Support for PKCS12 keystores in Security Realms

classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|

Support for PKCS12 keystores in Security Realms

Marek Żupnik
Hi,

I'm Marek Zupnik. It's my first message for this list but for some time I've been keeping my eyes on what's happening in wildfly development. 

I'm writing regarding to the issue about lack of support for PKCS12 keystores in security realms (https://issues.jboss.org/browse/WFLY-2229). I wanted to migrate my system to Wildfly but in my case it is a blocking issue. I have to use keystore in PKCS12 format in which I'm storing, among others, https private key.

I forked Wildfly on github and made a simple fix for this issue which consists in additional parameter "keystore-type" for keystore configuration. Based on this parameter I'm able to create appropriate keystore type.

Config sample:
<keystore path="keystore.p12" relative-to="jboss.server.config.dir" keystore-password="xxx" keystore-type="PKCS12" alias="https"/>

The changes are in my fork on github (keystore_type branch):

Before I will try to do push request, could you answer me if it is acceptable solution according to your architecture concept? If not, could you give me some tips how to resolve it in other way? I care about this fix before 9. release.

Kind Regards,
Marek Zupnik

_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev
Reply | Threaded
Open this post in threaded view
|

Re: Support for PKCS12 keystores in Security Realms

Darran Lofthouse
This whole area is on the verge of being overhauled, feel free to put
this information in WFLY-2229 and I will take a look at the same time.

Regards,
Darran Lofthouse.


On 18/03/14 13:59, Marek Żupnik wrote:

> Hi,
>
> I'm Marek Zupnik. It's my first message for this list but for some time
> I've been keeping my eyes on what's happening in wildfly development.
>
> I'm writing regarding to the issue about lack of support for PKCS12
> keystores in security realms
> (https://issues.jboss.org/browse/WFLY-2229). I wanted to migrate my
> system to Wildfly but in my case it is a blocking issue. I have to use
> keystore in PKCS12 format in which I'm storing, among others, https
> private key.
>
> I forked Wildfly on github and made a simple fix for this issue which
> consists in additional parameter "keystore-type" for keystore
> configuration. Based on this parameter I'm able to create appropriate
> keystore type.
>
> Config sample:
> <keystore path="keystore.p12" relative-to="jboss.server.config.dir"
> keystore-password="xxx" keystore-type="PKCS12" alias="https"/>
>
> The changes are in my fork on github (keystore_type branch):
> https://github.com/mzupnik/wildfly/tree/keystore_type
>
> Before I will try to do push request, could you answer me if it is
> acceptable solution according to your architecture concept? If not,
> could you give me some tips how to resolve it in other way? I care about
> this fix before 9. release.
>
> Kind Regards,
> Marek Zupnik
>
>
> _______________________________________________
> wildfly-dev mailing list
> [hidden email]
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>
_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev
Reply | Threaded
Open this post in threaded view
|

Re: Support for PKCS12 keystores in Security Realms

Brian Stansberry
In reply to this post by Marek Żupnik
Hi Marek,

Welcome!

I'm going to make a few comments on github re: some minor details of
your commit. But please keep an eye on this list for your more general
question about whether this is how we want to go about this. I believe
Darran Lofthouse was planning some work in this area so he may have some
input.

Cheers,

--
Brian Stansberry
Senior Principal Software Engineer
JBoss by Red Hat

On 3/18/14, 8:59 AM, Marek Żupnik wrote:

> Hi,
>
> I'm Marek Zupnik. It's my first message for this list but for some time
> I've been keeping my eyes on what's happening in wildfly development.
>
> I'm writing regarding to the issue about lack of support for PKCS12
> keystores in security realms
> (https://issues.jboss.org/browse/WFLY-2229). I wanted to migrate my
> system to Wildfly but in my case it is a blocking issue. I have to use
> keystore in PKCS12 format in which I'm storing, among others, https
> private key.
>
> I forked Wildfly on github and made a simple fix for this issue which
> consists in additional parameter "keystore-type" for keystore
> configuration. Based on this parameter I'm able to create appropriate
> keystore type.
>
> Config sample:
> <keystore path="keystore.p12" relative-to="jboss.server.config.dir"
> keystore-password="xxx" keystore-type="PKCS12" alias="https"/>
>
> The changes are in my fork on github (keystore_type branch):
> https://github.com/mzupnik/wildfly/tree/keystore_type
>
> Before I will try to do push request, could you answer me if it is
> acceptable solution according to your architecture concept? If not,
> could you give me some tips how to resolve it in other way? I care about
> this fix before 9. release.
>
> Kind Regards,
> Marek Zupnik
>
>
> _______________________________________________
> wildfly-dev mailing list
> [hidden email]
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>


_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev
Reply | Threaded
Open this post in threaded view
|

Re: Support for PKCS12 keystores in Security Realms

Darran Lofthouse
In reply to this post by Darran Lofthouse
Should just clarify about 80% of the code change suggested has already
made it into the WildFly development branch - there is only a small
portion to finish off to complete the loading of a file based PKCS#12
keystore in WildFly 9 but that will come under the overhaul.

Regards,
Darran Lofthouse.


On 18/03/14 14:56, Darran Lofthouse wrote:

> This whole area is on the verge of being overhauled, feel free to put
> this information in WFLY-2229 and I will take a look at the same time.
>
> Regards,
> Darran Lofthouse.
>
>
> On 18/03/14 13:59, Marek Żupnik wrote:
>> Hi,
>>
>> I'm Marek Zupnik. It's my first message for this list but for some time
>> I've been keeping my eyes on what's happening in wildfly development.
>>
>> I'm writing regarding to the issue about lack of support for PKCS12
>> keystores in security realms
>> (https://issues.jboss.org/browse/WFLY-2229). I wanted to migrate my
>> system to Wildfly but in my case it is a blocking issue. I have to use
>> keystore in PKCS12 format in which I'm storing, among others, https
>> private key.
>>
>> I forked Wildfly on github and made a simple fix for this issue which
>> consists in additional parameter "keystore-type" for keystore
>> configuration. Based on this parameter I'm able to create appropriate
>> keystore type.
>>
>> Config sample:
>> <keystore path="keystore.p12" relative-to="jboss.server.config.dir"
>> keystore-password="xxx" keystore-type="PKCS12" alias="https"/>
>>
>> The changes are in my fork on github (keystore_type branch):
>> https://github.com/mzupnik/wildfly/tree/keystore_type
>>
>> Before I will try to do push request, could you answer me if it is
>> acceptable solution according to your architecture concept? If not,
>> could you give me some tips how to resolve it in other way? I care about
>> this fix before 9. release.
>>
>> Kind Regards,
>> Marek Zupnik
>>
>>
>> _______________________________________________
>> wildfly-dev mailing list
>> [hidden email]
>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>
> _______________________________________________
> wildfly-dev mailing list
> [hidden email]
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>
_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev
Reply | Threaded
Open this post in threaded view
|

Re: Support for PKCS12 keystores in Security Realms

Marek Żupnik
In reply to this post by Brian Stansberry
Hi,

Thank You Brian for your comments. I'll try to apply them to my code. I ask if I will have further questions about it.

