[wildfly-dev] Support for PKCS12 keystores in Security Realms

Darran Lofthouse darran.lofthouse at jboss.com
Thu Mar 20 13:54:50 EDT 2014


I have updated the pull request for the schema version bump, once that 
one is in I will get pull requests in for backporting the upstream 
changes and enabling support for alternative file based keystores such 
as PKCS#12

Regards,
Darran Lofthouse.


On 20/03/14 11:18, Darran Lofthouse wrote:
> I am just tagging a JBoss Negotiation release then I will switch to
> getting this backported.
>
> Once backported it may be easier if we just delete the commit from
> Kabir's branch when he rebases.
>
>   From this point forward can we please push less to WildFly 9? ;-)  I
> already lost time as I started to work on this for 8 and was then
> diverted by other engineers to push it to 9, I am now going to spend
> time pulling it back to 8!
>
> Regards,
> Darran Lofthouse.
>
>
> On 20/03/14 02:31, Brian Stansberry wrote:
>> It's very similar to the existing commit for WF9/EAP6.3 [1], so if we
>> want the feature in 8.0.1 we should just merge the open PR to bump the
>> core schema versions[2] and then backport that commit.
>>
>> [1]
>> https://github.com/kabir/wildfly/commit/3f22fcfa81975bf9951003889c4d4af1d2dbd319
>>
>> [2] https://github.com/wildfly/wildfly/pull/5913
>>
>> On 3/19/14, 8:32 PM, Jason T. Greene wrote:
>>> Since this change looks minor, and it comes from a community member I am
>>> inclined to allow into 8.0.1.
>>>
>>> How bad is the conflict for the other change you are referring to Darran?
>>>
>>> On Mar 19, 2014, at 5:43 PM, Marek Żupnik <marek.zupnik at gmail.com
>>> <mailto:marek.zupnik at gmail.com>> wrote:
>>>
>>>> Hi,
>>>>
>>>> Darran, I understand your point of view, but stable version of 9 will
>>>> be not released tomorrow. Lack of pkcs12 support in 8 is a major
>>>> issue, not to mention that in AS 7 I was able to use this format for
>>>> https private key. I think it will be useful to fix it yet in 8, even
>>>> thought the code with a fix will be thrown away in 9.
>>>>
>>>> I made a pull request with a fix
>>>> (https://github.com/wildfly/wildfly/pull/6062). It is up to you what
>>>> you do with it.
>>>>
>>>> Thank you for your answers and clarifications.
>>>>
>>>> Kind Regards,
>>>> Marek Zupnik
>>>>
>>>>
>>>> 2014-03-18 18:10 GMT+01:00 Darran Lofthouse
>>>> <darran.lofthouse at jboss.com <mailto:darran.lofthouse at jboss.com>>:
>>>>
>>>>       I will have another look if I get a chance to get something into 8 but
>>>>       in reality a related change in this area (that completely
>>>>       conflicts with
>>>>       your changes) was pushed to 9 as the consensus was we did not want the
>>>>       configuration model in this area changing before WildFLy 9.
>>>>
>>>>       On 18/03/14 16:30, Marek Żupnik wrote:
>>>>       > Hi,
>>>>       >
>>>>       > Thank You Brian for your comments. I'll try to apply them to my
>>>>       code. I
>>>>       > ask if I will have further questions about it.
>>>>       >
>>>>       > @Darran, I have a question for you. I wasn't looking into
>>>>       development
>>>>       > branch so I haven't known about the changes. Is it possible that
>>>>       pkcs12
>>>>       > support will be merged in Wildfly 8? If not, could my change be
>>>>       merged
>>>>       > earlier? Otherwise, I'm forced to maintain my version of Wildfly
>>>>       untill
>>>>       > no 9 will be released.
>>>>       >
>>>>       > Kind Regards,
>>>>       > Marek Zupnik
>>>>       >
>>>>       >
>>>>       > 2014-03-18 16:20 GMT+01:00 Brian Stansberry
>>>>       <brian.stansberry at redhat.com <mailto:brian.stansberry at redhat.com>
>>>>       > <mailto:brian.stansberry at redhat.com
>>>>       <mailto:brian.stansberry at redhat.com>>>:
>>>>       >
>>>>       >     Hi Marek,
>>>>       >
>>>>       >     Welcome!
>>>>       >
>>>>       >     I'm going to make a few comments on github re: some minor
>>>>       details of
>>>>       >     your commit. But please keep an eye on this list for your
>>>>       more general
>>>>       >     question about whether this is how we want to go about this.
>>>>       I believe
>>>>       >     Darran Lofthouse was planning some work in this area so he
>>>>       may have some
