[jboss-jira] [JBoss JIRA] (ELY-1608) Keystores do not expose same operation

[Martin Choma (JIRA)]

     [ https://issues.jboss.org/browse/ELY-1608?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Martin Choma updated ELY-1608:
------------------------------
    Description: 
This JIRA is in this stage for discussion purposed.

In context of https://issues.jboss.org/browse/PRODMGT-1907 I have compared operations of resources providing same capability in elytron subsystem.

I want to discuss.

* {code}
diff key-store.operations ldap-key-store.operations 
5,9d4
<         "change-alias",
<         "export-certificate",
<         "generate-certificate-signing-request",
<         "generate-key-pair",
<         "import-certificate",
14d8
<         "load",
34d27
<         "store",
{code}

load() was introduced by EAP7-455
rest of operations were introduced by EAP7-650

Now question is if these operations (load() is already covered by PRODMGT-1907) shouldn be also in `ldap-key-store`.

* filtering-key-store
should it also contain extended operations or it is enough only underlying key-store has them

* Keystore capability org.wildfly.security.key-store is referenced in filtering-key-store, key-manager, trust-manager, keystore-realm, token-realm . Is it necessary to propagate load operation also to these resources.
key-manager has init() operation. trust-manager does not have such operation but went through EAP7-455 so is probably ok. filtering-key-store probably does not "cache" keystore but request underlying keystore. What about keystore-realm, token-realm ? 

* Although same resources "provide" same capability (org.wildfly.security.key-store) There is no guarantee they should provide same operations on model level, right? It is just user experience issue as one could expect same operations.

  was:
This JIRA is in this stage for discussion purposed.

In context of https://issues.jboss.org/browse/PRODMGT-1907 I have compared operations of resources providing same capability in elytron subsystem.

I want to discuss.

*
{code}
diff key-store.operations ldap-key-store.operations 
5,9d4
<         "change-alias",
<         "export-certificate",
<         "generate-certificate-signing-request",
<         "generate-key-pair",
<         "import-certificate",
14d8
<         "load",
34d27
<         "store",
{code}

load() was introduced by EAP7-455
rest of operations were introduced by EAP7-650

Now question is if these operations (load() is already covered by PRODMGT-1907) shouldn be also in `ldap-key-store`.

* filtering-key-store
should it also contain extended operations or it is enough only underlying key-store has them

*
Keystore capability org.wildfly.security.key-store is referenced in filtering-key-store, key-manager, trust-manager, keystore-realm, token-realm . Is it necessary to propagate load operation also to these resources.
key-manager has init() operation. trust-manager does not have such operation but went through EAP7-455 so is probably ok. filtering-key-store probably does not "cache" keystore but request underlying keystore. What about keystore-realm, token-realm ? 

* Although same resources "provide" same capability (org.wildfly.security.key-store) There is no guarantee they should provide same operations on model level, right? It is just user experience issue as one could expect same operations.



> Keystores do not expose same operation
> --------------------------------------
>
>                 Key: ELY-1608
>                 URL: https://issues.jboss.org/browse/ELY-1608
>             Project: WildFly Elytron
>          Issue Type: Bug
>          Components: KeyStores
>    Affects Versions: 1.4.0.Final
>            Reporter: Martin Choma
>
> This JIRA is in this stage for discussion purposed.
> In context of https://issues.jboss.org/browse/PRODMGT-1907 I have compared operations of resources providing same capability in elytron subsystem.
> I want to discuss.
> * {code}
> diff key-store.operations ldap-key-store.operations 
> 5,9d4
> <         "change-alias",
> <         "export-certificate",
> <         "generate-certificate-signing-request",
> <         "generate-key-pair",
> <         "import-certificate",
> 14d8
> <         "load",
> 34d27
> <         "store",
> {code}
> load() was introduced by EAP7-455
> rest of operations were introduced by EAP7-650
> Now question is if these operations (load() is already covered by PRODMGT-1907) shouldn be also in `ldap-key-store`.
> * filtering-key-store
> should it also contain extended operations or it is enough only underlying key-store has them
> * Keystore capability org.wildfly.security.key-store is referenced in filtering-key-store, key-manager, trust-manager, keystore-realm, token-realm . Is it necessary to propagate load operation also to these resources.
> key-manager has init() operation. trust-manager does not have such operation but went through EAP7-455 so is probably ok. filtering-key-store probably does not "cache" keystore but request underlying keystore. What about keystore-realm, token-realm ? 
> * Although same resources "provide" same capability (org.wildfly.security.key-store) There is no guarantee they should provide same operations on model level, right? It is just user experience issue as one could expect same operations.



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)