@Darran, I have a question for you. I wasn't looking into development branch so I haven't known about the changes. Is it possible that pkcs12 support will be merged in Wildfly 8? If not, could my change be merged earlier? Otherwise, I'm forced to maintain my version of Wildfly untill no 9 will be released.

Kind Regards,
Marek Zupnik


2014-03-18 16:20 GMT+01:00 Brian Stansberry <[hidden email]>:
Hi Marek,

Welcome!

I'm going to make a few comments on github re: some minor details of
your commit. But please keep an eye on this list for your more general
question about whether this is how we want to go about this. I believe
Darran Lofthouse was planning some work in this area so he may have some
input.

Cheers,

--
Brian Stansberry
Senior Principal Software Engineer
JBoss by Red Hat

On 3/18/14, 8:59 AM, Marek Żupnik wrote:
> Hi,
>
> I'm Marek Zupnik. It's my first message for this list but for some time
> I've been keeping my eyes on what's happening in wildfly development.
>
> I'm writing regarding to the issue about lack of support for PKCS12
> keystores in security realms
> (https://issues.jboss.org/browse/WFLY-2229). I wanted to migrate my
> system to Wildfly but in my case it is a blocking issue. I have to use
> keystore in PKCS12 format in which I'm storing, among others, https
> private key.
>
> I forked Wildfly on github and made a simple fix for this issue which
> consists in additional parameter "keystore-type" for keystore
> configuration. Based on this parameter I'm able to create appropriate
> keystore type.
>
> Config sample:
> <keystore path="keystore.p12" relative-to="jboss.server.config.dir"
> keystore-password="xxx" keystore-type="PKCS12" alias="https"/>
>
> The changes are in my fork on github (keystore_type branch):
> https://github.com/mzupnik/wildfly/tree/keystore_type
>
> Before I will try to do push request, could you answer me if it is
> acceptable solution according to your architecture concept? If not,
> could you give me some tips how to resolve it in other way? I care about
> this fix before 9. release.
>
> Kind Regards,
> Marek Zupnik
>
>
> _______________________________________________
> wildfly-dev mailing list
> [hidden email]
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>


_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev


_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev
Reply | Threaded
Open this post in threaded view
|

Re: Support for PKCS12 keystores in Security Realms

Darran Lofthouse
I will have another look if I get a chance to get something into 8 but
in reality a related change in this area (that completely conflicts with
your changes) was pushed to 9 as the consensus was we did not want the
configuration model in this area changing before WildFLy 9.

On 18/03/14 16:30, Marek Żupnik wrote:

> Hi,
>
> Thank You Brian for your comments. I'll try to apply them to my code. I
> ask if I will have further questions about it.
>
> @Darran, I have a question for you. I wasn't looking into development
> branch so I haven't known about the changes. Is it possible that pkcs12
> support will be merged in Wildfly 8? If not, could my change be merged
> earlier? Otherwise, I'm forced to maintain my version of Wildfly untill
> no 9 will be released.
>
> Kind Regards,
> Marek Zupnik
>
>
> 2014-03-18 16:20 GMT+01:00 Brian Stansberry <[hidden email]
> <mailto:[hidden email]>>:
>
>     Hi Marek,
>
>     Welcome!
>
>     I'm going to make a few comments on github re: some minor details of
>     your commit. But please keep an eye on this list for your more general
>     question about whether this is how we want to go about this. I believe
>     Darran Lofthouse was planning some work in this area so he may have some
>     input.
>
>     Cheers,
>
>     --
>     Brian Stansberry
>     Senior Principal Software Engineer
>     JBoss by Red Hat
>
>     On 3/18/14, 8:59 AM, Marek Żupnik wrote:
>      > Hi,
>      >
>      > I'm Marek Zupnik. It's my first message for this list but for
>     some time
>      > I've been keeping my eyes on what's happening in wildfly development.
>      >
>      > I'm writing regarding to the issue about lack of support for PKCS12
>      > keystores in security realms
>      > (https://issues.jboss.org/browse/WFLY-2229). I wanted to migrate my
>      > system to Wildfly but in my case it is a blocking issue. I have
>     to use
>      > keystore in PKCS12 format in which I'm storing, among others, https
>      > private key.
>      >
>      > I forked Wildfly on github and made a simple fix for this issue which
>      > consists in additional parameter "keystore-type" for keystore
>      > configuration. Based on this parameter I'm able to create appropriate
>      > keystore type.
>      >
>      > Config sample:
>      > <keystore path="keystore.p12" relative-to="jboss.server.config.dir"
>      > keystore-password="xxx" keystore-type="PKCS12" alias="https"/>
>      >
>      > The changes are in my fork on github (keystore_type branch):
>      > https://github.com/mzupnik/wildfly/tree/keystore_type
>      >
>      > Before I will try to do push request, could you answer me if it is
>      > acceptable solution according to your architecture concept? If not,
>      > could you give me some tips how to resolve it in other way? I
>     care about
>      > this fix before 9. release.
>      >
>      > Kind Regards,
>      > Marek Zupnik
>      >
>      >
>      > _______________________________________________
>      > wildfly-dev mailing list
>      > [hidden email] <mailto:[hidden email]>
>      > https://lists.jboss.org/mailman/listinfo/wildfly-dev
>      >
>
>
>     _______________________________________________
>     wildfly-dev mailing list
>     [hidden email] <mailto:[hidden email]>
>     https://lists.jboss.org/mailman/listinfo/wildfly-dev
>
>
>
>
> _______________________________________________
> wildfly-dev mailing list
> [hidden email]
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>
_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev
Reply | Threaded
Open this post in threaded view
|

Re: Support for PKCS12 keystores in Security Realms

Marek Żupnik
Hi,

Darran, I understand your point of view, but stable version of 9 will be not released tomorrow. Lack of pkcs12 support in 8 is a major issue, not to mention that in AS 7 I was able to use this format for https private key. I think it will be useful to fix it yet in 8, even thought the code with a fix will be thrown away in 9.

