diff --git a/jaas/blueprint/config/src/main/java/org/apache/karaf/jaas/blueprint/config/impl/NamespaceHandler.java b/jaas/blueprint/config/src/main/java/org/apache/karaf/jaas/blueprint/config/impl/NamespaceHandler.java
index 78681b3716e..06ac17896e1 100644
--- a/jaas/blueprint/config/src/main/java/org/apache/karaf/jaas/blueprint/config/impl/NamespaceHandler.java
+++ b/jaas/blueprint/config/src/main/java/org/apache/karaf/jaas/blueprint/config/impl/NamespaceHandler.java
@@ -53,6 +53,8 @@ public URL getSchemaLocation(String namespace) {
return getClass().getResource("/org/apache/karaf/jaas/blueprint/config/karaf-jaas-1.0.0.xsd");
case "http://karaf.apache.org/xmlns/jaas/v1.1.0":
return getClass().getResource("/org/apache/karaf/jaas/blueprint/config/karaf-jaas-1.1.0.xsd");
+ case "http://karaf.apache.org/xmlns/jaas/v1.2.0":
+ return getClass().getResource("/org/apache/karaf/jaas/blueprint/config/karaf-jaas-1.2.0.xsd");
default:
return null;
}
@@ -131,6 +133,13 @@ public ComponentMetadata parseKeystore(Element element, ParserContext context) {
if (rank != null && rank.length() > 0) {
bean.addProperty("rank", createValue(context, rank));
}
+
+ // Parse type
+ String type = element.getAttribute("type");
+ if (type != null && type.length() > 0) {
+ bean.addProperty("type", createValue(context, type));
+ }
+
// Parse path
String path = element.getAttribute("path");
if (path != null && path.length() > 0) {
diff --git a/jaas/blueprint/config/src/main/resources/OSGI-INF/blueprint/karaf-jaas.xml b/jaas/blueprint/config/src/main/resources/OSGI-INF/blueprint/karaf-jaas.xml
index b6050068e60..d57e94dc41c 100644
--- a/jaas/blueprint/config/src/main/resources/OSGI-INF/blueprint/karaf-jaas.xml
+++ b/jaas/blueprint/config/src/main/resources/OSGI-INF/blueprint/karaf-jaas.xml
@@ -33,4 +33,10 @@
+
+
+
+
+
+
diff --git a/jaas/blueprint/config/src/main/resources/org/apache/karaf/jaas/blueprint/config/karaf-jaas-1.2.0.xsd b/jaas/blueprint/config/src/main/resources/org/apache/karaf/jaas/blueprint/config/karaf-jaas-1.2.0.xsd
new file mode 100644
index 00000000000..0e95b34ce7b
--- /dev/null
+++ b/jaas/blueprint/config/src/main/resources/org/apache/karaf/jaas/blueprint/config/karaf-jaas-1.2.0.xsd
@@ -0,0 +1,64 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/jaas/config/src/main/java/org/apache/karaf/jaas/config/KeystoreInstance.java b/jaas/config/src/main/java/org/apache/karaf/jaas/config/KeystoreInstance.java
index a13a962e7a5..0d768bad4ff 100644
--- a/jaas/config/src/main/java/org/apache/karaf/jaas/config/KeystoreInstance.java
+++ b/jaas/config/src/main/java/org/apache/karaf/jaas/config/KeystoreInstance.java
@@ -35,6 +35,8 @@ public interface KeystoreInstance {
int getRank();
+ String getType();
+
String[] listTrustCertificates();
Certificate getCertificate(String alias);
diff --git a/jaas/config/src/main/java/org/apache/karaf/jaas/config/impl/ResourceKeystoreInstance.java b/jaas/config/src/main/java/org/apache/karaf/jaas/config/impl/ResourceKeystoreInstance.java
index 0d56fb5e48e..d7f74ae8b96 100644
--- a/jaas/config/src/main/java/org/apache/karaf/jaas/config/impl/ResourceKeystoreInstance.java
+++ b/jaas/config/src/main/java/org/apache/karaf/jaas/config/impl/ResourceKeystoreInstance.java
@@ -53,6 +53,7 @@ public class ResourceKeystoreInstance implements KeystoreInstance {
private static final String JKS = "JKS";
private String name;
+ private String type = JKS;
private int rank;
private URL path;
private String keystorePassword;
@@ -77,6 +78,20 @@ public void setName(String keystoreName) {
this.name = keystoreName;
}
+ /**
+ * @return the keystoreName
+ */
+ public String getType() {
+ return type;
+ }
+
+ /**
+ * @param type the keystore type to set
+ */
+ public void setType(String type) {
+ this.type = type;
+ }
+
/**
* @return the rank
*/
@@ -213,7 +228,8 @@ public TrustManager[] getTrustManager(String algorithm) throws KeyStoreException
}
public boolean isKeyLocked(String keyAlias) {
- return keyPasswords.get(keyAlias) == null;
+ // [KARAF-2117] JKS requires a password, PKCS12 does not permit a password
+ return (JKS.equals(type) && keyPasswords.get(keyAlias) == null);
}
public boolean isKeystoreLocked() {
@@ -247,7 +263,7 @@ private boolean loadKeystoreData() {
keystoreReadDate = System.currentTimeMillis();
trustCerts.clear();
if (keystore == null) {
- keystore = KeyStore.getInstance(JKS);
+ keystore = KeyStore.getInstance(getType());
}
InputStream in = new BufferedInputStream(path.openStream());
keystore.load(in, keystorePassword == null ? new char[0] : keystorePassword.toCharArray());