View Issue Details

Related ChangesetsJump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0004627SymmetricDSBugpublic2020-11-05 08:362020-11-09 15:31
Reporterpyotrk Assigned Topmarzullo  
Priorityurgent 
Status closedResolutionfixed 
Product Version3.12.3 
Target Version3.12.5Fixed in Version3.12.5 
Summary0004627: Hardcoded KeyManagerFactory algorithm (sunX509). Symmetric doesn't work for IBM JRE
DescriptionSecurityService.getKeyManagerFactory() only supports hardcoded SunX509 algorithm. IBM JRE default algorithm is ibmX509.

@Override
    public KeyManagerFactory getKeyManagerFactory() {
        KeyManagerFactory keyManagerFactory;
        try {
            keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
            keyManagerFactory.init(getKeyStore(), getKeyStorePassword().toCharArray());
        } catch (RuntimeException e) {
            throw e;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
        
        return keyManagerFactory;
    }

I think the best option will be to change it to the default algorithm basing on the installed JRE, e.g.
keyManagerFactory = KeyManagerFactory.getDefaultAlgorithm();

getDefaultAlgorithm() returns ssl.KeyManagerFactory.algorithm value that is defined in $JAVA_HOME/lib/security/java.security
TagsNo tags attached.

Activities

pmarzullo

2020-11-06 16:27

developer   ~0001825

Decided to add the ability to specify as a system property the algorithm to pass to the KeyManagerFactory.getInstance(String algorithm) method, but default to "SunX509" if not specified.

To specify a different algorithm, add the following command line argument (in sym_service.conf or setenv):
-Dsym.key.manager.factory.algorithm=IbmX509

pmarzullo

2020-11-06 20:03

developer   ~0001826

Changed my mind again. Decided to default to the KeyManagerFactory.getDefaultAlgorithm() if system property is not set, instead of hard coding SunX509.

Related Changesets

SymmetricDS: 3.12 df963fa6

2020-11-06 16:28:09

pmarzullo

Details Diff 		0004627: Hardcoded KeyManagerFactory algorithm (sunX509). Symmetric
doesn't work for IBM JRE		 Affected Issues
0004627
mod - symmetric-util/src/main/java/org/jumpmind/security/SecurityConstants.java Diff File
mod - symmetric-util/src/main/java/org/jumpmind/security/SecurityService.java Diff File

SymmetricDS: 3.12 dede45ae

2020-11-06 20:06:18

pmarzullo

Details Diff 		0004627: Hardcoded KeyManagerFactory algorithm (sunX509). Symmetric
doesn't work for IBM JRE		 Affected Issues
0004627
mod - symmetric-util/src/main/java/org/jumpmind/security/SecurityService.java Diff File

Issue History

Date Modified Username Field Change
2020-11-05 08:36 pyotrk New Issue
2020-11-06 16:27 pmarzullo Note Added: 0001825
2020-11-06 16:29 pmarzullo Assigned To => pmarzullo
2020-11-06 16:29 pmarzullo Status new => resolved
2020-11-06 16:29 pmarzullo Resolution open => fixed
2020-11-06 16:29 pmarzullo Fixed in Version => 3.12.5
2020-11-06 17:00 pmarzullo Changeset attached => SymmetricDS 3.12 df963fa6
2020-11-06 20:03 pmarzullo Note Added: 0001826
2020-11-06 21:00 pmarzullo Changeset attached => SymmetricDS 3.12 dede45ae
2020-11-09 15:31 admin Status resolved => closed