[jboss-jira] [JBoss JIRA] (ELY-1608) Keystores do not expose same operation
Martin Choma (JIRA)
issues at jboss.org
Thu Jul 12 07:37:00 EDT 2018
[ https://issues.jboss.org/browse/ELY-1608?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Choma updated ELY-1608:
------------------------------
Description:
This JIRA is in this stage for discussion purposed.
In context of https://issues.jboss.org/browse/PRODMGT-1907 I have compared operations of resources providing same capability in elytron subsystem.
I want to discuss.
* {code}
diff key-store.operations ldap-key-store.operations
5,9d4
< "change-alias",
< "export-certificate",
< "generate-certificate-signing-request",
< "generate-key-pair",
< "import-certificate",
14d8
< "load",
34d27
< "store",
{code}
load() was introduced by EAP7-455
rest of operations were introduced by EAP7-650
Now question is if these operations (load() is already covered by PRODMGT-1907) shouldn be also in `ldap-key-store`.
* filtering-key-store
should it also contain extended operations or it is enough only underlying key-store has them
* Keystore capability org.wildfly.security.key-store is referenced in filtering-key-store, key-manager, trust-manager, keystore-realm, token-realm . Is it necessary to propagate load operation also to these resources.
key-manager has init() operation. trust-manager does not have such operation but went through EAP7-455 so is probably ok. filtering-key-store probably does not "cache" keystore but request underlying keystore. What about keystore-realm, token-realm ?
* Although same resources "provide" same capability (org.wildfly.security.key-store) There is no guarantee they should provide same operations on model level, right? It is just user experience issue as one could expect same operations.
was:
This JIRA is in this stage for discussion purposed.
In context of https://issues.jboss.org/browse/PRODMGT-1907 I have compared operations of resources providing same capability in elytron subsystem.
I want to discuss.
*
{code}
diff key-store.operations ldap-key-store.operations
5,9d4
< "change-alias",
< "export-certificate",
< "generate-certificate-signing-request",
< "generate-key-pair",
< "import-certificate",
14d8
< "load",
34d27
< "store",
{code}
load() was introduced by EAP7-455
rest of operations were introduced by EAP7-650
Now question is if these operations (load() is already covered by PRODMGT-1907) shouldn be also in `ldap-key-store`.
* filtering-key-store
should it also contain extended operations or it is enough only underlying key-store has them
*
Keystore capability org.wildfly.security.key-store is referenced in filtering-key-store, key-manager, trust-manager, keystore-realm, token-realm . Is it necessary to propagate load operation also to these resources.
key-manager has init() operation. trust-manager does not have such operation but went through EAP7-455 so is probably ok. filtering-key-store probably does not "cache" keystore but request underlying keystore. What about keystore-realm, token-realm ?
* Although same resources "provide" same capability (org.wildfly.security.key-store) There is no guarantee they should provide same operations on model level, right? It is just user experience issue as one could expect same operations.
> Keystores do not expose same operation
> --------------------------------------
>
> Key: ELY-1608
> URL: https://issues.jboss.org/browse/ELY-1608
> Project: WildFly Elytron
> Issue Type: Bug
> Components: KeyStores
> Affects Versions: 1.4.0.Final
> Reporter: Martin Choma
>
> This JIRA is in this stage for discussion purposed.
> In context of https://issues.jboss.org/browse/PRODMGT-1907 I have compared operations of resources providing same capability in elytron subsystem.
> I want to discuss.
> * {code}
> diff key-store.operations ldap-key-store.operations
> 5,9d4
> < "change-alias",
> < "export-certificate",
> < "generate-certificate-signing-request",
> < "generate-key-pair",
> < "import-certificate",
> 14d8
> < "load",
> 34d27
> < "store",
> {code}
> load() was introduced by EAP7-455
> rest of operations were introduced by EAP7-650
> Now question is if these operations (load() is already covered by PRODMGT-1907) shouldn be also in `ldap-key-store`.
> * filtering-key-store
> should it also contain extended operations or it is enough only underlying key-store has them
> * Keystore capability org.wildfly.security.key-store is referenced in filtering-key-store, key-manager, trust-manager, keystore-realm, token-realm . Is it necessary to propagate load operation also to these resources.
> key-manager has init() operation. trust-manager does not have such operation but went through EAP7-455 so is probably ok. filtering-key-store probably does not "cache" keystore but request underlying keystore. What about keystore-realm, token-realm ?
> * Although same resources "provide" same capability (org.wildfly.security.key-store) There is no guarantee they should provide same operations on model level, right? It is just user experience issue as one could expect same operations.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list