[wildfly-dev] Support for PKCS12 keystores in Security Realms

Marek Żupnik marek.zupnik at gmail.com
Mon Mar 24 11:02:41 EDT 2014


It's a great news. Thank you for your help.

Kind regards,
Marek Zupnik


2014-03-24 12:58 GMT+01:00 Darran Lofthouse <darran.lofthouse at jboss.com>:

> Most of the changes are now in for this, just some final updates to make
> this compatible with alternative file based stores.
>
> On 20/03/14 17:54, Darran Lofthouse wrote:
> > I have updated the pull request for the schema version bump, once that
> > one is in I will get pull requests in for backporting the upstream
> > changes and enabling support for alternative file based keystores such
> > as PKCS#12
> >
> > Regards,
> > Darran Lofthouse.
> >
> >
> > On 20/03/14 11:18, Darran Lofthouse wrote:
> >> I am just tagging a JBoss Negotiation release then I will switch to
> >> getting this backported.
> >>
> >> Once backported it may be easier if we just delete the commit from
> >> Kabir's branch when he rebases.
> >>
> >>   From this point forward can we please push less to WildFly 9? ;-)  I
> >> already lost time as I started to work on this for 8 and was then
> >> diverted by other engineers to push it to 9, I am now going to spend
> >> time pulling it back to 8!
> >>
> >> Regards,
> >> Darran Lofthouse.
> >>
> >>
> >> On 20/03/14 02:31, Brian Stansberry wrote:
> >>> It's very similar to the existing commit for WF9/EAP6.3 [1], so if we
> >>> want the feature in 8.0.1 we should just merge the open PR to bump the
> >>> core schema versions[2] and then backport that commit.
> >>>
> >>> [1]
> >>>
> https://github.com/kabir/wildfly/commit/3f22fcfa81975bf9951003889c4d4af1d2dbd319
> >>>
> >>>
> >>> [2] https://github.com/wildfly/wildfly/pull/5913
> >>>
> >>> On 3/19/14, 8:32 PM, Jason T. Greene wrote:
> >>>> Since this change looks minor, and it comes from a community member
> >>>> I am
> >>>> inclined to allow into 8.0.1.
> >>>>
> >>>> How bad is the conflict for the other change you are referring to
> >>>> Darran?
> >>>>
> >>>> On Mar 19, 2014, at 5:43 PM, Marek Żupnik <marek.zupnik at gmail.com
> >>>> <mailto:marek.zupnik at gmail.com>> wrote:
> >>>>
> >>>>> Hi,
> >>>>>
> >>>>> Darran, I understand your point of view, but stable version of 9 will
> >>>>> be not released tomorrow. Lack of pkcs12 support in 8 is a major
> >>>>> issue, not to mention that in AS 7 I was able to use this format for
> >>>>> https private key. I think it will be useful to fix it yet in 8, even
> >>>>> thought the code with a fix will be thrown away in 9.
> >>>>>
> >>>>> I made a pull request with a fix
> >>>>> (https://github.com/wildfly/wildfly/pull/6062). It is up to you what
> >>>>> you do with it.
> >>>>>
> >>>>> Thank you for your answers and clarifications.
> >>>>>
> >>>>> Kind Regards,
> >>>>> Marek Zupnik
> >>>>>
> >>>>>
> >>>>> 2014-03-18 18:10 GMT+01:00 Darran Lofthouse
> >>>>> <darran.lofthouse at jboss.com <mailto:darran.lofthouse at jboss.com>>:
> >>>>>
> >>>>>       I will have another look if I get a chance to get something
> >>>>> into 8 but
> >>>>>       in reality a related change in this area (that completely
> >>>>>       conflicts with
> >>>>>       your changes) was pushed to 9 as the consensus was we did not
> >>>>> want the
> >>>>>       configuration model in this area changing before WildFLy 9.
> >>>>>
> >>>>>       On 18/03/14 16:30, Marek Żupnik wrote:
> >>>>>       > Hi,
> >>>>>       >
> >>>>>       > Thank You Brian for your comments. I'll try to apply them
> >>>>> to my
> >>>>>       code. I
> >>>>>       > ask if I will have further questions about it.
> >>>>>       >
> >>>>>       > @Darran, I have a question for you. I wasn't looking into
> >>>>>       development
> >>>>>       > branch so I haven't known about the changes. Is it possible
> >>>>> that
> >>>>>       pkcs12
> >>>>>       > support will be merged in Wildfly 8? If not, could my
> >>>>> change be
> >>>>>       merged
> >>>>>       > earlier? Otherwise, I'm forced to maintain my version of
> >>>>> Wildfly
> >>>>>       untill
> >>>>>       > no 9 will be released.
> >>>>>       >
> >>>>>       > Kind Regards,
> >>>>>       > Marek Zupnik
> >>>>>       >
> >>>>>       >
> >>>>>       > 2014-03-18 16:20 GMT+01:00 Brian Stansberry
> >>>>>       <brian.stansberry at redhat.com
> >>>>> <mailto:brian.stansberry at redhat.com>
> >>>>>       > <mailto:brian.stansberry at redhat.com
> >>>>>       <mailto:brian.stansberry at redhat.com>>>:
> >>>>>       >
> >>>>>       >     Hi Marek,
> >>>>>       >
> >>>>>       >     Welcome!
> >>>>>       >
> >>>>>       >     I'm going to make a few comments on github re: some minor
> >>>>>       details of
> >>>>>       >     your commit. But please keep an eye on this list for your
> >>>>>       more general
> >>>>>       >     question about whether this is how we want to go about
> >>>>> this.
> >>>>>       I believe
> >>>>>       >     Darran Lofthouse was planning some work in this area so
