Sealer alias case sensitivity
Brent Putman
putmanb at georgetown.edu
Tue Dec 8 12:41:05 EST 2015
On 12/8/15 9:49 AM, Cantor, Scott wrote:
> On 12/8/15, 12:52 AM, "users on behalf of Yavor Yanakiev" <users-bounces at shibboleth.net on behalf of yavor at nyu.edu> wrote:
>
>
>
>> The seckeygen.sh utility
>> changes upercase characters in the alias name to lowercase without any warning, if you want to use a custom alias with capital letters.
> If anything's doing that, it's probably Java. We're not doing anything but trimming it.
It is Java. From the KeyStore Javadocs:
>> Whether aliases are case sensitive is implementation dependent. In
>> order to avoid problems, it is recommended not to use aliases in a
>> KeyStore that only differ in case.
>>
>
I know from personal experience, and confirmed by googling, that
Oracle's standard (non-SecretKey) impl (type "JKS" from the SUN
provider) is case-insensitive, and always lowercases the alias that you
give it. I would assume it's the same for the "JCEKS" type used here
for SecretKey support. ******************* Addendum: New to me, I did
just discover that they purportedly have a different impl (type
"CaseExactJKS") that supports case-sensitive aliases. [1] I have not
tried it. That probably does not provide the "JCEKS" and SecretKey
support needed here though. Maybe they have a corresponding
"CaseExactJCEKS" or something, but I think you'd have to consistently
configure that type everywhere in the system. I doubt it would be
worth the trouble. [1]
https://blogs.oracle.com/xuelei/entry/keystore_alias_case_sensitive_or
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20151208/3920108f/attachment.html>
More information about the users
mailing list