]
Martin Choma commented on WFLY-7194:
------------------------------------
Can you, please, elaborate on "jvm-unportable" argument? I still don't get
that. What I am suggesting here is to use implicitly
{{TrustManagerFactory.getDefaultAlgorithm()}} in elytron code in case when user does not
fill {{algorithm}} attribute explicitly in configuration.
{{TrustManagerFactory.getDefaultAlgorithm()}} is IMO portable; on oracle java returns
"SunX509" on ibm java "IbmX509".
Why do you expect {{algorithm}} to change to required, once such default handling would be
introduce?
Simplify creation of trust/key-manager in elytron
-------------------------------------------------
Key: WFLY-7194
URL:
https://issues.jboss.org/browse/WFLY-7194
Project: WildFly
Issue Type: Bug
Components: Security
Reporter: Jan Kalina
Assignee: Jan Kalina
Fix For: 11.0.0.Alpha1
If I want to setup TLS [1], I have to create key manager with CLI command
{code}
/subsystem=elytron/key-managers=httpsKM:add(key-store=httpsKS,algorithm="SunX509")
{code}
1. It seems to me {{algorithm}} can be optional. If not set
{{TrustManagerFactory.getDefaultAlgorithm()}} can be used.
2. Also, please, enhance xsd/model documentation with clear statement that this
{{password}} attribute is in fact "key password" . Or probably better rename
attribute from {{password}} to {{key-password}} to make it absolutely clear to everyone.
3. {{key-store}} attribute is declared optional in xsd . In model it is properly declared
as required. Please change XSD to express it is required.
{code}
<xs:attribute name="key-store" type="xs:string"
use="optional">
<xs:annotation>
<xs:documentation>
Reference to the KeyStore to use with the KeyManager.
</xs:documentation>
</xs:annotation>
</xs:attribute>
{code}
4.{{password}} attribute is optional, probably should be required
{code}
"password" => {
"type" => STRING,
"description" => "The password to use when initialising the underlying
KeyManagerFactory.",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"deprecated" => {
"since" => "1.0.0",
"reason" => "Will be updated to use proper CredentialStore
references."
},
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
{code}
[1]
https://docs.jboss.org/author/display/WFLY/WildFly+Elytron+Security#WildF...