[wildfly-dev] Support for PKCS12 keystores in Security Realms

Jason T. Greene jgreene at redhat.com
Wed Mar 19 21:32:25 EDT 2014 

Since this change looks minor, and it comes from a community member I am inclined to allow into 8.0.1.

How bad is the conflict for the other change you are referring to Darran?

> On Mar 19, 2014, at 5:43 PM, Marek Żupnik <marek.zupnik at gmail.com> wrote:
> 
> Hi,
> 
> Darran, I understand your point of view, but stable version of 9 will be not released tomorrow. Lack of pkcs12 support in 8 is a major issue, not to mention that in AS 7 I was able to use this format for https private key. I think it will be useful to fix it yet in 8, even thought the code with a fix will be thrown away in 9.
> 
> I made a pull request with a fix (https://github.com/wildfly/wildfly/pull/6062). It is up to you what you do with it.
> 
> Thank you for your answers and clarifications.
> 
> Kind Regards,
> Marek Zupnik
> 
> 
> 2014-03-18 18:10 GMT+01:00 Darran Lofthouse <darran.lofthouse at jboss.com>:
>> I will have another look if I get a chance to get something into 8 but
>> in reality a related change in this area (that completely conflicts with
>> your changes) was pushed to 9 as the consensus was we did not want the
>> configuration model in this area changing before WildFLy 9.
>> 
>> On 18/03/14 16:30, Marek Żupnik wrote:
>> > Hi,
>> >
>> > Thank You Brian for your comments. I'll try to apply them to my code. I
>> > ask if I will have further questions about it.
>> >
>> > @Darran, I have a question for you. I wasn't looking into development
>> > branch so I haven't known about the changes. Is it possible that pkcs12
>> > support will be merged in Wildfly 8? If not, could my change be merged
>> > earlier? Otherwise, I'm forced to maintain my version of Wildfly untill
>> > no 9 will be released.
>> >
>> > Kind Regards,
>> > Marek Zupnik
>> >
>> >
>> > 2014-03-18 16:20 GMT+01:00 Brian Stansberry <brian.stansberry at redhat.com
>> > <mailto:brian.stansberry at redhat.com>>:
>> >
>> >     Hi Marek,
>> >
>> >     Welcome!
>> >
>> >     I'm going to make a few comments on github re: some minor details of
>> >     your commit. But please keep an eye on this list for your more general
>> >     question about whether this is how we want to go about this. I believe
>> >     Darran Lofthouse was planning some work in this area so he may have some
>> >     input.
>> >
>> >     Cheers,
>> >
>> >     --
>> >     Brian Stansberry
>> >     Senior Principal Software Engineer
>> >     JBoss by Red Hat
>> >
>> >     On 3/18/14, 8:59 AM, Marek Żupnik wrote:
>> >      > Hi,
>> >      >
>> >      > I'm Marek Zupnik. It's my first message for this list but for
>> >     some time
>> >      > I've been keeping my eyes on what's happening in wildfly development.
>> >      >
>> >      > I'm writing regarding to the issue about lack of support for PKCS12
>> >      > keystores in security realms
>> >      > (https://issues.jboss.org/browse/WFLY-2229). I wanted to migrate my
>> >      > system to Wildfly but in my case it is a blocking issue. I have
>> >     to use
>> >      > keystore in PKCS12 format in which I'm storing, among others, https
>> >      > private key.
>> >      >
>> >      > I forked Wildfly on github and made a simple fix for this issue which
>> >      > consists in additional parameter "keystore-type" for keystore
>> >      > configuration. Based on this parameter I'm able to create appropriate
>> >      > keystore type.
>> >      >
>> >      > Config sample:
>> >      > <keystore path="keystore.p12" relative-to="jboss.server.config.dir"
>> >      > keystore-password="xxx" keystore-type="PKCS12" alias="https"/>
>> >      >
>> >      > The changes are in my fork on github (keystore_type branch):
>> >      > https://github.com/mzupnik/wildfly/tree/keystore_type
>> >      >
>> >      > Before I will try to do push request, could you answer me if it is
>> >      > acceptable solution according to your architecture concept? If not,
>> >      > could you give me some tips how to resolve it in other way? I
>> >     care about
>> >      > this fix before 9. release.
>> >      >
>> >      > Kind Regards,
>> >      > Marek Zupnik
>> >      >
>> >      >
>> >      > _______________________________________________
>> >      > wildfly-dev mailing list
>> >      > wildfly-dev at lists.jboss.org <mailto:wildfly-dev at lists.jboss.org>
>> >      > https://lists.jboss.org/mailman/listinfo/wildfly-dev
>> >      >
>> >
>> >
>> >     _______________________________________________
>> >     wildfly-dev mailing list
>> >     wildfly-dev at lists.jboss.org <mailto:wildfly-dev at lists.jboss.org>
>> >     https://lists.jboss.org/mailman/listinfo/wildfly-dev
>> >
>> >
>> >
>> >
>> > _______________________________________________
>> > wildfly-dev mailing list
>> > wildfly-dev at lists.jboss.org
>> > https://lists.jboss.org/mailman/listinfo/wildfly-dev
>> >
>> _______________________________________________
>> wildfly-dev mailing list
>> wildfly-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
> 
> _______________________________________________
> wildfly-dev mailing list
> wildfly-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/wildfly-dev/attachments/20140319/389fb842/attachment.html

More information about the wildfly-dev mailing list