Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 264858

Summary: [dstore] OpenRSE always picks the first trusted certificate
Product: [Tools] Target Management Reporter: Onno Van den Troost <onno>
Component: RSEAssignee: David McKnight <dmcknigh>
Status: RESOLVED FIXED QA Contact: Martin Oberhuber <mober.at+eclipse>
Severity: normal    
Priority: P2 CC: dmcknigh
Version: unspecified   
Target Milestone: 3.1 M7   
Hardware: Other   
OS: other   
Whiteboard:
Bug Depends on:    
Bug Blocks: 315333    
Attachments:
Description Flags
patch for allowing certificate selection via system property none

Description Onno Van den Troost CLA 2009-02-13 10:39:57 EST 
While writing documentation on using SSL with OpenRSE (z/OS side of Rational Developer for System z), I realized that we do not specify which certificate must be retrieved from the KeyStore to authenticate the host.
Java development told me that KeyStores don't have a 'default certificate' concept, and thus specifying a certificate alias is mandatory for the getCertificate etc functions.
David showed me the code of the checkTrusted function, where OpenRSE loops through a list of certificates and picks the first one that's trusted.

This is fine as long as there's only one valid certificate in the KeyStore, but it fails if there are more, and we don't need the first one.

I would like to see the Certificate related code changed so that the user can specify which certificate to use. If not specified, we can fall back on the current mechanism.
Comment 1 David McKnight CLA 2009-04-24 11:33:43 EDT 
Created attachment 133137 [details]
patch for allowing certificate selection via system property

Use the -DDSTORE_DEFAULT_CERTIFICATE_ALIAS=<alias> in the java script lines on the server side to specify a certificate alias.  Onno, could you try this out to see if this works for you?
Comment 2 David McKnight CLA 2009-04-28 16:28:25 EDT 
I've committed the change to cvs.