If I want to setup TLS [1], I have to create key manager with CLI command
/subsystem=elytron/key-managers=httpsKM:add(key-store=httpsKS,algorithm="SunX509")
1. It seems to me algorithm can be optional. If not set TrustManagerFactory.getDefaultAlgorithm() can be used.
2. Also, please, enhance xsd/model documentation with clear statement that this password attribute is in fact "key password" . Or probably better rename attribute from password to key-password to make it absolutely clear to everyone.
3. key-store attribute is declared optional in xsd . In model it is properly declared as required. Please change XSD to express it is required.
<xs:attribute name="key-store" type="xs:string" use="optional"> <xs:annotation> <xs:documentation> Reference to the KeyStore to use with the KeyManager. </xs:documentation> </xs:annotation> </xs:attribute>
4.password attribute is optional, probably should be required
"password" => { "type" => STRING, "description" => "The password to use when initialising the underlying KeyManagerFactory.", "expressions-allowed" => true, "nillable" => true, "min-length" => 1L, "max-length" => 2147483647L, "deprecated" => { "since" => "1.0.0", "reason" => "Will be updated to use proper CredentialStore references." }, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "resource-services" },
[1] https://docs.jboss.org/author/display/WFLY/WildFly+Elytron+Security#WildFlyElytronSecurity-Examples
- is cloned by
-
WFLY-7194 Simplify creation of trust/key-manager in elytron
- Closed
- is incorporated by
-
JBEAP-6134 Upgrade to Elytron Subsystem 1.0.0.Alpha11
- Closed
- is related to
-
JBEAP-6098 Working with multiple keys in key store
- Closed