Project

General

Profile

Statistics
| Branch: | Tag: | Revision:

puppet-certs/lib/puppet_x/certs/provider @ b9667a02

Name Size
keystore.rb 2.09 KB

Latest revisions

# Date Author Comment
b9667a02 04/25/2024 08:48 AM Evgeni Golov

Fixes #37384 - properly pass fips=false when checking keystore

In a FIPS-enabled environment, calling `keytool -list` with a wrong
password doesn't yield an error, unless we also pass `fips=false` like
we do when creating the keystore:

  1. keytool -list -keystore ./store -storepass wrong-password...
b0451d19 10/05/2023 05:07 PM Ewoud Kohl van Wijngaarden

Handle more unknown password errors

When using keytool on a truststore the error is different than on a
keystore.

Fixes: 6fea0bbb4143ca439cff01bf9f0e54cf88140d10 ("Support changing passwords on keystores & truststores")
6fea0bbb 10/04/2023 05:36 PM Ewoud Kohl van Wijngaarden

Support changing passwords on keystores & truststores

Opening the store when checking if it exists will raise an exception if
the password is incorrect. This takes an approach of catching all
exceptions and treating them all the same.
8e24fd5d 06/02/2023 04:07 AM Andrew Teixeira

Fix bad requires and old Puppet_X notation
a48d1da3 03/14/2022 12:48 PM Eric Helms

Fixes #34598: Disable fips for keytool

Starting with EL 8, the Java stack has FIPS support built in. This
causes the keytool utility to break on FIPS enabled machines. To solve this,
and achieve EL7-like comptability for FIPS, FIPS is disabled during the keytool...
b73ebec1 05/27/2021 08:32 PM Eric Helms

Fixes #32637: Add truststore type and provider

Refactors the keystore provider code into a common module within
the Puppet_X namespace that is re-used by the truststore. The mechanics
behind a truststore and keystore are very similar with a truststore
only containing public certificates while a keystore manages private...

View revisions

Also available in: Atom