From 9c294a9b29704b2dd9a040ea6d0bf90b5411b075 Mon Sep 17 00:00:00 2001
From: "Eric D. Helms" <ericdhelms@gmail.com>
Date: Tue, 12 Nov 2024 10:18:05 -0500
Subject: [PATCH] Fixes #38010 - Include keyalg in keytool for OpenJDK 17

Signed-off-by: Eric D. Helms <ericdhelms@gmail.com>
(cherry picked from commit dc0f12e0e2737953780f40b857fe5920e18feb5c)
---
 lib/puppet_x/certs/provider/keystore.rb | 3 ++-
 spec/acceptance/candlepin_spec.rb       | 6 +++---
 spec/acceptance/keystore_spec.rb        | 2 +-
 spec/acceptance/truststore_spec.rb      | 6 +++---
 4 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/lib/puppet_x/certs/provider/keystore.rb b/lib/puppet_x/certs/provider/keystore.rb
index dd4437be..81da2064 100644
--- a/lib/puppet_x/certs/provider/keystore.rb
+++ b/lib/puppet_x/certs/provider/keystore.rb
@@ -53,7 +53,8 @@ def generate_keystore
               '-storepass:file', resource[:password_file],
               '-alias', temp_alias,
               '-dname', "CN=#{temp_alias}",
-              '-J-Dcom.redhat.fips=false'
+              '-J-Dcom.redhat.fips=false',
+              '-keyalg', 'RSA'
             )
           rescue Puppet::ExecutionFailure => e
             Puppet.err("Failed to generate new #{type} with temporary entry: #{e}")
diff --git a/spec/acceptance/candlepin_spec.rb b/spec/acceptance/candlepin_spec.rb
index 1c5e044a..b0ee57e1 100644
--- a/spec/acceptance/candlepin_spec.rb
+++ b/spec/acceptance/candlepin_spec.rb
@@ -37,7 +37,7 @@
           }
         }
 
-        package { 'java-11-openjdk-headless':
+        package { 'java-17-openjdk-headless':
           ensure => installed,
         }
 
@@ -234,7 +234,7 @@ class { 'certs::candlepin':
         }
       }
 
-      package { 'java-11-openjdk-headless':
+      package { 'java-17-openjdk-headless':
         ensure => installed,
       }
 
@@ -275,7 +275,7 @@ class { 'certs::candlepin':
           path    => ['/bin', '/usr/bin'],
         }
       }
-      package { 'java-11-openjdk-headless':
+      package { 'java-17-openjdk-headless':
         ensure => installed,
       }
       include certs::candlepin
diff --git a/spec/acceptance/keystore_spec.rb b/spec/acceptance/keystore_spec.rb
index 9f5195b8..f5643d6a 100644
--- a/spec/acceptance/keystore_spec.rb
+++ b/spec/acceptance/keystore_spec.rb
@@ -7,7 +7,7 @@
         <<-PUPPET
         $keystore_password_file = '/etc/pki/keystore_password-file'
 
-        package { 'java-11-openjdk-headless':
+        package { 'java-17-openjdk-headless':
           ensure => installed,
         }
 
diff --git a/spec/acceptance/truststore_spec.rb b/spec/acceptance/truststore_spec.rb
index 845fb323..24e1fc70 100644
--- a/spec/acceptance/truststore_spec.rb
+++ b/spec/acceptance/truststore_spec.rb
@@ -10,7 +10,7 @@
         <<-PUPPET
         $truststore_password_file = '/etc/pki/truststore_password-file'
 
-        package { 'java-11-openjdk-headless':
+        package { 'java-17-openjdk-headless':
           ensure => installed,
         }
 
@@ -94,7 +94,7 @@
           <<-PUPPET
           $truststore_password_file = '/etc/pki/truststore_password-file'
 
-          package { 'java-11-openjdk-headless':
+          package { 'java-17-openjdk-headless':
             ensure => installed,
           }
 
@@ -158,7 +158,7 @@
           <<-PUPPET
           $truststore_password_file = '/etc/pki/truststore_password-file'
 
-          package { 'java-11-openjdk-headless':
+          package { 'java-17-openjdk-headless':
             ensure => installed,
           }