I made a pull request with a fix (https://github.com/wildfly/wildfly/pull/6062). It is up to you what you do with it.

Thank you for your answers and clarifications.

Kind Regards,
Marek Zupnik


2014-03-18 18:10 GMT+01:00 Darran Lofthouse <[hidden email]>:
I will have another look if I get a chance to get something into 8 but
in reality a related change in this area (that completely conflicts with
your changes) was pushed to 9 as the consensus was we did not want the
configuration model in this area changing before WildFLy 9.

On 18/03/14 16:30, Marek Żupnik wrote:
> Hi,
>
> Thank You Brian for your comments. I'll try to apply them to my code. I
> ask if I will have further questions about it.
>
> @Darran, I have a question for you. I wasn't looking into development
> branch so I haven't known about the changes. Is it possible that pkcs12
> support will be merged in Wildfly 8? If not, could my change be merged
> earlier? Otherwise, I'm forced to maintain my version of Wildfly untill
> no 9 will be released.
>
> Kind Regards,
> Marek Zupnik
>
>
> 2014-03-18 16:20 GMT+01:00 Brian Stansberry <[hidden email]
> <mailto:[hidden email]>>:
>
>     Hi Marek,
>
>     Welcome!
>
>     I'm going to make a few comments on github re: some minor details of
>     your commit. But please keep an eye on this list for your more general
>     question about whether this is how we want to go about this. I believe
>     Darran Lofthouse was planning some work in this area so he may have some
>     input.
>
>     Cheers,
>
>     --
>     Brian Stansberry
>     Senior Principal Software Engineer
>     JBoss by Red Hat
>
>     On 3/18/14, 8:59 AM, Marek Żupnik wrote:
>      > Hi,
>      >
>      > I'm Marek Zupnik. It's my first message for this list but for
>     some time
>      > I've been keeping my eyes on what's happening in wildfly development.
>      >
>      > I'm writing regarding to the issue about lack of support for PKCS12
>      > keystores in security realms
>      > (https://issues.jboss.org/browse/WFLY-2229). I wanted to migrate my
>      > system to Wildfly but in my case it is a blocking issue. I have
>     to use
>      > keystore in PKCS12 format in which I'm storing, among others, https
>      > private key.
>      >
>      > I forked Wildfly on github and made a simple fix for this issue which
>      > consists in additional parameter "keystore-type" for keystore
>      > configuration. Based on this parameter I'm able to create appropriate
>      > keystore type.
>      >
>      > Config sample:
>      > <keystore path="keystore.p12" relative-to="jboss.server.config.dir"
>      > keystore-password="xxx" keystore-type="PKCS12" alias="https"/>
>      >
>      > The changes are in my fork on github (keystore_type branch):
>      > https://github.com/mzupnik/wildfly/tree/keystore_type
>      >
>      > Before I will try to do push request, could you answer me if it is
>      > acceptable solution according to your architecture concept? If not,
>      > could you give me some tips how to resolve it in other way? I
>     care about
>      > this fix before 9. release.
>      >
>      > Kind Regards,
>      > Marek Zupnik
>      >
>      >
>      > _______________________________________________
>      > wildfly-dev mailing list
>      > [hidden email] <mailto:[hidden email]>
>      > https://lists.jboss.org/mailman/listinfo/wildfly-dev
>      >
>
>
>     _______________________________________________
>     wildfly-dev mailing list
>     [hidden email] <mailto:[hidden email]>
>     https://lists.jboss.org/mailman/listinfo/wildfly-dev
>
>
>
>
> _______________________________________________
> wildfly-dev mailing list
> [hidden email]
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>
_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev


_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev
Reply | Threaded
Open this post in threaded view
|

Re: Support for PKCS12 keystores in Security Realms

Jason T. Greene
Since this change looks minor, and it comes from a community member I am inclined to allow into 8.0.1.

How bad is the conflict for the other change you are referring to Darran?

On Mar 19, 2014, at 5:43 PM, Marek Żupnik <[hidden email]> wrote:

Hi,

Darran, I understand your point of view, but stable version of 9 will be not released tomorrow. Lack of pkcs12 support in 8 is a major issue, not to mention that in AS 7 I was able to use this format for https private key. I think it will be useful to fix it yet in 8, even thought the code with a fix will be thrown away in 9.

I made a pull request with a fix (https://github.com/wildfly/wildfly/pull/6062). It is up to you what you do with it.

Thank you for your answers and clarifications.

Kind Regards,
Marek Zupnik


2014-03-18 18:10 GMT+01:00 Darran Lofthouse <[hidden email]>:
I will have another look if I get a chance to get something into 8 but
in reality a related change in this area (that completely conflicts with
your changes) was pushed to 9 as the consensus was we did not want the
configuration model in this area changing before WildFLy 9.

