Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add wolfJCE WKS KeyStore Support #178

Merged
merged 5 commits into from
Jul 19, 2024

Conversation

cconlon
Copy link
Member

@cconlon cconlon commented Mar 15, 2024

This PR adds support for using wolfJCE's WKS KeyStore type, which is in review on wolfcrypt-jni here (wolfSSL/wolfcrypt-jni#67). Specifically this PR:

  • Gives preference to try and load WKS KeyStore type first before falling back to try and load others (BKS, JKS, etc).
  • When auto-loading the system CA/root certificates (ex: jssecacerts, cacerts), wolfJSSE first tries to find and load a WKS equivalent file at the same location (ex: jssecacerts.wks, cacerts.wks)
  • New Security property added (wolfjsse.keystore.type.required) which can be used to restrict use of KeyStore type to the one set in this property. This can be used for example to help conform to wolfCrypt FIPS 140-2/3 crypto usage by setting to "WKS" when wolfJCE is also used and installed on the system.
  • Updates JSSE provider example ClientJSSE.java and ServerJSSE.java with new option to specify the KeyStore type (-ksformat)
  • Add new option to example JSSE ClientJSSE.java to try and load system root/CA certs rather than using the provided KeyStore file (-sysca)
  • Refactors WolfSSLKeyManager.java and WolfSSLTrustManager.java around attempting to find and load system root/CA certs, making it easier to maintain in the future and adding support for WKS type stores.
  • Adds a script to convert example JKS files to wolfJCE WKS format (examples/provider/convert-to-wks.sh)
  • Refactor X509Certificate.getPublicKey() to use JCE classes to generate PublicKey, fixes edge test case when wolfJCE is installed alongside wolfJSSE.

@cconlon cconlon self-assigned this Mar 15, 2024
@cconlon cconlon force-pushed the wksKeyStoreSupport branch from aa8595c to 6208c6d Compare July 3, 2024 22:15
@cconlon cconlon assigned JacobBarthelmeh and unassigned cconlon Jul 10, 2024
@JacobBarthelmeh
Copy link
Contributor

Looks like this picked up a minor merge conflict. Please take a look at resolving it @cconlon

@cconlon
Copy link
Member Author

cconlon commented Jul 15, 2024

@JacobBarthelmeh Thanks, merge conflicts should be resolved.

@cconlon cconlon assigned JacobBarthelmeh and unassigned cconlon Jul 16, 2024
@JacobBarthelmeh JacobBarthelmeh merged commit fba6fc7 into wolfSSL:master Jul 19, 2024
35 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants