[wildfly-dev] Support for PKCS12 keystores in Security Realms
Darran Lofthouse
darran.lofthouse at jboss.com
Mon Mar 24 07:58:20 EDT 2014
Most of the changes are now in for this, just some final updates to make
this compatible with alternative file based stores.
On 20/03/14 17:54, Darran Lofthouse wrote:
> I have updated the pull request for the schema version bump, once that
> one is in I will get pull requests in for backporting the upstream
> changes and enabling support for alternative file based keystores such
> as PKCS#12
>
> Regards,
> Darran Lofthouse.
>
>
> On 20/03/14 11:18, Darran Lofthouse wrote:
>> I am just tagging a JBoss Negotiation release then I will switch to
>> getting this backported.
>>
>> Once backported it may be easier if we just delete the commit from
>> Kabir's branch when he rebases.
>>
>> From this point forward can we please push less to WildFly 9? ;-) I
>> already lost time as I started to work on this for 8 and was then
>> diverted by other engineers to push it to 9, I am now going to spend
>> time pulling it back to 8!
>>
>> Regards,
>> Darran Lofthouse.
>>
>>
>> On 20/03/14 02:31, Brian Stansberry wrote:
>>> It's very similar to the existing commit for WF9/EAP6.3 [1], so if we
>>> want the feature in 8.0.1 we should just merge the open PR to bump the
>>> core schema versions[2] and then backport that commit.
>>>
>>> [1]
>>> https://github.com/kabir/wildfly/commit/3f22fcfa81975bf9951003889c4d4af1d2dbd319
>>>
>>>
>>> [2] https://github.com/wildfly/wildfly/pull/5913
>>>
>>> On 3/19/14, 8:32 PM, Jason T. Greene wrote:
>>>> Since this change looks minor, and it comes from a community member
>>>> I am
>>>> inclined to allow into 8.0.1.
>>>>
>>>> How bad is the conflict for the other change you are referring to
>>>> Darran?
>>>>
>>>> On Mar 19, 2014, at 5:43 PM, Marek Żupnik <marek.zupnik at gmail.com
>>>> <mailto:marek.zupnik at gmail.com>> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> Darran, I understand your point of view, but stable version of 9 will
>>>>> be not released tomorrow. Lack of pkcs12 support in 8 is a major
>>>>> issue, not to mention that in AS 7 I was able to use this format for
>>>>> https private key. I think it will be useful to fix it yet in 8, even
>>>>> thought the code with a fix will be thrown away in 9.
>>>>>
>>>>> I made a pull request with a fix
>>>>> (https://github.com/wildfly/wildfly/pull/6062). It is up to you what
>>>>> you do with it.
>>>>>
>>>>> Thank you for your answers and clarifications.
>>>>>
>>>>> Kind Regards,
>>>>> Marek Zupnik
>>>>>
>>>>>
>>>>> 2014-03-18 18:10 GMT+01:00 Darran Lofthouse
>>>>> <darran.lofthouse at jboss.com <mailto:darran.lofthouse at jboss.com>>:
>>>>>
>>>>> I will have another look if I get a chance to get something
>>>>> into 8 but
>>>>> in reality a related change in this area (that completely
>>>>> conflicts with
>>>>> your changes) was pushed to 9 as the consensus was we did not
>>>>> want the
>>>>> configuration model in this area changing before WildFLy 9.
>>>>>
>>>>> On 18/03/14 16:30, Marek Żupnik wrote:
>>>>> > Hi,
>>>>> >
>>>>> > Thank You Brian for your comments. I'll try to apply them
>>>>> to my
>>>>> code. I
>>>>> > ask if I will have further questions about it.
>>>>> >
>>>>> > @Darran, I have a question for you. I wasn't looking into
>>>>> development
>>>>> > branch so I haven't known about the changes. Is it possible
>>>>> that
>>>>> pkcs12
>>>>> > support will be merged in Wildfly 8? If not, could my
>>>>> change be
>>>>> merged
>>>>> > earlier? Otherwise, I'm forced to maintain my version of
>>>>> Wildfly
>>>>> untill
>>>>> > no 9 will be released.
>>>>> >
>>>>> > Kind Regards,
>>>>> > Marek Zupnik
>>>>> >
>>>>> >
>>>>> > 2014-03-18 16:20 GMT+01:00 Brian Stansberry
>>>>> <brian.stansberry at redhat.com
>>>>> <mailto:brian.stansberry at redhat.com>
>>>>> > <mailto:brian.stansberry at redhat.com
>>>>> <mailto:brian.stansberry at redhat.com>>>:
>>>>> >
>>>>> > Hi Marek,
>>>>> >
>>>>> > Welcome!