On 18/03/14 16:30, Marek Żupnik wrote:
> Hi,
>
> Thank You Brian for your comments. I'll try to apply them to my code. I
> ask if I will have further questions about it.
>
> @Darran, I have a question for you. I wasn't looking into development
> branch so I haven't known about the changes. Is it possible that pkcs12
> support will be merged in Wildfly 8? If not, could my change be merged
> earlier? Otherwise, I'm forced to maintain my version of Wildfly untill
> no 9 will be released.
>
> Kind Regards,
> Marek Zupnik
>
>
> 2014-03-18 16:20 GMT+01:00 Brian Stansberry <[hidden email]
> <mailto:[hidden email]>>:
>
>     Hi Marek,
>
>     Welcome!
>
>     I'm going to make a few comments on github re: some minor details of
>     your commit. But please keep an eye on this list for your more general
>     question about whether this is how we want to go about this. I believe
>     Darran Lofthouse was planning some work in this area so he may have some
>     input.
>
>     Cheers,
>
>     --
>     Brian Stansberry
>     Senior Principal Software Engineer
>     JBoss by Red Hat
>
>     On 3/18/14, 8:59 AM, Marek Żupnik wrote:
>      > Hi,
>      >
>      > I'm Marek Zupnik. It's my first message for this list but for
>     some time
>      > I've been keeping my eyes on what's happening in wildfly development.
>      >
>      > I'm writing regarding to the issue about lack of support for PKCS12
>      > keystores in security realms
>      > (https://issues.jboss.org/browse/WFLY-2229). I wanted to migrate my
>      > system to Wildfly but in my case it is a blocking issue. I have
>     to use
>      > keystore in PKCS12 format in which I'm storing, among others, https
>      > private key.
>      >
>      > I forked Wildfly on github and made a simple fix for this issue which
>      > consists in additional parameter "keystore-type" for keystore
>      > configuration. Based on this parameter I'm able to create appropriate
>      > keystore type.
>      >
>      > Config sample:
>      > <keystore path="keystore.p12" relative-to="jboss.server.config.dir"
>      > keystore-password="xxx" keystore-type="PKCS12" alias="https"/>
>      >
>      > The changes are in my fork on github (keystore_type branch):
>      > https://github.com/mzupnik/wildfly/tree/keystore_type
>      >
>      > Before I will try to do push request, could you answer me if it is
>      > acceptable solution according to your architecture concept? If not,
>      > could you give me some tips how to resolve it in other way? I
>     care about
>      > this fix before 9. release.
>      >
>      > Kind Regards,
>      > Marek Zupnik
>      >
>      >
>      > _______________________________________________
>      > wildfly-dev mailing list
>      > [hidden email] <mailto:[hidden email]>
>      > https://lists.jboss.org/mailman/listinfo/wildfly-dev
>      >
>
>
>     _______________________________________________
>     wildfly-dev mailing list
>     [hidden email] <mailto:[hidden email]>
>     https://lists.jboss.org/mailman/listinfo/wildfly-dev
>
>
>
>
> _______________________________________________
> wildfly-dev mailing list
> [hidden email]
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>
_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev

_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev

_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev
Reply | Threaded
Open this post in threaded view
|

Re: Support for PKCS12 keystores in Security Realms

Brian Stansberry
It's very similar to the existing commit for WF9/EAP6.3 [1], so if we
want the feature in 8.0.1 we should just merge the open PR to bump the
core schema versions[2] and then backport that commit.

[1]
https://github.com/kabir/wildfly/commit/3f22fcfa81975bf9951003889c4d4af1d2dbd319

[2] https://github.com/wildfly/wildfly/pull/5913

On 3/19/14, 8:32 PM, Jason T. Greene wrote:

> Since this change looks minor, and it comes from a community member I am
> inclined to allow into 8.0.1.
>
> How bad is the conflict for the other change you are referring to Darran?
>
> On Mar 19, 2014, at 5:43 PM, Marek Żupnik <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>> Hi,
>>
>> Darran, I understand your point of view, but stable version of 9 will
>> be not released tomorrow. Lack of pkcs12 support in 8 is a major
>> issue, not to mention that in AS 7 I was able to use this format for
>> https private key. I think it will be useful to fix it yet in 8, even
>> thought the code with a fix will be thrown away in 9.
>>
>> I made a pull request with a fix
>> (https://github.com/wildfly/wildfly/pull/6062). It is up to you what
>> you do with it.
>>
>> Thank you for your answers and clarifications.
>>
>> Kind Regards,
>> Marek Zupnik
>>
>>
>> 2014-03-18 18:10 GMT+01:00 Darran Lofthouse
>> <[hidden email] <mailto:[hidden email]>>:
>>
>>     I will have another look if I get a chance to get something into 8 but
>>     in reality a related change in this area (that completely
