[wildfly-dev] Support for PKCS12 keystores in Security Realms

Darran Lofthouse darran.lofthouse at jboss.com
Thu Mar 20 07:18:27 EDT 2014 

I am just tagging a JBoss Negotiation release then I will switch to 
getting this backported.

Once backported it may be easier if we just delete the commit from 
Kabir's branch when he rebases.

 From this point forward can we please push less to WildFly 9? ;-)  I 
already lost time as I started to work on this for 8 and was then 
diverted by other engineers to push it to 9, I am now going to spend 
time pulling it back to 8!

Regards,
Darran Lofthouse.


On 20/03/14 02:31, Brian Stansberry wrote:
> It's very similar to the existing commit for WF9/EAP6.3 [1], so if we
> want the feature in 8.0.1 we should just merge the open PR to bump the
> core schema versions[2] and then backport that commit.
>
> [1]
> https://github.com/kabir/wildfly/commit/3f22fcfa81975bf9951003889c4d4af1d2dbd319
>
> [2] https://github.com/wildfly/wildfly/pull/5913
>
> On 3/19/14, 8:32 PM, Jason T. Greene wrote:
>> Since this change looks minor, and it comes from a community member I am
>> inclined to allow into 8.0.1.
>>
>> How bad is the conflict for the other change you are referring to Darran?
>>
>> On Mar 19, 2014, at 5:43 PM, Marek Żupnik <marek.zupnik at gmail.com
>> <mailto:marek.zupnik at gmail.com>> wrote:
>>
>>> Hi,
>>>
>>> Darran, I understand your point of view, but stable version of 9 will
>>> be not released tomorrow. Lack of pkcs12 support in 8 is a major
>>> issue, not to mention that in AS 7 I was able to use this format for
>>> https private key. I think it will be useful to fix it yet in 8, even
>>> thought the code with a fix will be thrown away in 9.
>>>
>>> I made a pull request with a fix
>>> (https://github.com/wildfly/wildfly/pull/6062). It is up to you what
>>> you do with it.
>>>
>>> Thank you for your answers and clarifications.
>>>
>>> Kind Regards,
>>> Marek Zupnik
>>>
>>>
>>> 2014-03-18 18:10 GMT+01:00 Darran Lofthouse
>>> <darran.lofthouse at jboss.com <mailto:darran.lofthouse at jboss.com>>:
>>>
>>>      I will have another look if I get a chance to get something into 8 but
>>>      in reality a related change in this area (that completely
>>>      conflicts with
>>>      your changes) was pushed to 9 as the consensus was we did not want the
>>>      configuration model in this area changing before WildFLy 9.
>>>
>>>      On 18/03/14 16:30, Marek Żupnik wrote:
>>>      > Hi,
>>>      >
>>>      > Thank You Brian for your comments. I'll try to apply them to my
>>>      code. I
>>>      > ask if I will have further questions about it.
>>>      >
>>>      > @Darran, I have a question for you. I wasn't looking into
>>>      development
>>>      > branch so I haven't known about the changes. Is it possible that
>>>      pkcs12
>>>      > support will be merged in Wildfly 8? If not, could my change be
>>>      merged
>>>      > earlier? Otherwise, I'm forced to maintain my version of Wildfly
>>>      untill
>>>      > no 9 will be released.
>>>      >
>>>      > Kind Regards,
>>>      > Marek Zupnik
>>>      >
>>>      >
>>>      > 2014-03-18 16:20 GMT+01:00 Brian Stansberry
>>>      <brian.stansberry at redhat.com <mailto:brian.stansberry at redhat.com>
>>>      > <mailto:brian.stansberry at redhat.com
>>>      <mailto:brian.stansberry at redhat.com>>>:
>>>      >
>>>      >     Hi Marek,
>>>      >
>>>      >     Welcome!
>>>      >
>>>      >     I'm going to make a few comments on github re: some minor
>>>      details of
>>>      >     your commit. But please keep an eye on this list for your
>>>      more general
>>>      >     question about whether this is how we want to go about this.
>>>      I believe
>>>      >     Darran Lofthouse was planning some work in this area so he
>>>      may have some
>>>      >     input.
>>>      >
>>>      >     Cheers,
