[jboss-jira] [JBoss JIRA] (WFLY-7194) Simplify creation of trust/key-manager in elytron

Jan Kalina (JIRA) issues at jboss.org
Mon Sep 26 07:08:00 EDT 2016 

    [ https://issues.jboss.org/browse/WFLY-7194?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13298323#comment-13298323 ] 

Jan Kalina commented on WFLY-7194:
----------------------------------

*Part 3* was already done as part of other PR.
*Part 4* - password is required by KeyManager, on the other side it will be deprecated and replaced "as to be supplied by the vault". For now I can set it required, can be made optional when the vault alternative will be implemented.

> Simplify creation of trust/key-manager in elytron
> -------------------------------------------------
>
>                 Key: WFLY-7194
>                 URL: https://issues.jboss.org/browse/WFLY-7194
>             Project: WildFly
>          Issue Type: Bug
>          Components: Security
>            Reporter: Jan Kalina
>            Assignee: Jan Kalina
>
> If I want to setup TLS [1], I have to create key manager with CLI command
> {code}
> /subsystem=elytron/key-managers=httpsKM:add(key-store=httpsKS,algorithm="SunX509")
> {code}
> 1. It seems to me {{algorithm}} can be optional. If not set {{TrustManagerFactory.getDefaultAlgorithm()}} can be used.
> 2. Also, please, enhance xsd/model documentation with clear statement that this {{password}} attribute is in fact "key password" . Or probably better rename attribute from {{password}} to {{key-password}} to make it absolutely clear to everyone.
> 3. {{key-store}} attribute is declared optional in xsd . In model it is properly declared as required. Please change XSD to express it is required.
> {code}
>         <xs:attribute name="key-store" type="xs:string" use="optional">
>             <xs:annotation>
>                 <xs:documentation>
>                     Reference to the KeyStore to use with the KeyManager.
>                 </xs:documentation>
>             </xs:annotation>
>         </xs:attribute>
> {code}
> 4.{{password}} attribute is optional, probably should be required
> {code}
> "password" => {
> 	"type" => STRING,
> 	"description" => "The password to use when initialising the underlying KeyManagerFactory.",
> 	"expressions-allowed" => true,
> 	"nillable" => true,
> 	"min-length" => 1L,
> 	"max-length" => 2147483647L,
> 	"deprecated" => {
> 		"since" => "1.0.0",
> 		"reason" => "Will be updated to use proper CredentialStore references."
> 	},
> 	"access-type" => "read-write",
> 	"storage" => "configuration",
> 	"restart-required" => "resource-services"
> },
> {code}
> [1] https://docs.jboss.org/author/display/WFLY/WildFly+Elytron+Security#WildFlyElytronSecurity-Examples



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list