>>     conflicts with
>>     your changes) was pushed to 9 as the consensus was we did not want the
>>     configuration model in this area changing before WildFLy 9.
>>
>>     On 18/03/14 16:30, Marek Żupnik wrote:
>>     > Hi,
>>     >
>>     > Thank You Brian for your comments. I'll try to apply them to my
>>     code. I
>>     > ask if I will have further questions about it.
>>     >
>>     > @Darran, I have a question for you. I wasn't looking into
>>     development
>>     > branch so I haven't known about the changes. Is it possible that
>>     pkcs12
>>     > support will be merged in Wildfly 8? If not, could my change be
>>     merged
>>     > earlier? Otherwise, I'm forced to maintain my version of Wildfly
>>     untill
>>     > no 9 will be released.
>>     >
>>     > Kind Regards,
>>     > Marek Zupnik
>>     >
>>     >
>>     > 2014-03-18 16:20 GMT+01:00 Brian Stansberry
>>     <[hidden email] <mailto:[hidden email]>
>>     > <mailto:[hidden email]
>>     <mailto:[hidden email]>>>:
>>     >
>>     >     Hi Marek,
>>     >
>>     >     Welcome!
>>     >
>>     >     I'm going to make a few comments on github re: some minor
>>     details of
>>     >     your commit. But please keep an eye on this list for your
>>     more general
>>     >     question about whether this is how we want to go about this.
>>     I believe
>>     >     Darran Lofthouse was planning some work in this area so he
>>     may have some
>>     >     input.
>>     >
>>     >     Cheers,
>>     >
>>     >     --
>>     >     Brian Stansberry
>>     >     Senior Principal Software Engineer
>>     >     JBoss by Red Hat
>>     >
>>     >     On 3/18/14, 8:59 AM, Marek Żupnik wrote:
>>     >      > Hi,
>>     >      >
>>     >      > I'm Marek Zupnik. It's my first message for this list but for
>>     >     some time
>>     >      > I've been keeping my eyes on what's happening in wildfly
>>     development.
>>     >      >
>>     >      > I'm writing regarding to the issue about lack of support
>>     for PKCS12
>>     >      > keystores in security realms
>>     >      > (https://issues.jboss.org/browse/WFLY-2229). I wanted to
>>     migrate my
>>     >      > system to Wildfly but in my case it is a blocking issue.
>>     I have
>>     >     to use
>>     >      > keystore in PKCS12 format in which I'm storing, among
>>     others, https
>>     >      > private key.
>>     >      >
>>     >      > I forked Wildfly on github and made a simple fix for this
>>     issue which
>>     >      > consists in additional parameter "keystore-type" for keystore
>>     >      > configuration. Based on this parameter I'm able to create
>>     appropriate
>>     >      > keystore type.
>>     >      >
>>     >      > Config sample:
>>     >      > <keystore path="keystore.p12"
>>     relative-to="jboss.server.config.dir"
>>     >      > keystore-password="xxx" keystore-type="PKCS12"
>>     alias="https"/>
>>     >      >
>>     >      > The changes are in my fork on github (keystore_type branch):
>>     >      > https://github.com/mzupnik/wildfly/tree/keystore_type
>>     >      >
>>     >      > Before I will try to do push request, could you answer me
>>     if it is
>>     >      > acceptable solution according to your architecture
>>     concept? If not,
>>     >      > could you give me some tips how to resolve it in other way? I
>>     >     care about
>>     >      > this fix before 9. release.
>>     >      >
>>     >      > Kind Regards,
>>     >      > Marek Zupnik
>>     >      >
>>     >      >
>>     >      > _______________________________________________
>>     >      > wildfly-dev mailing list
>>     >      > [hidden email]
>>     <mailto:[hidden email]>
>>     <mailto:[hidden email]
>>     <mailto:[hidden email]>>
>>     >      > https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>     >      >
>>     >
>>     >
>>     >     _______________________________________________
>>     >     wildfly-dev mailing list
>>     > [hidden email] <mailto:[hidden email]>
>>     <mailto:[hidden email]
>>     <mailto:[hidden email]>>
>>     > https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>     >
>>     >
>>     >
>>     >
>>     > _______________________________________________
>>     > wildfly-dev mailing list
>>     > [hidden email] <mailto:[hidden email]>
>>     > https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>     >
>>     _______________________________________________
>>     wildfly-dev mailing list
>>     [hidden email] <mailto:[hidden email]>
>>     https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>
>>
>> _______________________________________________
>> wildfly-dev mailing list
>> [hidden email] <mailto:[hidden email]>
>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>
>
> _______________________________________________
> wildfly-dev mailing list
> [hidden email]
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>


