[jboss-jira] [JBoss JIRA] (ELY-969) Add a KeyStore implementation that can use the key store password for retrieving entries.
Martin Choma (JIRA)
issues at jboss.org
Mon Feb 20 05:47:00 EST 2017
[ https://issues.jboss.org/browse/ELY-969?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13366006#comment-13366006 ]
Martin Choma commented on ELY-969:
----------------------------------
So in terms of subsystem; Key password of key-manager could become optional. And elytron keystore implementation will "default" key-password with keystore password - I am OK with such enhancement.
Regarding "password for different entries". I thought multiple keys will be handled by filter-alias on key-manager (https://issues.jboss.org/browse/WFLY-7158). It means effectivelly filter keys to one and provide key-password for that one.
So I am not sure how is this "password for different entries" meant on KeyStore level.
> Add a KeyStore implementation that can use the key store password for retrieving entries.
> -----------------------------------------------------------------------------------------
>
> Key: ELY-969
> URL: https://issues.jboss.org/browse/ELY-969
> Project: WildFly Elytron
> Issue Type: Feature Request
> Components: KeyStores
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Fix For: 1.1.0.Beta28
>
>
> A KeyManager which uses a KeyStore is defined independently of the KeyStore - it is the KeyManager that has the password for the entry in the KeyStore whilst the KeyStore has the password for the overall store.
> In many cases the password used for the overall store is the same password as used for the entries.
> We should provide a KeyStore implementation that can substitute the password received.
> We may even be able to go one step further and add a password resolver which could mean a CredentialStore is used to obtain the password for different entries,
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list