>>>      >
>>>      >     --
>>>      >     Brian Stansberry
>>>      >     Senior Principal Software Engineer
>>>      >     JBoss by Red Hat
>>>      >
>>>      >     On 3/18/14, 8:59 AM, Marek Żupnik wrote:
>>>      >      > Hi,
>>>      >      >
>>>      >      > I'm Marek Zupnik. It's my first message for this list but for
>>>      >     some time
>>>      >      > I've been keeping my eyes on what's happening in wildfly
>>>      development.
>>>      >      >
>>>      >      > I'm writing regarding to the issue about lack of support
>>>      for PKCS12
>>>      >      > keystores in security realms
>>>      >      > (https://issues.jboss.org/browse/WFLY-2229). I wanted to
>>>      migrate my
>>>      >      > system to Wildfly but in my case it is a blocking issue.
>>>      I have
>>>      >     to use
>>>      >      > keystore in PKCS12 format in which I'm storing, among
>>>      others, https
>>>      >      > private key.
>>>      >      >
>>>      >      > I forked Wildfly on github and made a simple fix for this
>>>      issue which
>>>      >      > consists in additional parameter "keystore-type" for keystore
>>>      >      > configuration. Based on this parameter I'm able to create
>>>      appropriate
>>>      >      > keystore type.
>>>      >      >
>>>      >      > Config sample:
>>>      >      > <keystore path="keystore.p12"
>>>      relative-to="jboss.server.config.dir"
>>>      >      > keystore-password="xxx" keystore-type="PKCS12"
>>>      alias="https"/>
>>>      >      >
>>>      >      > The changes are in my fork on github (keystore_type branch):
>>>      >      > https://github.com/mzupnik/wildfly/tree/keystore_type
>>>      >      >
>>>      >      > Before I will try to do push request, could you answer me
>>>      if it is
>>>      >      > acceptable solution according to your architecture
>>>      concept? If not,
>>>      >      > could you give me some tips how to resolve it in other way? I
>>>      >     care about
>>>      >      > this fix before 9. release.
>>>      >      >
>>>      >      > Kind Regards,
>>>      >      > Marek Zupnik
>>>      >      >
>>>      >      >
>>>      >      > _______________________________________________
>>>      >      > wildfly-dev mailing list
>>>      >      > wildfly-dev at lists.jboss.org
>>>      <mailto:wildfly-dev at lists.jboss.org>
>>>      <mailto:wildfly-dev at lists.jboss.org
>>>      <mailto:wildfly-dev at lists.jboss.org>>
>>>      >      > https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>      >      >
>>>      >
>>>      >
>>>      >     _______________________________________________
>>>      >     wildfly-dev mailing list
>>>      > wildfly-dev at lists.jboss.org <mailto:wildfly-dev at lists.jboss.org>
>>>      <mailto:wildfly-dev at lists.jboss.org
>>>      <mailto:wildfly-dev at lists.jboss.org>>
>>>      > https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>      >
>>>      >
>>>      >
>>>      >
>>>      > _______________________________________________
>>>      > wildfly-dev mailing list
>>>      > wildfly-dev at lists.jboss.org <mailto:wildfly-dev at lists.jboss.org>
>>>      > https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>      >
>>>      _______________________________________________
>>>      wildfly-dev mailing list
>>>      wildfly-dev at lists.jboss.org <mailto:wildfly-dev at lists.jboss.org>
>>>      https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>
>>>
>>> _______________________________________________
>>> wildfly-dev mailing list
>>> wildfly-dev at lists.jboss.org <mailto:wildfly-dev at lists.jboss.org>
>>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>
>>
>> _______________________________________________
>> wildfly-dev mailing list
>> wildfly-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>
>
>

More information about the wildfly-dev mailing list