--
Brian Stansberry
Senior Principal Software Engineer
JBoss by Red Hat
_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev
Reply | Threaded
Open this post in threaded view
|

Re: Support for PKCS12 keystores in Security Realms

Darran Lofthouse
I am just tagging a JBoss Negotiation release then I will switch to
getting this backported.

Once backported it may be easier if we just delete the commit from
Kabir's branch when he rebases.

 From this point forward can we please push less to WildFly 9? ;-)  I
already lost time as I started to work on this for 8 and was then
diverted by other engineers to push it to 9, I am now going to spend
time pulling it back to 8!

Regards,
Darran Lofthouse.


On 20/03/14 02:31, Brian Stansberry wrote:

> It's very similar to the existing commit for WF9/EAP6.3 [1], so if we
> want the feature in 8.0.1 we should just merge the open PR to bump the
> core schema versions[2] and then backport that commit.
>
> [1]
> https://github.com/kabir/wildfly/commit/3f22fcfa81975bf9951003889c4d4af1d2dbd319
>
> [2] https://github.com/wildfly/wildfly/pull/5913
>
> On 3/19/14, 8:32 PM, Jason T. Greene wrote:
>> Since this change looks minor, and it comes from a community member I am
>> inclined to allow into 8.0.1.
>>
>> How bad is the conflict for the other change you are referring to Darran?
>>
>> On Mar 19, 2014, at 5:43 PM, Marek Żupnik <[hidden email]
>> <mailto:[hidden email]>> wrote:
>>
>>> Hi,
>>>
>>> Darran, I understand your point of view, but stable version of 9 will
>>> be not released tomorrow. Lack of pkcs12 support in 8 is a major
>>> issue, not to mention that in AS 7 I was able to use this format for
>>> https private key. I think it will be useful to fix it yet in 8, even
>>> thought the code with a fix will be thrown away in 9.
>>>
>>> I made a pull request with a fix
>>> (https://github.com/wildfly/wildfly/pull/6062). It is up to you what
>>> you do with it.
>>>
>>> Thank you for your answers and clarifications.
>>>
>>> Kind Regards,
>>> Marek Zupnik
>>>
>>>
>>> 2014-03-18 18:10 GMT+01:00 Darran Lofthouse
>>> <[hidden email] <mailto:[hidden email]>>:
>>>
>>>      I will have another look if I get a chance to get something into 8 but
>>>      in reality a related change in this area (that completely
>>>      conflicts with
>>>      your changes) was pushed to 9 as the consensus was we did not want the
>>>      configuration model in this area changing before WildFLy 9.
>>>
>>>      On 18/03/14 16:30, Marek Żupnik wrote:
>>>      > Hi,
>>>      >
>>>      > Thank You Brian for your comments. I'll try to apply them to my
>>>      code. I
>>>      > ask if I will have further questions about it.
>>>      >
>>>      > @Darran, I have a question for you. I wasn't looking into
>>>      development
>>>      > branch so I haven't known about the changes. Is it possible that
>>>      pkcs12
>>>      > support will be merged in Wildfly 8? If not, could my change be
>>>      merged
>>>      > earlier? Otherwise, I'm forced to maintain my version of Wildfly
>>>      untill
>>>      > no 9 will be released.
>>>      >
>>>      > Kind Regards,
>>>      > Marek Zupnik
>>>      >
>>>      >
>>>      > 2014-03-18 16:20 GMT+01:00 Brian Stansberry
>>>      <[hidden email] <mailto:[hidden email]>
>>>      > <mailto:[hidden email]
>>>      <mailto:[hidden email]>>>:
>>>      >
>>>      >     Hi Marek,
>>>      >
>>>      >     Welcome!
>>>      >
>>>      >     I'm going to make a few comments on github re: some minor
>>>      details of
>>>      >     your commit. But please keep an eye on this list for your
>>>      more general
>>>      >     question about whether this is how we want to go about this.
>>>      I believe
>>>      >     Darran Lofthouse was planning some work in this area so he
>>>      may have some
>>>      >     input.
>>>      >
>>>      >     Cheers,
>>>      >
>>>      >     --
>>>      >     Brian Stansberry
>>>      >     Senior Principal Software Engineer
>>>      >     JBoss by Red Hat
>>>      >
>>>      >     On 3/18/14, 8:59 AM, Marek Żupnik wrote:
>>>      >      > Hi,
>>>      >      >
>>>      >      > I'm Marek Zupnik. It's my first message for this list but for
>>>      >     some time
>>>      >      > I've been keeping my eyes on what's happening in wildfly
>>>      development.
>>>      >      >
>>>      >      > I'm writing regarding to the issue about lack of support
>>>      for PKCS12
>>>      >      > keystores in security realms
>>>      >      > (https://issues.jboss.org/browse/WFLY-2229). I wanted to
>>>      migrate my
>>>      >      > system to Wildfly but in my case it is a blocking issue.
>>>      I have
>>>      >     to use
>>>      >      > keystore in PKCS12 format in which I'm storing, among
>>>      others, https
>>>      >      > private key.
>>>      >      >
>>>      >      > I forked Wildfly on github and made a simple fix for this
>>>      issue which
>>>      >      > consists in additional parameter "keystore-type" for keystore
>>>      >      > configuration. Based on this parameter I'm able to create
>>>      appropriate
>>>      >      > keystore type.
>>>      >      >
>>>      >      > Config sample:
>>>      >      > <keystore path="keystore.p12"
>>>      relative-to="jboss.server.config.dir"
>>>      >      > keystore-password="xxx" keystore-type="PKCS12"
>>>      alias="https"/>
>>>      >      >
>>>      >      > The changes are in my fork on github (keystore_type branch):
>>>      >      > https://github.com/mzupnik/wildfly/tree/keystore_type
>>>      >      >
>>>      >      > Before I will try to do push request, could you answer me
>>>      if it is
>>>      >      > acceptable solution according to your architecture
>>>      concept? If not,
>>>      >      > could you give me some tips how to resolve it in other way? I
>>>      >     care about
>>>      >      > this fix before 9. release.
>>>      >      >
>>>      >      > Kind Regards,
>>>      >      > Marek Zupnik
>>>      >      >
>>>      >      >
>>>      >      > _______________________________________________
>>>      >      > wildfly-dev mailing list
>>>      >      > [hidden email]
>>>      <mailto:[hidden email]>
>>>      <mailto:[hidden email]
>>>      <mailto:[hidden email]>>
>>>      >      > https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>      >      >
>>>      >
>>>      >
>>>      >     _______________________________________________
>>>      >     wildfly-dev mailing list
>>>      > [hidden email] <mailto:[hidden email]>
>>>      <mailto:[hidden email]
>>>      <mailto:[hidden email]>>
>>>      > https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>      >
>>>      >
>>>      >
>>>      >
>>>      > _______________________________________________
>>>      > wildfly-dev mailing list
>>>      > [hidden email] <mailto:[hidden email]>
>>>      > https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>      >
>>>      _______________________________________________
>>>      wildfly-dev mailing list
>>>      [hidden email] <mailto:[hidden email]>
>>>      https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>
>>>
>>> _______________________________________________
>>> wildfly-dev mailing list
>>> [hidden email] <mailto:[hidden email]>
>>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>
>>
>> _______________________________________________
>> wildfly-dev mailing list
>> [hidden email]
>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>
>
>
_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev
Reply | Threaded
Open this post in threaded view
|

