[wildfly-dev] Support for PKCS12 keystores in Security Realms

Brian Stansberry brian.stansberry at redhat.com
Wed Mar 19 22:31:28 EDT 2014 

It's very similar to the existing commit for WF9/EAP6.3 [1], so if we 
want the feature in 8.0.1 we should just merge the open PR to bump the 
core schema versions[2] and then backport that commit.

[1] 
https://github.com/kabir/wildfly/commit/3f22fcfa81975bf9951003889c4d4af1d2dbd319

[2] https://github.com/wildfly/wildfly/pull/5913

On 3/19/14, 8:32 PM, Jason T. Greene wrote:
> Since this change looks minor, and it comes from a community member I am
> inclined to allow into 8.0.1.
>
> How bad is the conflict for the other change you are referring to Darran?
>
> On Mar 19, 2014, at 5:43 PM, Marek Żupnik <marek.zupnik at gmail.com
> <mailto:marek.zupnik at gmail.com>> wrote:
>
>> Hi,
>>
>> Darran, I understand your point of view, but stable version of 9 will
>> be not released tomorrow. Lack of pkcs12 support in 8 is a major
>> issue, not to mention that in AS 7 I was able to use this format for
>> https private key. I think it will be useful to fix it yet in 8, even
>> thought the code with a fix will be thrown away in 9.
>>
>> I made a pull request with a fix
>> (https://github.com/wildfly/wildfly/pull/6062). It is up to you what
>> you do with it.
>>
>> Thank you for your answers and clarifications.
>>
>> Kind Regards,
>> Marek Zupnik
>>
>>
>> 2014-03-18 18:10 GMT+01:00 Darran Lofthouse
>> <darran.lofthouse at jboss.com <mailto:darran.lofthouse at jboss.com>>:
>>
>>     I will have another look if I get a chance to get something into 8 but
>>     in reality a related change in this area (that completely
>>     conflicts with
>>     your changes) was pushed to 9 as the consensus was we did not want the
>>     configuration model in this area changing before WildFLy 9.
>>
>>     On 18/03/14 16:30, Marek Żupnik wrote:
>>     > Hi,
>>     >
>>     > Thank You Brian for your comments. I'll try to apply them to my
>>     code. I
>>     > ask if I will have further questions about it.
>>     >
>>     > @Darran, I have a question for you. I wasn't looking into
>>     development
>>     > branch so I haven't known about the changes. Is it possible that
>>     pkcs12
>>     > support will be merged in Wildfly 8? If not, could my change be
>>     merged
>>     > earlier? Otherwise, I'm forced to maintain my version of Wildfly
>>     untill
>>     > no 9 will be released.
>>     >
>>     > Kind Regards,
>>     > Marek Zupnik
>>     >
>>     >
>>     > 2014-03-18 16:20 GMT+01:00 Brian Stansberry
>>     <brian.stansberry at redhat.com <mailto:brian.stansberry at redhat.com>
>>     > <mailto:brian.stansberry at redhat.com
>>     <mailto:brian.stansberry at redhat.com>>>:
>>     >
>>     >     Hi Marek,
>>     >
>>     >     Welcome!
>>     >
>>     >     I'm going to make a few comments on github re: some minor
>>     details of
>>     >     your commit. But please keep an eye on this list for your
>>     more general
>>     >     question about whether this is how we want to go about this.
>>     I believe
>>     >     Darran Lofthouse was planning some work in this area so he
>>     may have some
>>     >     input.
>>     >
>>     >     Cheers,
>>     >
>>     >     --
>>     >     Brian Stansberry
>>     >     Senior Principal Software Engineer
>>     >     JBoss by Red Hat
>>     >
>>     >     On 3/18/14, 8:59 AM, Marek Żupnik wrote:
>>     >      > Hi,
>>     >      >
>>     >      > I'm Marek Zupnik. It's my first message for this list but for
>>     >     some time
>>     >      > I've been keeping my eyes on what's happening in wildfly
>>     development.
>>     >      >
>>     >      > I'm writing regarding to the issue about lack of support
>>     for PKCS12
>>     >      > keystores in security realms
>>     >      > (https://issues.jboss.org/browse/WFLY-2229). I wanted to
>>     migrate my
>>     >      > system to Wildfly but in my case it is a blocking issue.
>>     I have
>>     >     to use
>>     >      > keystore in PKCS12 format in which I'm storing, among
>>     others, https
>>     >      > private key.
>>     >      >
>>     >      > I forked Wildfly on github and made a simple fix for this
>>     issue which
>>     >      > consists in additional parameter "keystore-type" for keystore
>>     >      > configuration. Based on this parameter I'm able to create
>>     appropriate
>>     >      > keystore type.
>>     >      >
>>     >      > Config sample:
>>     >      > <keystore path="keystore.p12"
>>     relative-to="jboss.server.config.dir"
>>     >      > keystore-password="xxx" keystore-type="PKCS12"
>>     alias="https"/>
>>     >      >
>>     >      > The changes are in my fork on github (keystore_type branch):
>>     >      > https://github.com/mzupnik/wildfly/tree/keystore_type
>>     >      >
>>     >      > Before I will try to do push request, could you answer me
>>     if it is
>>     >      > acceptable solution according to your architecture
>>     concept? If not,
>>     >      > could you give me some tips how to resolve it in other way? I
>>     >     care about
>>     >      > this fix before 9. release.
>>     >      >
>>     >      > Kind Regards,
>>     >      > Marek Zupnik
>>     >      >
>>     >      >
>>     >      > _______________________________________________
>>     >      > wildfly-dev mailing list
>>     >      > wildfly-dev at lists.jboss.org
>>     <mailto:wildfly-dev at lists.jboss.org>
>>     <mailto:wildfly-dev at lists.jboss.org
>>     <mailto:wildfly-dev at lists.jboss.org>>
>>     >      > https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>     >      >
>>     >
>>     >
>>     >     _______________________________________________
>>     >     wildfly-dev mailing list
>>     > wildfly-dev at lists.jboss.org <mailto:wildfly-dev at lists.jboss.org>
>>     <mailto:wildfly-dev at lists.jboss.org
>>     <mailto:wildfly-dev at lists.jboss.org>>
>>     > https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>     >
>>     >
>>     >
>>     >
>>     > _______________________________________________
>>     > wildfly-dev mailing list
>>     > wildfly-dev at lists.jboss.org <mailto:wildfly-dev at lists.jboss.org>
>>     > https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>     >
>>     _______________________________________________
>>     wildfly-dev mailing list
>>     wildfly-dev at lists.jboss.org <mailto:wildfly-dev at lists.jboss.org>
>>     https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>
>>
>> _______________________________________________
>> wildfly-dev mailing list
>> wildfly-dev at lists.jboss.org <mailto:wildfly-dev at lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>
>
> _______________________________________________
> wildfly-dev mailing list
> wildfly-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>


-- 
Brian Stansberry
Senior Principal Software Engineer
JBoss by Red Hat

More information about the wildfly-dev mailing list