Looks good. Please go ahead.
Nandini
On Wed, 2006-09-20 at 20:56, Rajeshwar Patil wrote:
> Hello,
> I am planning to check-in the following changes to switch to JKS from
> NSS in Glassfish V2/PE.
>
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------
> Index:
> servermgmt/src/java/com/sun/enterprise/ee/admin/servermgmt/EEDomainsManager.java
> ===================================================================
> RCS file:
> /cvs/glassfish/admin-ee/servermgmt/src/java/com/sun/enterprise/ee/admin/servermgmt/EEDomainsManager.java,v
> retrieving revision 1.1.1.1
> diff -r1.1.1.1 EEDomainsManager.java
> 209,211c209,215
> < createNSSCertDB(config, masterPassword);
> < initializeNSSCertDB(config, masterPassword);
> < addCertToAsadminKeystore(config);
> ---
> > if("true".equals(System.getProperty(JKS_DB_PROPERTY))) {
> > super.createSSLCertificateDatabase(config,
> masterPassword);
> > } else {
> > createNSSCertDB(config, masterPassword);
> > initializeNSSCertDB(config, masterPassword);
> > addCertToAsadminKeystore(config);
> > }
> 213c217
> <
> ---
> >
> 464,468c468,476
> < try {
> < String dbdir =
> layout.getNSSCertDBFile().getParentFile().getAbsolutePath();
> < NssStore store = NssStore.getInstance(dbdir, false,
> oldPassword);
> < store.changePassword(oldPassword, newPassword);cvs diff
> ./src/java/com/sun/enterprise/ee/synchronization/BaseSynchroniz
> < NssStore.closeInstance();
> ---
> > try {
> > if("true".equals(System.getProperty(JKS_DB_PROPERTY))) {
> > super.changeSSLCertificateDatabasePassword(config,
> oldPassword, newPassword);
> > } else {
> > String dbdir =
> layout.getNSSCertDBFile().getParentFile().getAbsolutePath();
> > NssStore store = NssStore.getInstance(dbdir, false,
> oldPassword);
> > store.changePassword(oldPassword, newPassword);
> > NssStore.closeInstance();
> > }
> 505c513
> <
> ---
> >
> 508a517,521
> > //return if we are using JKS. Extra password options not
> applicable
> > //in this case.
> > if("true".equals(System.getProperty(JKS_DB_PROPERTY))) {
> > return null;
> > }
> 519a533,535
> >
> > //Property to determine whether we are using JKS.
> > public static final String JKS_DB_PROPERTY =
> "com.sun.enterprise.security.jks";
>
>
>
> Index: synchronization/dtds/na-startup-meta-data.xml
> ===================================================================
> RCS file:
> /cvs/glassfish/admin-ee/synchronization/dtds/na-startup-meta-data.xml,v
> retrieving revision 1.1.1.1
> diff -r1.1.1.1 na-startup-meta-data.xml
> 36a37,39
> >
> > <mapping source="${com.sun.aas.instanceRoot}/config/cacerts.jks"
> destination="config" basedir="${com.sun.aas.instanceRoot}/"
> timestamp-type="modification-time"
> dest-timestamp-file="${com.sun.aas.instanceRoot}/config/.cacerts.jks.timestamp"/>
> > <mapping source="${com.sun.aas.instanceRoot}/config/keystore.jks"
> destination="config" basedir="${com.sun.aas.instanceRoot}/"
> timestamp-type="modification-time"
> dest-timestamp-file="${com.sun.aas.instanceRoot}/config/.keystore.jks.timestamp"/>
>
>
>
> Index:
> synchronization/src/java/com/sun/enterprise/ee/synchronization/BaseSynchronizationDriver.java
> ===================================================================
> RCS file:
> /cvs/glassfish/admin-ee/synchronization/src/java/com/sun/enterprise/ee/synchronization/BaseSynchronizationDriver.java,v
> retrieving revision 1.2
> diff -r1.2 BaseSynchronizationDriver.java
> 25a26
> > import java.io.File;
> 179a181,190
> > }
> >
> > String configDir =
> System.getProperty("com.sun.aas.instanceRoot") +
> > File.separator + "config";
> > java.io.File nssFile = new File(configDir,
> "key3.db");
> > if (!nssFile.exists()) {
> > if (System.getProperty("javax.net.ssl.keyStore")
> == null) {
> > System.setProperty("javax.net.ssl.keyStore",
> configDir +
> > File.separator + "keystore.jks");
> > }
>
>
>
> Index: src/java/com/sun/enterprise/admin/server/core/AdminService.java
> ===================================================================
> RCS file:
> /cvs/glassfish/appserv-core/src/java/com/sun/enterprise/admin/server/core/AdminService.java,v
> retrieving revision 1.13
> diff -r1.13 AdminService.java
> 287a288,290
> >
> > //initialize JKS properties.
> > setupJKS();
> 299a303,316
> >
> > private void setupJKS() {
> > String configDir =
> System.getProperty("com.sun.aas.instanceRoot") +
> > File.separator + "config";
> > java.io.File nssFile = new File(configDir, "key3.db");
> > if (!nssFile.exists()) {
> > if (System.getProperty("javax.net.ssl.keyStore") ==
> null) {
> > System.setProperty("javax.net.ssl.keyStore",
> configDir +
> > File.separator + "keystore.jks");
> > System.setProperty("javax.net.ssl.trustStore",
> configDir +
> > File.separator + "cacerts.jks");
> > }
> > }
> > }
>
>
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Description:
> This is the temporary change for milestone 2 till we have profiles
> implementation available.Here we are trying to do minimum code change
> to provide JKS support in Glassfish V2/PE. We are adding a new
> property(-Dcom.sun.enterprise.security.jks=true) to asadmin script in
> case of Glassfish PE. During domain creation Admin code will use this
> property to determine whether to initialize JKS or NSS. Elsewhere,
> during Node Agent/Server startup time, code behavior is based on what
> store (created previously during initialization) is available.
>
> Thanks
> Rajeshwar
>
>
>
Thanks,
Nandini