Closed ylemoigne closed 4 years ago
vietj
commented
4 years ago can you point out where this is the default ? this JEP says that now PKCS12 is the new default https://openjdk.java.net/jeps/229 , so it's not clear to me whether it's useful to support JCEKS in practice.
ylemoigne
commented
4 years ago You're right. I read it somewhere while playing with vertx and clustering, and trusted the doc, but it's not the default. (But I can't find where I read it)
Anyway, it's still usefull as some api require JKS and other JCEKS and it's painfull to maintain 2 keystore (for use case where you want to share some keys).
And it would be more consistent inside vertx as the JWT auth doc use jceks.
This said, if you think it's not very usefull, I can live with it. My precise usecase is : "The ops who manage the app in prod have some difficulties to remember distinct procedure to generate the store with the right format depending on the usage and don't like reading the doc to remember".
vietj
commented
4 years ago I think we could have the option code provide the KeyStore so one could provide its own option to do that ?
ylemoigne
commented
4 years ago Yes good idea. It's more open/flexible.
pmlopes
commented
4 years ago @ylemoigne vertx auth keystores have been refactored for 4.0, it now allows any kind of keystore and defaults to the JDK default one (not necessarily JCEKS)
Version
Not present in 3.8.5
Context
JCEKS is now the default format for java keytool. Adding support for it in
io.vertx.core.net.impl.KeyStoreHelperwill avoid keystore file proliferation.