[JBoss JIRA] (ELY-1170) The TrustManagerFactory should use a Provider from the defined Supplier<Provider[]>
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-1170?page=com.atlassian.jira.plugin.s... ]
Darran Lofthouse commented on ELY-1170:
---------------------------------------
I don't follow the comment about sibling relations, the end result of these changes is ElytronXml has a default root provider definition, at the root of the config an alternative configuration can be defined that will apply to all children, and then all children that make use of the Providers in any way have an option to further override for their specific needs.
The Elytron subsystem is independent of this - this is specifically about the XML parser.
The TrustManager definition in the Elytron subsystem DOES have the ability to specify which Providers to use.
In the OpenSSL example a suitable configuration would be service loader based discovery to get the OpenSSL Provider at the start of the list with the Global/System providers second so that is completely achievable. If we really had a demonstratable issue with sharing the definition on the SSLContext we could add a further child element on the <trust-manager /> element but TBH we would always inherit from it's parent which is the SSLContext.
> The TrustManagerFactory should use a Provider from the defined Supplier<Provider[]>
> -----------------------------------------------------------------------------------
>
> Key: ELY-1170
> URL: https://issues.jboss.org/browse/ELY-1170
> Project: WildFly Elytron
> Issue Type: Task
> Components: Authentication Client
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Fix For: 1.2.0.Beta8
>
>
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 9 months
[JBoss JIRA] (ELY-1170) The TrustManagerFactory should use a Provider from the defined Supplier<Provider[]>
by Martin Choma (JIRA)
[ https://issues.jboss.org/browse/ELY-1170?page=com.atlassian.jira.plugin.s... ]
Martin Choma edited comment on ELY-1170 at 10/18/17 7:00 AM:
-------------------------------------------------------------
I am not sure if this is good feature or not. As I understand this allows inherit parents element provider - if specified on parent. These are my thoughts:
* Consistency
** same feature is on sibling relation ssl-context \- key-store, but not on relation authentication-client \- ssl-context
** There is not such feature in other Elytron consumer (Elytron subsystem).
* I want to specify provider mainly in case when I want to achieve something special. So when I want to specify ssl-context's provider, there is little chance this provider will serve also for trust-manager.
** For example theoretically I can configure OpenSSL provider for ssl-context, but it won't work for trust-manager
was (Author: mchoma):
I am not sure if this is good feature or not. As I understand this allows inherit parents element provider - if specified on parent. These are my thoughts:
* Consistency
** same feature is on sibling relation ssl-context <\-> key-store, but not on relation authentication-client <\-> ssl-context
** There is not such feature in other Elytron consumer (Elytron subsystem).
* I want to specify provider mainly in case when I want to achieve something special. So when I want to specify ssl-context's provider, there is little chance this provider will serve also for trust-manager.
** For example theoretically I can configure OpenSSL provider for ssl-context, but it won't work for trust-manager
> The TrustManagerFactory should use a Provider from the defined Supplier<Provider[]>
> -----------------------------------------------------------------------------------
>
> Key: ELY-1170
> URL: https://issues.jboss.org/browse/ELY-1170
> Project: WildFly Elytron
> Issue Type: Task
> Components: Authentication Client
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Fix For: 1.2.0.Beta8
>
>
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 9 months
[JBoss JIRA] (ELY-1170) The TrustManagerFactory should use a Provider from the defined Supplier<Provider[]>
by Martin Choma (JIRA)
[ https://issues.jboss.org/browse/ELY-1170?page=com.atlassian.jira.plugin.s... ]
Martin Choma commented on ELY-1170:
-----------------------------------
I am not sure if this is good feature or not. As I understand this allows inherit parents element provider - if specified on parent. These are my thoughts:
* Consistency
** same feature is on sibling relation ssl-context <-> key-store, but not on relation authentication-client <-> ssl-context
** There is not such feature in other Elytron consumer (Elytron subsystem).
* I want to specify provider mainly in case when I want to achieve something special. So when I want to specify ssl-context's provider, there is little chance this provider will serve also for trust-manager.
** For example theoretically I can configure OpenSSL provider for ssl-context, but it won't work for trust-manager
> The TrustManagerFactory should use a Provider from the defined Supplier<Provider[]>
> -----------------------------------------------------------------------------------
>
> Key: ELY-1170
> URL: https://issues.jboss.org/browse/ELY-1170
> Project: WildFly Elytron
> Issue Type: Task
> Components: Authentication Client
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Fix For: 1.2.0.Beta8
>
>
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 9 months
[JBoss JIRA] (ELY-1170) The TrustManagerFactory should use a Provider from the defined Supplier<Provider[]>
by Martin Choma (JIRA)
[ https://issues.jboss.org/browse/ELY-1170?page=com.atlassian.jira.plugin.s... ]
Martin Choma edited comment on ELY-1170 at 10/18/17 6:57 AM:
-------------------------------------------------------------
I am not sure if this is good feature or not. As I understand this allows inherit parents element provider - if specified on parent. These are my thoughts:
* Consistency
** same feature is on sibling relation ssl-context <\-> key-store, but not on relation authentication-client <\-> ssl-context
** There is not such feature in other Elytron consumer (Elytron subsystem).
* I want to specify provider mainly in case when I want to achieve something special. So when I want to specify ssl-context's provider, there is little chance this provider will serve also for trust-manager.
** For example theoretically I can configure OpenSSL provider for ssl-context, but it won't work for trust-manager
was (Author: mchoma):
I am not sure if this is good feature or not. As I understand this allows inherit parents element provider - if specified on parent. These are my thoughts:
* Consistency
** same feature is on sibling relation ssl-context <-> key-store, but not on relation authentication-client <-> ssl-context
** There is not such feature in other Elytron consumer (Elytron subsystem).
* I want to specify provider mainly in case when I want to achieve something special. So when I want to specify ssl-context's provider, there is little chance this provider will serve also for trust-manager.
** For example theoretically I can configure OpenSSL provider for ssl-context, but it won't work for trust-manager
> The TrustManagerFactory should use a Provider from the defined Supplier<Provider[]>
> -----------------------------------------------------------------------------------
>
> Key: ELY-1170
> URL: https://issues.jboss.org/browse/ELY-1170
> Project: WildFly Elytron
> Issue Type: Task
> Components: Authentication Client
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Fix For: 1.2.0.Beta8
>
>
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 9 months
[JBoss JIRA] (ELY-1385) Add option to override the TrustManager within <authentication-client ></authentication>
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-1385?page=com.atlassian.jira.plugin.s... ]
Darran Lofthouse commented on ELY-1385:
---------------------------------------
I have already edited the title to reflect that, we actually use our own custom KeyManager impl in there so there is no need to override the algorithm on that one.
> Add option to override the TrustManager within <authentication-client ></authentication>
> ----------------------------------------------------------------------------------------
>
> Key: ELY-1385
> URL: https://issues.jboss.org/browse/ELY-1385
> Project: WildFly Elytron
> Issue Type: Enhancement
> Components: Authentication Client
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Fix For: 1.2.0.Beta8
>
>
> At the moment we can reference an alias from a KeyStore and reference a complete KeyStore for use by the TrustManager but there is not option to override which key and trust managers are actually enabled.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 9 months