Re: Support for PKCS12 keystores in Security Realms

Darran Lofthouse
I have updated the pull request for the schema version bump, once that
one is in I will get pull requests in for backporting the upstream
changes and enabling support for alternative file based keystores such
as PKCS#12

Regards,
Darran Lofthouse.


On 20/03/14 11:18, Darran Lofthouse wrote:

> I am just tagging a JBoss Negotiation release then I will switch to
> getting this backported.
>
> Once backported it may be easier if we just delete the commit from
> Kabir's branch when he rebases.
>
>   From this point forward can we please push less to WildFly 9? ;-)  I
> already lost time as I started to work on this for 8 and was then
> diverted by other engineers to push it to 9, I am now going to spend
> time pulling it back to 8!
>
> Regards,
> Darran Lofthouse.
>
>
> On 20/03/14 02:31, Brian Stansberry wrote:
>> It's very similar to the existing commit for WF9/EAP6.3 [1], so if we
>> want the feature in 8.0.1 we should just merge the open PR to bump the
>> core schema versions[2] and then backport that commit.
>>
>> [1]
>> https://github.com/kabir/wildfly/commit/3f22fcfa81975bf9951003889c4d4af1d2dbd319
>>
>> [2] https://github.com/wildfly/wildfly/pull/5913
>>
>> On 3/19/14, 8:32 PM, Jason T. Greene wrote:
>>> Since this change looks minor, and it comes from a community member I am
>>> inclined to allow into 8.0.1.
>>>
>>> How bad is the conflict for the other change you are referring to Darran?
>>>
>>> On Mar 19, 2014, at 5:43 PM, Marek Żupnik <[hidden email]
>>> <mailto:[hidden email]>> wrote:
>>>
>>>> Hi,
>>>>
>>>> Darran, I understand your point of view, but stable version of 9 will
>>>> be not released tomorrow. Lack of pkcs12 support in 8 is a major
>>>> issue, not to mention that in AS 7 I was able to use this format for
>>>> https private key. I think it will be useful to fix it yet in 8, even
>>>> thought the code with a fix will be thrown away in 9.
>>>>
>>>> I made a pull request with a fix
>>>> (https://github.com/wildfly/wildfly/pull/6062). It is up to you what
>>>> you do with it.
>>>>
>>>> Thank you for your answers and clarifications.
>>>>
>>>> Kind Regards,
>>>> Marek Zupnik
>>>>
>>>>
>>>> 2014-03-18 18:10 GMT+01:00 Darran Lofthouse
>>>> <[hidden email] <mailto:[hidden email]>>:
>>>>
>>>>       I will have another look if I get a chance to get something into 8 but
>>>>       in reality a related change in this area (that completely
>>>>       conflicts with
>>>>       your changes) was pushed to 9 as the consensus was we did not want the
>>>>       configuration model in this area changing before WildFLy 9.
>>>>
>>>>       On 18/03/14 16:30, Marek Żupnik wrote:
>>>>       > Hi,
>>>>       >
>>>>       > Thank You Brian for your comments. I'll try to apply them to my
>>>>       code. I
>>>>       > ask if I will have further questions about it.
>>>>       >
>>>>       > @Darran, I have a question for you. I wasn't looking into
>>>>       development
>>>>       > branch so I haven't known about the changes. Is it possible that
>>>>       pkcs12
>>>>       > support will be merged in Wildfly 8? If not, could my change be
>>>>       merged
>>>>       > earlier? Otherwise, I'm forced to maintain my version of Wildfly
>>>>       untill
>>>>       > no 9 will be released.
>>>>       >
>>>>       > Kind Regards,
>>>>       > Marek Zupnik
>>>>       >
>>>>       >
>>>>       > 2014-03-18 16:20 GMT+01:00 Brian Stansberry
>>>>       <[hidden email] <mailto:[hidden email]>
>>>>       > <mailto:[hidden email]
>>>>       <mailto:[hidden email]>>>:
>>>>       >
>>>>       >     Hi Marek,
>>>>       >
>>>>       >     Welcome!
>>>>       >
>>>>       >     I'm going to make a few comments on github re: some minor
>>>>       details of
>>>>       >     your commit. But please keep an eye on this list for your
>>>>       more general
>>>>       >     question about whether this is how we want to go about this.
>>>>       I believe
>>>>       >     Darran Lofthouse was planning some work in this area so he
>>>>       may have some
>>>>       >     input.
>>>>       >
>>>>       >     Cheers,
>>>>       >
>>>>       >     --
>>>>       >     Brian Stansberry
>>>>       >     Senior Principal Software Engineer
>>>>       >     JBoss by Red Hat
>>>>       >
>>>>       >     On 3/18/14, 8:59 AM, Marek Żupnik wrote:
>>>>       >      > Hi,
>>>>       >      >
>>>>       >      > I'm Marek Zupnik. It's my first message for this list but for
>>>>       >     some time
>>>>       >      > I've been keeping my eyes on what's happening in wildfly
>>>>       development.
>>>>       >      >
>>>>       >      > I'm writing regarding to the issue about lack of support
>>>>       for PKCS12
>>>>       >      > keystores in security realms
>>>>       >      > (https://issues.jboss.org/browse/WFLY-2229). I wanted to
>>>>       migrate my
>>>>       >      > system to Wildfly but in my case it is a blocking issue.
>>>>       I have
>>>>       >     to use
>>>>       >      > keystore in PKCS12 format in which I'm storing, among
>>>>       others, https
>>>>       >      > private key.
>>>>       >      >
>>>>       >      > I forked Wildfly on github and made a simple fix for this
>>>>       issue which
>>>>       >      > consists in additional parameter "keystore-type" for keystore
>>>>       >      > configuration. Based on this parameter I'm able to create
>>>>       appropriate
>>>>       >      > keystore type.
>>>>       >      >
>>>>       >      > Config sample:
>>>>       >      > <keystore path="keystore.p12"
>>>>       relative-to="jboss.server.config.dir"
>>>>       >      > keystore-password="xxx" keystore-type="PKCS12"
>>>>       alias="https"/>
>>>>       >      >
>>>>       >      > The changes are in my fork on github (keystore_type branch):
>>>>       >      > https://github.com/mzupnik/wildfly/tree/keystore_type
>>>>       >      >
>>>>       >      > Before I will try to do push request, could you answer me
>>>>       if it is
>>>>       >      > acceptable solution according to your architecture
>>>>       concept? If not,
>>>>       >      > could you give me some tips how to resolve it in other way? I
>>>>       >     care about
>>>>       >      > this fix before 9. release.
>>>>       >      >
>>>>       >      > Kind Regards,
>>>>       >      > Marek Zupnik
>>>>       >      >
>>>>       >      >
>>>>       >      > _______________________________________________
>>>>       >      > wildfly-dev mailing list
>>>>       >      > [hidden email]
>>>>       <mailto:[hidden email]>
>>>>       <mailto:[hidden email]
>>>>       <mailto:[hidden email]>>
>>>>       >      > https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>>       >      >
>>>>       >
>>>>       >
>>>>       >     _______________________________________________
>>>>       >     wildfly-dev mailing list
>>>>       > [hidden email] <mailto:[hidden email]>
>>>>       <mailto:[hidden email]
>>>>       <mailto:[hidden email]>>
>>>>       > https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>>       >
>>>>       >
>>>>       >
>>>>       >
>>>>       > _______________________________________________
>>>>       > wildfly-dev mailing list
>>>>       > [hidden email] <mailto:[hidden email]>
>>>>       > https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>>       >
>>>>       _______________________________________________
>>>>       wildfly-dev mailing list
>>>>       [hidden email] <mailto:[hidden email]>
>>>>       https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>>
>>>>
>>>> _______________________________________________
>>>> wildfly-dev mailing list
>>>> [hidden email] <mailto:[hidden email]>
>>>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>
>>>
>>> _______________________________________________
>>> wildfly-dev mailing list
>>> [hidden email]
>>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>
>>
>>
> _______________________________________________
> wildfly-dev mailing list
> [hidden email]
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>
_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev
Reply | Threaded
Open this post in threaded view
|

Re: Support for PKCS12 keystores in Security Realms

Darran Lofthouse
Most of the changes are now in for this, just some final updates to make
this compatible with alternative file based stores.

On 20/03/14 17:54, Darran Lofthouse wrote:

