[jboss-jira] [JBoss JIRA] (WFLY-7194) Simplify creation of trust/key-manager in elytron

David Lloyd (JIRA) issues at jboss.org
Tue Nov 1 09:39:00 EDT 2016 

    [ https://issues.jboss.org/browse/WFLY-7194?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13314876#comment-13314876 ] 

David Lloyd commented on WFLY-7194:
-----------------------------------

The trust manager definitely should use the default algorithm when none is given; in this case the algorithm name isn't an "algorithm" per se, it's just an implementation name.

The key store definitely must require an explicit algorithm name though.  Key store formats are determined by algorithm name, so there is no logical default for this value.

> Simplify creation of trust/key-manager in elytron
> -------------------------------------------------
>
>                 Key: WFLY-7194
>                 URL: https://issues.jboss.org/browse/WFLY-7194
>             Project: WildFly
>          Issue Type: Bug
>          Components: Security
>            Reporter: Jan Kalina
>            Assignee: Jan Kalina
>             Fix For: 11.0.0.Alpha1
>
>
> If I want to setup TLS [1], I have to create key manager with CLI command
> {code}
> /subsystem=elytron/key-managers=httpsKM:add(key-store=httpsKS,algorithm="SunX509")
> {code}
> 1. It seems to me {{algorithm}} can be optional. If not set {{TrustManagerFactory.getDefaultAlgorithm()}} can be used.
> 2. Also, please, enhance xsd/model documentation with clear statement that this {{password}} attribute is in fact "key password" . Or probably better rename attribute from {{password}} to {{key-password}} to make it absolutely clear to everyone.
> 3. {{key-store}} attribute is declared optional in xsd . In model it is properly declared as required. Please change XSD to express it is required.
> {code}
>         <xs:attribute name="key-store" type="xs:string" use="optional">
>             <xs:annotation>
>                 <xs:documentation>
>                     Reference to the KeyStore to use with the KeyManager.
>                 </xs:documentation>
>             </xs:annotation>
>         </xs:attribute>
> {code}
> 4.{{password}} attribute is optional, probably should be required
> {code}
> "password" => {
> 	"type" => STRING,
> 	"description" => "The password to use when initialising the underlying KeyManagerFactory.",
> 	"expressions-allowed" => true,
> 	"nillable" => true,
> 	"min-length" => 1L,
> 	"max-length" => 2147483647L,
> 	"deprecated" => {
> 		"since" => "1.0.0",
> 		"reason" => "Will be updated to use proper CredentialStore references."
> 	},
> 	"access-type" => "read-write",
> 	"storage" => "configuration",
> 	"restart-required" => "resource-services"
> },
> {code}
> [1] https://docs.jboss.org/author/display/WFLY/WildFly+Elytron+Security#WildFlyElytronSecurity-Examples



--
This message was sent by Atlassian JIRA
(v7.2.2#72004)

More information about the jboss-jira mailing list