[jboss-user] [JBoss Remoting] - Encrypt SSL KeyStorePassword in remoting-sslbisocket-service.xml
Nikos Massios
do-not-reply at jboss.com
Fri Dec 17 05:34:14 EST 2010
Nikos Massios [http://community.jboss.org/people/massios] created the discussion
"Encrypt SSL KeyStorePassword in remoting-sslbisocket-service.xml"
To view the discussion, visit: http://community.jboss.org/message/576595#576595
--------------------------------------------------------------
Hello,
I am using jboss 5.1 GA.
I would like to encrypt the ssl keystore password in the remoting-sslbisocket-service.xml of jboss messaging. This xml contains the following mbean configuration. This xml of jboss messaging is using the org.jboss.remoting.securirity.SSLSocketBuilder mbean of jboss remoting. From what I can see here http://docs.jboss.org/jbosasremoting/docs/api/org/jboss/remoting/security/SSLSocketBuilder.html http://docs.jboss.org/jbosasremoting/docs/api/org/jboss/remoting/security/SSLSocketBuilder.html there is no way to encrypt the keystore, trustsore passwords. Am I correct? Has anyone tried extending the SSLSocketBuilder class to provide such functionality? I am considering doing this myself.
Thanks,
Nikos.
mbean code=org.jboss.remoting.security.SSLSocketBuilder name=jboss.messaging:service=SocketBuilder,type=SSL display-name=SSL Server Socket Factory Builder>
- <!--
IMPORTANT - If making ANY customizations, this MUST be set to false.
Otherwise, will used default settings and the following attributes will be ignored.
-->
<attribute name="UseSSLServerSocketFactory">false</attribute>
- <!--
This is the url string to the key store to use
-->
<attribute name="KeyStoreURL">${jboss.server.home.url}/conf/ssl/server.keystore</attribute>
- <!--
The password for the key store
-->
<attribute name="KeyStorePassword">MY_PASSWORD_IS_HERE</attribute>
- <!--
The password for the keys (will use KeystorePassword if this is not set explicitly.
-->
- <!--
<attribute name="KeyPassword">secureexample</attribute>
-->
- <!--
The protocol for the SSLContext. Default is TLS.
-->
<attribute name="SecureSocketProtocol">TLS</attribute>
- <!--
The algorithm for the key manager factory. Default is SunX509.
-->
<attribute name="KeyStoreAlgorithm">SunX509</attribute>
- <!--
The type to be used for the key store.
Defaults to JKS. Some acceptable values are JKS (Java Keystore - Sun's keystore format),
JCEKS (Java Cryptography Extension keystore - More secure version of JKS), and
PKCS12 (Public-Key Cryptography Standards #12 keystore - RSA's Personal Information
Exchange Syntax Standard). These are not case sensitive.
-->
<attribute name="KeyStoreType">JKS</attribute>
</mbean>
<
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/576595#576595]
Start a new discussion in JBoss Remoting at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2050]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20101217/c425e47f/attachment.html
More information about the jboss-user
mailing list