[jboss-jira] [JBoss JIRA] (WFLY-7194) Simplify creation of trust/key-manager in elytron

Martin Choma (JIRA) issues at jboss.org
Fri Sep 23 02:23:00 EDT 2016 

    [ https://issues.jboss.org/browse/WFLY-7194?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13297525#comment-13297525 ] 

Martin Choma commented on WFLY-7194:
------------------------------------

Does that mean "Default" will be declared as default value in model? So if I don't specify algorithm "Default" will be applied?

[~dlofthouse] [~honza889] My motivation for point 1 is part of general idea: "Provide a possibility to create SSL Context in simple way."  That's why I think in terms, "does that really need to be provided by user"? I really like that user can configure pretty everything now, but I think also on people who want ideally specify just keystore and password to make TLS work.

> Simplify creation of trust/key-manager in elytron
> -------------------------------------------------
>
>                 Key: WFLY-7194
>                 URL: https://issues.jboss.org/browse/WFLY-7194
>             Project: WildFly
>          Issue Type: Bug
>          Components: Security
>            Reporter: Jan Kalina
>            Assignee: Jan Kalina
>
> If I want to setup TLS [1], I have to create key manager with CLI command
> {code}
> /subsystem=elytron/key-managers=httpsKM:add(key-store=httpsKS,algorithm="SunX509")
> {code}
> 1. It seems to me {{algorithm}} can be optional. If not set {{TrustManagerFactory.getDefaultAlgorithm()}} can be used.
> 2. Also, please, enhance xsd/model documentation with clear statement that this {{password}} attribute is in fact "key password" . Or probably better rename attribute from {{password}} to {{key-password}} to make it absolutely clear to everyone.
> 3. {{key-store}} attribute is declared optional in xsd . In model it is properly declared as required. Please change XSD to express it is required.
> {code}
>         <xs:attribute name="key-store" type="xs:string" use="optional">
>             <xs:annotation>
>                 <xs:documentation>
>                     Reference to the KeyStore to use with the KeyManager.
>                 </xs:documentation>
>             </xs:annotation>
>         </xs:attribute>
> {code}
> 4.{{password}} attribute is optional, probably should be required
> {code}
> "password" => {
> 	"type" => STRING,
> 	"description" => "The password to use when initialising the underlying KeyManagerFactory.",
> 	"expressions-allowed" => true,
> 	"nillable" => true,
> 	"min-length" => 1L,
> 	"max-length" => 2147483647L,
> 	"deprecated" => {
> 		"since" => "1.0.0",
> 		"reason" => "Will be updated to use proper CredentialStore references."
> 	},
> 	"access-type" => "read-write",
> 	"storage" => "configuration",
> 	"restart-required" => "resource-services"
> },
> {code}
> [1] https://docs.jboss.org/author/display/WFLY/WildFly+Elytron+Security#WildFlyElytronSecurity-Examples



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list