[jboss-jira] [JBoss JIRA] (WFLY-7194) Simplify creation of trust/key-manager in elytron

Tue Nov 1 02:53:00 EDT 2016

    [ https://issues.jboss.org/browse/WFLY-7194?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13314632#comment-13314632 ] 

Martin Choma commented on WFLY-7194:
------------------------------------

Can you, please, elaborate on "jvm-unportable" argument? I still don't get that. What I am suggesting here is to use implicitly {{TrustManagerFactory.getDefaultAlgorithm()}} in elytron code in case when user does not fill {{algorithm}} attribute explicitly in configuration. {{TrustManagerFactory.getDefaultAlgorithm()}} is IMO portable; on oracle java returns "SunX509" on ibm java "IbmX509". 

Why do you expect {{algorithm}} to change to required, once such default handling would be introduce?

> Simplify creation of trust/key-manager in elytron
> -------------------------------------------------
>
>                 Key: WFLY-7194
>                 URL: https://issues.jboss.org/browse/WFLY-7194
>             Project: WildFly
>          Issue Type: Bug
>          Components: Security
>            Reporter: Jan Kalina
>            Assignee: Jan Kalina
>             Fix For: 11.0.0.Alpha1
>
>
> If I want to setup TLS [1], I have to create key manager with CLI command
> {code}
> /subsystem=elytron/key-managers=httpsKM:add(key-store=httpsKS,algorithm="SunX509")
> {code}
> 1. It seems to me {{algorithm}} can be optional. If not set {{TrustManagerFactory.getDefaultAlgorithm()}} can be used.
> 2. Also, please, enhance xsd/model documentation with clear statement that this {{password}} attribute is in fact "key password" . Or probably better rename attribute from {{password}} to {{key-password}} to make it absolutely clear to everyone.
> 3. {{key-store}} attribute is declared optional in xsd . In model it is properly declared as required. Please change XSD to express it is required.
> {code}
>         <xs:attribute name="key-store" type="xs:string" use="optional">
>             <xs:annotation>
>                 <xs:documentation>
>                     Reference to the KeyStore to use with the KeyManager.
>                 </xs:documentation>
>             </xs:annotation>
>         </xs:attribute>
> {code}
> 4.{{password}} attribute is optional, probably should be required
> {code}
> "password" => {
> 	"type" => STRING,
> 	"description" => "The password to use when initialising the underlying KeyManagerFactory.",
> 	"expressions-allowed" => true,
> 	"nillable" => true,
> 	"min-length" => 1L,
> 	"max-length" => 2147483647L,
> 	"deprecated" => {
> 		"since" => "1.0.0",
> 		"reason" => "Will be updated to use proper CredentialStore references."
> 	},
> 	"access-type" => "read-write",
> 	"storage" => "configuration",
> 	"restart-required" => "resource-services"
> },
> {code}
> [1] https://docs.jboss.org/author/display/WFLY/WildFly+Elytron+Security#WildFlyElytronSecurity-Examples

--
This message was sent by Atlassian JIRA
(v7.2.2#72004)