[wildfly-dev] Support for PKCS12 keystores in Security Realms

Marek Żupnik marek.zupnik at gmail.com
Wed Mar 19 18:42:18 EDT 2014 

Hi,

Darran, I understand your point of view, but stable version of 9 will be
not released tomorrow. Lack of pkcs12 support in 8 is a major issue, not to
mention that in AS 7 I was able to use this format for https private key. I
think it will be useful to fix it yet in 8, even thought the code with a
fix will be thrown away in 9.

I made a pull request with a fix (
https://github.com/wildfly/wildfly/pull/6062). It is up to you what you do
with it.

Thank you for your answers and clarifications.

Kind Regards,
Marek Zupnik


2014-03-18 18:10 GMT+01:00 Darran Lofthouse <darran.lofthouse at jboss.com>:

> I will have another look if I get a chance to get something into 8 but
> in reality a related change in this area (that completely conflicts with
> your changes) was pushed to 9 as the consensus was we did not want the
> configuration model in this area changing before WildFLy 9.
>
> On 18/03/14 16:30, Marek Żupnik wrote:
> > Hi,
> >
> > Thank You Brian for your comments. I'll try to apply them to my code. I
> > ask if I will have further questions about it.
> >
> > @Darran, I have a question for you. I wasn't looking into development
> > branch so I haven't known about the changes. Is it possible that pkcs12
> > support will be merged in Wildfly 8? If not, could my change be merged
> > earlier? Otherwise, I'm forced to maintain my version of Wildfly untill
> > no 9 will be released.
> >
> > Kind Regards,
> > Marek Zupnik
> >
> >
> > 2014-03-18 16:20 GMT+01:00 Brian Stansberry <brian.stansberry at redhat.com
> > <mailto:brian.stansberry at redhat.com>>:
> >
> >     Hi Marek,
> >
> >     Welcome!
> >
> >     I'm going to make a few comments on github re: some minor details of
> >     your commit. But please keep an eye on this list for your more
> general
> >     question about whether this is how we want to go about this. I
> believe
> >     Darran Lofthouse was planning some work in this area so he may have
> some
> >     input.
> >
> >     Cheers,
> >
> >     --
> >     Brian Stansberry
> >     Senior Principal Software Engineer
> >     JBoss by Red Hat
> >
> >     On 3/18/14, 8:59 AM, Marek Żupnik wrote:
> >      > Hi,
> >      >
> >      > I'm Marek Zupnik. It's my first message for this list but for
> >     some time
> >      > I've been keeping my eyes on what's happening in wildfly
> development.
> >      >
> >      > I'm writing regarding to the issue about lack of support for
> PKCS12
> >      > keystores in security realms
> >      > (https://issues.jboss.org/browse/WFLY-2229). I wanted to migrate
> my
> >      > system to Wildfly but in my case it is a blocking issue. I have
> >     to use
> >      > keystore in PKCS12 format in which I'm storing, among others,
> https
> >      > private key.
> >      >
> >      > I forked Wildfly on github and made a simple fix for this issue
> which
> >      > consists in additional parameter "keystore-type" for keystore
> >      > configuration. Based on this parameter I'm able to create
> appropriate
> >      > keystore type.
> >      >
> >      > Config sample:
> >      > <keystore path="keystore.p12"
> relative-to="jboss.server.config.dir"
> >      > keystore-password="xxx" keystore-type="PKCS12" alias="https"/>
> >      >
> >      > The changes are in my fork on github (keystore_type branch):
> >      > https://github.com/mzupnik/wildfly/tree/keystore_type
> >      >
> >      > Before I will try to do push request, could you answer me if it is
> >      > acceptable solution according to your architecture concept? If
> not,
> >      > could you give me some tips how to resolve it in other way? I
> >     care about
> >      > this fix before 9. release.
> >      >
> >      > Kind Regards,
> >      > Marek Zupnik
> >      >
> >      >
> >      > _______________________________________________
> >      > wildfly-dev mailing list
> >      > wildfly-dev at lists.jboss.org <mailto:wildfly-dev at lists.jboss.org>
> >      > https://lists.jboss.org/mailman/listinfo/wildfly-dev
> >      >
> >
> >
> >     _______________________________________________
> >     wildfly-dev mailing list
> >     wildfly-dev at lists.jboss.org <mailto:wildfly-dev at lists.jboss.org>
> >     https://lists.jboss.org/mailman/listinfo/wildfly-dev
> >
> >
> >
> >
> > _______________________________________________
> > wildfly-dev mailing list
> > wildfly-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/wildfly-dev
> >
> _______________________________________________
> wildfly-dev mailing list
> wildfly-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/wildfly-dev/attachments/20140319/5a7a938a/attachment-0001.html

More information about the wildfly-dev mailing list