Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-6025

Simplify creation of trust/key-manager in elytron

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 7.1.0.DR7
    • 7.1.0.DR4
    • Security
    • None

      If I want to setup TLS [1], I have to create key manager with CLI command

      /subsystem=elytron/key-managers=httpsKM:add(key-store=httpsKS,algorithm="SunX509")
      

      1. It seems to me algorithm can be optional. If not set TrustManagerFactory.getDefaultAlgorithm() can be used.

      2. Also, please, enhance xsd/model documentation with clear statement that this password attribute is in fact "key password" . Or probably better rename attribute from password to key-password to make it absolutely clear to everyone.
      3. key-store attribute is declared optional in xsd . In model it is properly declared as required. Please change XSD to express it is required.

              <xs:attribute name="key-store" type="xs:string" use="optional">
                  <xs:annotation>
                      <xs:documentation>
                          Reference to the KeyStore to use with the KeyManager.
                      </xs:documentation>
                  </xs:annotation>
              </xs:attribute>
      

      4.password attribute is optional, probably should be required

      "password" => {
      	"type" => STRING,
      	"description" => "The password to use when initialising the underlying KeyManagerFactory.",
      	"expressions-allowed" => true,
      	"nillable" => true,
      	"min-length" => 1L,
      	"max-length" => 2147483647L,
      	"deprecated" => {
      		"since" => "1.0.0",
      		"reason" => "Will be updated to use proper CredentialStore references."
      	},
      	"access-type" => "read-write",
      	"storage" => "configuration",
      	"restart-required" => "resource-services"
      },
      

      [1] https://docs.jboss.org/author/display/WFLY/WildFly+Elytron+Security#WildFlyElytronSecurity-Examples

              jkalina@redhat.com Jan Kalina (Inactive)
              mchoma@redhat.com Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: