[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wss4j-dev
Subject:    Bug in AbstractCrypto; hardcoded loading of default java truststore
From:       Olve Hansen <olvesh () gmail ! com>
Date:       2008-11-28 19:52:09
Message-ID: 20739755.post () talk ! nabble ! com
[Download RAW message or body]


In the class AbstractCrypto I discovered something that could qualify
as a bug when loading the truststore. It seems there is no way to
overload the truststore, i..e. it is always hardcoded to the path:
String cacertsPath = System.getProperty("java.home") +
"/lib/security/cacerts";

So if a system has a specialized way of handlign trust-stores, you
will run into problems. I am currently developing a system to be
deployed on Websphere, which does exactly this.

Other systems honor the javax.net.ssl.trustStore and
javax.net.ssl.trustStorePassword properties, but I find that wss4j
does not...

Should I file a Jira issue, (and possibly a patch) for this? I see
also that it is possible to change the cacerts truststore password
with the property
"org.apache.ws.security.crypto.merlin.cacerts.password". What is the
point of changing the password used to unlock the store, when it is
always hardcoded to the default store (just in case I missed
something)?

Regards,
--
 \ Olve S. Hansen
 \ mailto:olvesh@gmail.com
-- 
View this message in context: \
http://www.nabble.com/Bug-in-AbstractCrypto--hardcoded-loading-of-default-java-truststore-tp20739755p20739755.html
 Sent from the WSS4J mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]