JBoss Community

Encrypt SSL KeyStorePassword in remoting-sslbisocket-service.xml

created by Nikos Massios in JBoss Remoting - View the full discussion

Hello,

 

I am using jboss 5.1 GA.

 

I would like to encrypt the ssl keystore password in the remoting-sslbisocket-service.xml of jboss messaging. This xml contains the following mbean configuration. This xml of jboss messaging is using the org.jboss.remoting.securirity.SSLSocketBuilder mbean of jboss remoting. From what I can see here http://docs.jboss.org/jbosasremoting/docs/api/org/jboss/remoting/security/SSLSocketBuilder.html there is no way to encrypt the keystore, trustsore passwords. Am I correct? Has anyone tried extending the SSLSocketBuilder class to provide such functionality? I am considering doing this myself.

 

Thanks,

 

Nikos.

 

 

mbean  code=org.jboss.remoting.security.SSLSocketBuilder name=jboss.messaging:service=SocketBuilder,type=SSL display-name=SSL  Server Socket Factory Builder>

- <!--
           IMPORTANT - If making ANY customizations, this MUST be set to false.
           Otherwise, will used default settings and the following attributes will be ignored.
      

  -->


  <attribute name="UseSSLServerSocketFactory">false</attribute>



- <!--
 This is the url string to the key store to use 

  -->


  <attribute name="KeyStoreURL">${jboss.server.home.url}/conf/ssl/server.keystore</attribute>



- <!--
 The password for the key store 

  -->


  <attribute name="KeyStorePassword">MY_PASSWORD_IS_HERE</attribute>



- <!--
 The password for the keys (will use KeystorePassword if this is not set explicitly. 

  -->

- <!--
          <attribute name="KeyPassword">secureexample</attribute>

  -->

- <!--
 The protocol for the SSLContext. Default is TLS. 

  -->


  <attribute name="SecureSocketProtocol">TLS</attribute>



- <!--
 The algorithm for the key manager factory.  Default is SunX509. 

  -->


  <attribute name="KeyStoreAlgorithm">SunX509</attribute>



- <!--
           The type to be used for the key store.
           Defaults to JKS. Some acceptable values are JKS (Java Keystore - Sun's keystore format),
           JCEKS (Java Cryptography Extension keystore - More secure version of JKS), and
           PKCS12 (Public-Key Cryptography Standards #12 keystore - RSA's Personal Information
           Exchange Syntax Standard). These are not case sensitive.
      

  -->


  <attribute name="KeyStoreType">JKS</attribute>



  </mbean>
<

Reply to this message by going to Community

Start a new discussion in JBoss Remoting at Community