asadmin to import plain PKCS#8 RSA keypairs into the java keystore #2599
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ing the JAVA api directly (not via keytool). Don't allow empty or short key and/or keystore passwords. Methods to enfore glassfish convention of keys using the same passwords as the keystore.
|
thanks I will try and review soon |
smillidge
requested changes
Apr 7, 2018
| import java.security.cert.CertificateFactory; | ||
| import java.security.spec.InvalidKeySpecException; | ||
| import java.security.spec.PKCS8EncodedKeySpec; | ||
| import java.util.Base64; |
There was a problem hiding this comment.
This is a JDK8 only class. This is OK for Payara 5 branch but not for Payara 4
There was a problem hiding this comment.
Good point. So should we make this backportable to Payara 4 too? Which class would you suggest to use for decoding?
There was a problem hiding this comment.
BTW: com.sun.enterprise.v3.admin.AdminAdapter is using this class too, so I thought it's ok.
| return Base64.getDecoder().decode(base64KeyData); | ||
| } | ||
|
|
||
| public Collection<? extends Certificate> readPemCertificateChain ( File pemFile ) throws KeyStoreException { |
|
jenkins test please |
|
Quick build and test passed! |
|
jenkins test please |
lprimak
changed the title
|
jenkins test please |
smillidge
approved these changes
Apr 13, 2018
|
Quick build and test passed! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
ASADMIN command to import unencrypted PKCS8 RSA keypairs into JAVA keystores using the api directly (not via keytool). Such keys and certificates are produced by LETSEncrypt.
Don't allow empty or short key and/or keystore passwords.
Added convenience methods to enforce glassfish convention of keys using the same passwords as the keystore.
A couple of considerations:
keyStoreType, but as of https://bugs.openjdk.java.net/browse/JDK-8062552 it could be omitted and presume "JKS" as it works both for PKCS12 and JKS keystores - there's a relevant test for it.