[jboss-user] [Security & JAAS/JBoss] - Re: Encrypt KeyStore-Password in a Tomcat-Connetctor for 4.2

yashendrac do-not-reply at jboss.com
Mon Jun 1 09:59:36 EDT 2009


Andre,
I confirmed that it is broken in JBoss5.0.1, I am not sure since when it is broken but it was working on JBoss4.2.1. I also confirmed that it is fixed in JBoss5.1.0

I checked the source code for following classes under jbosswe.jar and jbossweb-service.jar

1.org.jboss.net.ssl.JBossImplementation.java

2.org.jboss.net.ssl.JBossSocketFactory.java  

3.org.apache.tomcat.util.net.jsse.JSSESocketFactory

JBossSocketFactory overrides following methods from tomcat's 
JSSESocketFactory

protected TrustManager[] getTrustManagers(String keystoreType, String algorithm)
  | protected KeyManager[] getKeyManagers(String keystoreType, String algorithm,
  |       String keyAlias)
  | 

But in tomcat JSSESocketFactory under JBoss5.0.1, method signatures are changed by adding additional String parameter String keystoreProvider. 
So methods are changed to following in tomcat JSSESocketFactory 

protected TrustManager[] getTrustManagers(String keystoreType,
  |             String keystoreProvider, String algorithm)
  | protected KeyManager[] getKeyManagers(String keystoreType,
  |                                           String keystoreProvider,
  |                                           String algorithm,
  |                                           String keyAlias)
  | 

So JBossSocketFactory was not overriding these methods anymore and despite providing SSLImplementation="org.jboss.net.ssl.JBossImplementation" these two methods from JSSESocketFactory were invoked in place of JBossSocketFactory.

This is fixed in JBoss5.1.0

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4234480#4234480

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4234480



More information about the jboss-user mailing list