security.jks=true) to asadmin script in
case of Glassfish PE. During domain creation Admin code will use this
property to determine whether to initialize JKS or NSS. Elsewhere,
during Node Agent/Server startup time, code behavior is based on what
store (created previously during initialization) is available.
Thanks
Rajeshwar