>>>>> >
>>>>> > I'm going to make a few comments on github re: some minor
>>>>> details of
>>>>> > your commit. But please keep an eye on this list for your
>>>>> more general
>>>>> > question about whether this is how we want to go about
>>>>> this.
>>>>> I believe
>>>>> > Darran Lofthouse was planning some work in this area so he
>>>>> may have some
>>>>> > input.
>>>>> >
>>>>> > Cheers,
>>>>> >
>>>>> > --
>>>>> > Brian Stansberry
>>>>> > Senior Principal Software Engineer
>>>>> > JBoss by Red Hat
>>>>> >
>>>>> > On 3/18/14, 8:59 AM, Marek Żupnik wrote:
>>>>> > > Hi,
>>>>> > >
>>>>> > > I'm Marek Zupnik. It's my first message for this
>>>>> list but for
>>>>> > some time
>>>>> > > I've been keeping my eyes on what's happening in
>>>>> wildfly
>>>>> development.
>>>>> > >
>>>>> > > I'm writing regarding to the issue about lack of
>>>>> support
>>>>> for PKCS12
>>>>> > > keystores in security realms
>>>>> > > (https://issues.jboss.org/browse/WFLY-2229). I
>>>>> wanted to
>>>>> migrate my
>>>>> > > system to Wildfly but in my case it is a blocking
>>>>> issue.
>>>>> I have
>>>>> > to use
>>>>> > > keystore in PKCS12 format in which I'm storing, among
>>>>> others, https
>>>>> > > private key.
>>>>> > >
>>>>> > > I forked Wildfly on github and made a simple fix for
>>>>> this
>>>>> issue which
>>>>> > > consists in additional parameter "keystore-type" for
>>>>> keystore
>>>>> > > configuration. Based on this parameter I'm able to
>>>>> create
>>>>> appropriate
>>>>> > > keystore type.
>>>>> > >
>>>>> > > Config sample:
>>>>> > > <keystore path="keystore.p12"
>>>>> relative-to="jboss.server.config.dir"
>>>>> > > keystore-password="xxx" keystore-type="PKCS12"
>>>>> alias="https"/>
>>>>> > >
>>>>> > > The changes are in my fork on github (keystore_type
>>>>> branch):
>>>>> > > https://github.com/mzupnik/wildfly/tree/keystore_type
>>>>> > >
>>>>> > > Before I will try to do push request, could you
>>>>> answer me
>>>>> if it is
>>>>> > > acceptable solution according to your architecture
>>>>> concept? If not,
>>>>> > > could you give me some tips how to resolve it in
>>>>> other way? I
>>>>> > care about
>>>>> > > this fix before 9. release.
>>>>> > >
>>>>> > > Kind Regards,
>>>>> > > Marek Zupnik
>>>>> > >
>>>>> > >
>>>>> > > _______________________________________________
>>>>> > > wildfly-dev mailing list
>>>>> > > wildfly-dev at lists.jboss.org
>>>>> <mailto:wildfly-dev at lists.jboss.org>
>>>>> <mailto:wildfly-dev at lists.jboss.org
>>>>> <mailto:wildfly-dev at lists.jboss.org>>
>>>>> > > https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>>> > >
>>>>> >
>>>>> >
>>>>> > _______________________________________________
>>>>> > wildfly-dev mailing list
>>>>> > wildfly-dev at lists.jboss.org
>>>>> <mailto:wildfly-dev at lists.jboss.org>
>>>>> <mailto:wildfly-dev at lists.jboss.org
>>>>> <mailto:wildfly-dev at lists.jboss.org>>
>>>>> > https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>>> >
>>>>> >
>>>>> >
>>>>> >
>>>>> > _______________________________________________
>>>>> > wildfly-dev mailing list
>>>>> > wildfly-dev at lists.jboss.org
>>>>> <mailto:wildfly-dev at lists.jboss.org>
>>>>> > https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>>> >
>>>>> _______________________________________________
>>>>> wildfly-dev mailing list
>>>>> wildfly-dev at lists.jboss.org <mailto:wildfly-dev at lists.jboss.org>
>>>>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> wildfly-dev mailing list
>>>>> wildfly-dev at lists.jboss.org <mailto:wildfly-dev at lists.jboss.org>
>>>>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>>
>>>>
>>>> _______________________________________________
>>>> wildfly-dev mailing list
>>>> wildfly-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>>
>>>
>>>
>> _______________________________________________
>> wildfly-dev mailing list
>> wildfly-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>
More information about the wildfly-dev
mailing list