[jboss-user] [JBoss Remoting] - Encrypt SSL KeyStorePassword in remoting-sslbisocket-service.xml

Nikos Massios do-not-reply at jboss.com
Fri Dec 17 05:34:14 EST 2010 

Nikos Massios [http://community.jboss.org/people/massios] created the discussion

"Encrypt SSL KeyStorePassword in remoting-sslbisocket-service.xml"

To view the discussion, visit: http://community.jboss.org/message/576595#576595

--------------------------------------------------------------
Hello,

I am using jboss 5.1 GA.

I would like to encrypt the ssl keystore password in the remoting-sslbisocket-service.xml of jboss messaging. This xml contains the following mbean configuration. This xml of jboss messaging is using the org.jboss.remoting.securirity.SSLSocketBuilder mbean of jboss remoting. From what I can see here  http://docs.jboss.org/jbosasremoting/docs/api/org/jboss/remoting/security/SSLSocketBuilder.html http://docs.jboss.org/jbosasremoting/docs/api/org/jboss/remoting/security/SSLSocketBuilder.html there is no way to encrypt the keystore, trustsore passwords. Am I correct? Has anyone tried extending the SSLSocketBuilder class to provide such functionality? I am considering doing this myself.

Thanks,

Nikos.


mbean  code=org.jboss.remoting.security.SSLSocketBuilder name=jboss.messaging:service=SocketBuilder,type=SSL display-name=SSL  Server Socket Factory Builder>

- <!--
           IMPORTANT - If making ANY customizations, this MUST be set to false.
           Otherwise, will used default settings and the following attributes will be ignored.
      

  -->


  <attribute name="UseSSLServerSocketFactory">false</attribute>



- <!--
 This is the url string to the key store to use 

  -->


  <attribute name="KeyStoreURL">${jboss.server.home.url}/conf/ssl/server.keystore</attribute>



- <!--
 The password for the key store 

  -->


  <attribute name="KeyStorePassword">MY_PASSWORD_IS_HERE</attribute>



- <!--
 The password for the keys (will use KeystorePassword if this is not set explicitly. 

  -->

- <!--
          <attribute name="KeyPassword">secureexample</attribute>

  -->

- <!--
 The protocol for the SSLContext. Default is TLS. 

  -->


  <attribute name="SecureSocketProtocol">TLS</attribute>



- <!--
 The algorithm for the key manager factory.  Default is SunX509. 

  -->


  <attribute name="KeyStoreAlgorithm">SunX509</attribute>



- <!--
           The type to be used for the key store.
           Defaults to JKS. Some acceptable values are JKS (Java Keystore - Sun's keystore format),
           JCEKS (Java Cryptography Extension keystore - More secure version of JKS), and
           PKCS12 (Public-Key Cryptography Standards #12 keystore - RSA's Personal Information
           Exchange Syntax Standard). These are not case sensitive.
      

  -->


  <attribute name="KeyStoreType">JKS</attribute>



  </mbean>




<
--------------------------------------------------------------

Reply to this message by going to Community
[http://community.jboss.org/message/576595#576595]

Start a new discussion in JBoss Remoting at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2050]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20101217/c425e47f/attachment.html

More information about the jboss-user mailing list