Bug 1108307

Summary: [GSS] (6.3.1) Improve the ability to use MS Windows keystore for the web servers ssl connector
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Derek Horton <dehort>
Component: WebAssignee: Jean-frederic Clere <jclere>
Status: CLOSED CURRENTRELEASE QA Contact: Radim Hatlapatka <rhatlapa>
Severity: unspecified Docs Contact: Russell Dickenson <rdickens>
Priority: unspecified    
Version: 6.3.0CC: bbaranow, cdewolf, chaowan, ehugonne, jawilson, jcacek, jcechace, jclere, myarboro, smumford, tcerar
Target Milestone: CR1Keywords: Triaged
Target Release: EAP 6.3.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1108310 (view as bug list) Environment:
Last Closed: 2014-10-13 18:39:33 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1108310    
Bug Blocks: 1102082, 1131814    
Attachments:
Description Flags
Proposed patch none

Description Derek Horton 2014-06-11 17:04:42 UTC 
Description of problem:
It is possible to configure the web ssl connector to use the Windows certificate keystore (access provided by the SunMSCAPI provider). However, the JSSESocketFactory checks for a keystore file. This check should likely be skipped when the connector is configured to use the Windows keystore.

Here is what the configuration looks like:
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
<ssl name="https" 
key-alias="jbossweb" 
keystore-type="Windows-MY"
protocol="TLSv1"
</connector>

This results in an error like this:
13:54:01,821 ERROR [org.apache.coyote.http11] (MSC service thread 1-5) JBWEB003043: Error initializing endpoint: java.io.FileNotFoundException: C:\Users\imauser\.keystore (The system cannot find the file specified)

You can work around this issue by creating this keystore (C:\Users\imauser\.keystore).

More info on using the Windows keystores can be found here:
http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunMSCAPI
http://www.oracle.com/technetwork/articles/javase/security-137537.html
Comment 1 JBoss JIRA Server 2014-06-18 16:11:18 UTC 
Emmanuel Hugonnet <ehugonne> updated the status of jira WFLY-3483 to Resolved
Comment 2 Emmanuel Hugonnet (ehsavoie) 2014-06-19 09:54:10 UTC 
Created attachment 910317 [details]
Proposed patch

Simple patch that will not define a keystoreFile if we are using the Windows-MY or Windows-ROOT JSSE provider.
Comment 5 Jean-frederic Clere 2014-08-19 14:20:56 UTC 
Fixed in jbossweb-7.5.x by r2488
Comment 8 Jakub Cechacek 2014-09-01 08:17:23 UTC 
Verified 6.3.1.CP.CR1