>>>>       >     input.
>>>>       >
>>>>       >     Cheers,
>>>>       >
>>>>       >     --
>>>>       >     Brian Stansberry
>>>>       >     Senior Principal Software Engineer
>>>>       >     JBoss by Red Hat
>>>>       >
>>>>       >     On 3/18/14, 8:59 AM, Marek Żupnik wrote:
>>>>       >      > Hi,
>>>>       >      >
>>>>       >      > I'm Marek Zupnik. It's my first message for this list but for
>>>>       >     some time
>>>>       >      > I've been keeping my eyes on what's happening in wildfly
>>>>       development.
>>>>       >      >
>>>>       >      > I'm writing regarding to the issue about lack of support
>>>>       for PKCS12
>>>>       >      > keystores in security realms
>>>>       >      > (https://issues.jboss.org/browse/WFLY-2229). I wanted to
>>>>       migrate my
>>>>       >      > system to Wildfly but in my case it is a blocking issue.
>>>>       I have
>>>>       >     to use
>>>>       >      > keystore in PKCS12 format in which I'm storing, among
>>>>       others, https
>>>>       >      > private key.
>>>>       >      >
>>>>       >      > I forked Wildfly on github and made a simple fix for this
>>>>       issue which
>>>>       >      > consists in additional parameter "keystore-type" for keystore
>>>>       >      > configuration. Based on this parameter I'm able to create
>>>>       appropriate
>>>>       >      > keystore type.
>>>>       >      >
>>>>       >      > Config sample:
>>>>       >      > <keystore path="keystore.p12"
>>>>       relative-to="jboss.server.config.dir"
>>>>       >      > keystore-password="xxx" keystore-type="PKCS12"
>>>>       alias="https"/>
>>>>       >      >
>>>>       >      > The changes are in my fork on github (keystore_type branch):
>>>>       >      > https://github.com/mzupnik/wildfly/tree/keystore_type
>>>>       >      >
>>>>       >      > Before I will try to do push request, could you answer me
>>>>       if it is
>>>>       >      > acceptable solution according to your architecture
>>>>       concept? If not,
>>>>       >      > could you give me some tips how to resolve it in other way? I
>>>>       >     care about
>>>>       >      > this fix before 9. release.
>>>>       >      >
>>>>       >      > Kind Regards,
>>>>       >      > Marek Zupnik
>>>>       >      >
>>>>       >      >
>>>>       >      > _______________________________________________
>>>>       >      > wildfly-dev mailing list
>>>>       >      > wildfly-dev at lists.jboss.org
>>>>       <mailto:wildfly-dev at lists.jboss.org>
>>>>       <mailto:wildfly-dev at lists.jboss.org
>>>>       <mailto:wildfly-dev at lists.jboss.org>>
>>>>       >      > https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>>       >      >
>>>>       >
>>>>       >
>>>>       >     _______________________________________________
>>>>       >     wildfly-dev mailing list
>>>>       > wildfly-dev at lists.jboss.org <mailto:wildfly-dev at lists.jboss.org>
>>>>       <mailto:wildfly-dev at lists.jboss.org
>>>>       <mailto:wildfly-dev at lists.jboss.org>>
>>>>       > https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>>       >
>>>>       >
>>>>       >
>>>>       >
>>>>       > _______________________________________________
>>>>       > wildfly-dev mailing list
>>>>       > wildfly-dev at lists.jboss.org <mailto:wildfly-dev at lists.jboss.org>
>>>>       > https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>>       >
>>>>       _______________________________________________
>>>>       wildfly-dev mailing list
>>>>       wildfly-dev at lists.jboss.org <mailto:wildfly-dev at lists.jboss.org>
>>>>       https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>>
>>>>
>>>> _______________________________________________
>>>> wildfly-dev mailing list
>>>> wildfly-dev at lists.jboss.org <mailto:wildfly-dev at lists.jboss.org>
>>>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>
>>>
>>> _______________________________________________
>>> wildfly-dev mailing list
>>> wildfly-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>
>>
>>
> _______________________________________________
> wildfly-dev mailing list
> wildfly-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>


More information about the wildfly-dev mailing list