> he
> >>>>>       may have some
> >>>>>       >     input.
> >>>>>       >
> >>>>>       >     Cheers,
> >>>>>       >
> >>>>>       >     --
> >>>>>       >     Brian Stansberry
> >>>>>       >     Senior Principal Software Engineer
> >>>>>       >     JBoss by Red Hat
> >>>>>       >
> >>>>>       >     On 3/18/14, 8:59 AM, Marek Żupnik wrote:
> >>>>>       >      > Hi,
> >>>>>       >      >
> >>>>>       >      > I'm Marek Zupnik. It's my first message for this
> >>>>> list but for
> >>>>>       >     some time
> >>>>>       >      > I've been keeping my eyes on what's happening in
> >>>>> wildfly
> >>>>>       development.
> >>>>>       >      >
> >>>>>       >      > I'm writing regarding to the issue about lack of
> >>>>> support
> >>>>>       for PKCS12
> >>>>>       >      > keystores in security realms
> >>>>>       >      > (https://issues.jboss.org/browse/WFLY-2229). I
> >>>>> wanted to
> >>>>>       migrate my
> >>>>>       >      > system to Wildfly but in my case it is a blocking
> >>>>> issue.
> >>>>>       I have
> >>>>>       >     to use
> >>>>>       >      > keystore in PKCS12 format in which I'm storing, among
> >>>>>       others, https
> >>>>>       >      > private key.
> >>>>>       >      >
> >>>>>       >      > I forked Wildfly on github and made a simple fix for
> >>>>> this
> >>>>>       issue which
> >>>>>       >      > consists in additional parameter "keystore-type" for
> >>>>> keystore
> >>>>>       >      > configuration. Based on this parameter I'm able to
> >>>>> create
> >>>>>       appropriate
> >>>>>       >      > keystore type.
> >>>>>       >      >
> >>>>>       >      > Config sample:
> >>>>>       >      > <keystore path="keystore.p12"
> >>>>>       relative-to="jboss.server.config.dir"
> >>>>>       >      > keystore-password="xxx" keystore-type="PKCS12"
> >>>>>       alias="https"/>
> >>>>>       >      >
> >>>>>       >      > The changes are in my fork on github (keystore_type
> >>>>> branch):
> >>>>>       >      > https://github.com/mzupnik/wildfly/tree/keystore_type
> >>>>>       >      >
> >>>>>       >      > Before I will try to do push request, could you
> >>>>> answer me
> >>>>>       if it is
> >>>>>       >      > acceptable solution according to your architecture
> >>>>>       concept? If not,
> >>>>>       >      > could you give me some tips how to resolve it in
> >>>>> other way? I
> >>>>>       >     care about
> >>>>>       >      > this fix before 9. release.
> >>>>>       >      >
> >>>>>       >      > Kind Regards,
> >>>>>       >      > Marek Zupnik
> >>>>>       >      >
> >>>>>       >      >
> >>>>>       >      > _______________________________________________
> >>>>>       >      > wildfly-dev mailing list
> >>>>>       >      > wildfly-dev at lists.jboss.org
> >>>>>       <mailto:wildfly-dev at lists.jboss.org>
> >>>>>       <mailto:wildfly-dev at lists.jboss.org
> >>>>>       <mailto:wildfly-dev at lists.jboss.org>>
> >>>>>       >      > https://lists.jboss.org/mailman/listinfo/wildfly-dev
> >>>>>       >      >
> >>>>>       >
> >>>>>       >
> >>>>>       >     _______________________________________________
> >>>>>       >     wildfly-dev mailing list
> >>>>>       > wildfly-dev at lists.jboss.org
> >>>>> <mailto:wildfly-dev at lists.jboss.org>
> >>>>>       <mailto:wildfly-dev at lists.jboss.org
> >>>>>       <mailto:wildfly-dev at lists.jboss.org>>
> >>>>>       > https://lists.jboss.org/mailman/listinfo/wildfly-dev
> >>>>>       >
> >>>>>       >
> >>>>>       >
> >>>>>       >
> >>>>>       > _______________________________________________
> >>>>>       > wildfly-dev mailing list
> >>>>>       > wildfly-dev at lists.jboss.org
> >>>>> <mailto:wildfly-dev at lists.jboss.org>
> >>>>>       > https://lists.jboss.org/mailman/listinfo/wildfly-dev
> >>>>>       >
> >>>>>       _______________________________________________
> >>>>>       wildfly-dev mailing list
> >>>>>       wildfly-dev at lists.jboss.org <mailto:
> wildfly-dev at lists.jboss.org>
> >>>>>       https://lists.jboss.org/mailman/listinfo/wildfly-dev
> >>>>>
> >>>>>
> >>>>> _______________________________________________
> >>>>> wildfly-dev mailing list
> >>>>> wildfly-dev at lists.jboss.org <mailto:wildfly-dev at lists.jboss.org>
> >>>>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
> >>>>
> >>>>
> >>>> _______________________________________________
> >>>> wildfly-dev mailing list
> >>>> wildfly-dev at lists.jboss.org
> >>>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
> >>>>
> >>>
> >>>
> >> _______________________________________________
> >> wildfly-dev mailing list
> >> wildfly-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/wildfly-dev
> >>
> _______________________________________________
> wildfly-dev mailing list
> wildfly-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/wildfly-dev/attachments/20140324/6c0a62ef/attachment-0001.html 


More information about the wildfly-dev mailing list