[jboss-jira] [JBoss JIRA] (ELY-405) Add a KeyStore implementation backed by LDAP

Jan Kalina (JIRA) issues at jboss.org
Wed Jul 13 07:51:00 EDT 2016 

    [ https://issues.jboss.org/browse/ELY-405?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13264675#comment-13264675 ] 

Jan Kalina edited comment on ELY-405 at 7/13/16 7:50 AM:
---------------------------------------------------------

>From [http://www.tldp.org/HOWTO/archived/LDAP-Implementation-HOWTO/certificates.html]:
* The certificationAuthority objectclass implements the authorityRevocationList, certificateRevocationList and cACertificate attributes.
* The *inetOrgPerson* objectclass supports the *usercertificate* (binary) attribute.
* You can also use the mix-in objectclass strongAuthenticationUser to add certificates to non inetOrgPerson entries.


was (Author: honza889):
>From [http://www.tldp.org/HOWTO/archived/LDAP-Implementation-HOWTO/certificates.html]:
* The certificationAuthority objectclass implements the authorityRevocationList, certificateRevocationList and cACertificate attributes.
* The inetOrgPerson objectclass supports the usercertificate (binary) attribute.
* You can also use the mix-in objectclass strongAuthenticationUser to add certificates to non inetOrgPerson entries.

> Add a KeyStore implementation backed by LDAP
> --------------------------------------------
>
>                 Key: ELY-405
>                 URL: https://issues.jboss.org/browse/ELY-405
>             Project: WildFly Elytron
>          Issue Type: Feature Request
>          Components: SSL
>            Reporter: Darran Lofthouse
>            Assignee: Jan Kalina
>             Fix For: 2.0.0.Alpha1
>
>
> It is possible for private keys, public keys and certificates to all be stored in LDAP - this task is to create a Java KeyStore implementation that can work with this.
> LDAP most likely will take a reasonable amount of configuration so it may not be possible to be purely provider based and instead this type of KeyStore may need to be manually configured and instantiated.
> Properties could be passed in using the InputStream to initialise the KeyStore but that doesn't help where we may want to pass in factories for connecting to a remote LDAP server.
> In addition to the usual keys and certificates the entry types as used for CredentialStore should also be considered.
> The implementation should also support manipulation of the entries - in this case this may mean immediate updates to the directory.



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list