> I have updated the pull request for the schema version bump, once that
> one is in I will get pull requests in for backporting the upstream
> changes and enabling support for alternative file based keystores such
> as PKCS#12
>
> Regards,
> Darran Lofthouse.
>
>
> On 20/03/14 11:18, Darran Lofthouse wrote:
>> I am just tagging a JBoss Negotiation release then I will switch to
>> getting this backported.
>>
>> Once backported it may be easier if we just delete the commit from
>> Kabir's branch when he rebases.
>>
>>   From this point forward can we please push less to WildFly 9? ;-)  I
>> already lost time as I started to work on this for 8 and was then
>> diverted by other engineers to push it to 9, I am now going to spend
>> time pulling it back to 8!
>>
>> Regards,
>> Darran Lofthouse.
>>
>>
>> On 20/03/14 02:31, Brian Stansberry wrote:
>>> It's very similar to the existing commit for WF9/EAP6.3 [1], so if we
>>> want the feature in 8.0.1 we should just merge the open PR to bump the
>>> core schema versions[2] and then backport that commit.
>>>
>>> [1]
>>> https://github.com/kabir/wildfly/commit/3f22fcfa81975bf9951003889c4d4af1d2dbd319
>>>
>>>
>>> [2] https://github.com/wildfly/wildfly/pull/5913
>>>
>>> On 3/19/14, 8:32 PM, Jason T. Greene wrote:
>>>> Since this change looks minor, and it comes from a community member
>>>> I am
>>>> inclined to allow into 8.0.1.
>>>>
>>>> How bad is the conflict for the other change you are referring to
>>>> Darran?
>>>>
>>>> On Mar 19, 2014, at 5:43 PM, Marek Żupnik <[hidden email]
>>>> <mailto:[hidden email]>> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> Darran, I understand your point of view, but stable version of 9 will
>>>>> be not released tomorrow. Lack of pkcs12 support in 8 is a major
>>>>> issue, not to mention that in AS 7 I was able to use this format for
>>>>> https private key. I think it will be useful to fix it yet in 8, even
>>>>> thought the code with a fix will be thrown away in 9.
>>>>>
>>>>> I made a pull request with a fix
>>>>> (https://github.com/wildfly/wildfly/pull/6062). It is up to you what
>>>>> you do with it.
>>>>>
>>>>> Thank you for your answers and clarifications.
>>>>>
>>>>> Kind Regards,
>>>>> Marek Zupnik
>>>>>
>>>>>
>>>>> 2014-03-18 18:10 GMT+01:00 Darran Lofthouse
>>>>> <[hidden email] <mailto:[hidden email]>>:
>>>>>
>>>>>       I will have another look if I get a chance to get something
>>>>> into 8 but
>>>>>       in reality a related change in this area (that completely
>>>>>       conflicts with
>>>>>       your changes) was pushed to 9 as the consensus was we did not
>>>>> want the
>>>>>       configuration model in this area changing before WildFLy 9.
>>>>>
>>>>>       On 18/03/14 16:30, Marek Żupnik wrote:
>>>>>       > Hi,
>>>>>       >
>>>>>       > Thank You Brian for your comments. I'll try to apply them
>>>>> to my
>>>>>       code. I
>>>>>       > ask if I will have further questions about it.
>>>>>       >
>>>>>       > @Darran, I have a question for you. I wasn't looking into
>>>>>       development
>>>>>       > branch so I haven't known about the changes. Is it possible
>>>>> that
>>>>>       pkcs12
>>>>>       > support will be merged in Wildfly 8? If not, could my
>>>>> change be
>>>>>       merged
>>>>>       > earlier? Otherwise, I'm forced to maintain my version of
>>>>> Wildfly
>>>>>       untill
>>>>>       > no 9 will be released.
>>>>>       >
>>>>>       > Kind Regards,
>>>>>       > Marek Zupnik
>>>>>       >
>>>>>       >
>>>>>       > 2014-03-18 16:20 GMT+01:00 Brian Stansberry
>>>>>       <[hidden email]
>>>>> <mailto:[hidden email]>
>>>>>       > <mailto:[hidden email]
>>>>>       <mailto:[hidden email]>>>:
>>>>>       >
>>>>>       >     Hi Marek,
>>>>>       >
>>>>>       >     Welcome!
>>>>>       >
>>>>>       >     I'm going to make a few comments on github re: some minor
>>>>>       details of
>>>>>       >     your commit. But please keep an eye on this list for your
>>>>>       more general
>>>>>       >     question about whether this is how we want to go about
>>>>> this.
>>>>>       I believe
>>>>>       >     Darran Lofthouse was planning some work in this area so he
>>>>>       may have some
>>>>>       >     input.
>>>>>       >
>>>>>       >     Cheers,
>>>>>       >
>>>>>       >     --
>>>>>       >     Brian Stansberry
>>>>>       >     Senior Principal Software Engineer
>>>>>       >     JBoss by Red Hat
>>>>>       >
>>>>>       >     On 3/18/14, 8:59 AM, Marek Żupnik wrote:
>>>>>       >      > Hi,
>>>>>       >      >
>>>>>       >      > I'm Marek Zupnik. It's my first message for this
>>>>> list but for
>>>>>       >     some time
>>>>>       >      > I've been keeping my eyes on what's happening in
>>>>> wildfly
>>>>>       development.
>>>>>       >      >
>>>>>       >      > I'm writing regarding to the issue about lack of
>>>>> support
>>>>>       for PKCS12
>>>>>       >      > keystores in security realms
>>>>>       >      > (https://issues.jboss.org/browse/WFLY-2229). I
>>>>> wanted to
>>>>>       migrate my
>>>>>       >      > system to Wildfly but in my case it is a blocking
>>>>> issue.
>>>>>       I have
>>>>>       >     to use
>>>>>       >      > keystore in PKCS12 format in which I'm storing, among
>>>>>       others, https
>>>>>       >      > private key.
>>>>>       >      >
>>>>>       >      > I forked Wildfly on github and made a simple fix for
>>>>> this
>>>>>       issue which
>>>>>       >      > consists in additional parameter "keystore-type" for
>>>>> keystore
>>>>>       >      > configuration. Based on this parameter I'm able to
>>>>> create
>>>>>       appropriate
>>>>>       >      > keystore type.
>>>>>       >      >
>>>>>       >      > Config sample:
>>>>>       >      > <keystore path="keystore.p12"
>>>>>       relative-to="jboss.server.config.dir"
>>>>>       >      > keystore-password="xxx" keystore-type="PKCS12"
>>>>>       alias="https"/>
>>>>>       >      >
>>>>>       >      > The changes are in my fork on github (keystore_type
>>>>> branch):
>>>>>       >      > https://github.com/mzupnik/wildfly/tree/keystore_type
>>>>>       >      >
>>>>>       >      > Before I will try to do push request, could you
>>>>> answer me
>>>>>       if it is
>>>>>       >      > acceptable solution according to your architecture
>>>>>       concept? If not,
>>>>>       >      > could you give me some tips how to resolve it in
>>>>> other way? I
>>>>>       >     care about
>>>>>       >      > this fix before 9. release.
>>>>>       >      >
>>>>>       >      > Kind Regards,
>>>>>       >      > Marek Zupnik
>>>>>       >      >
>>>>>       >      >
>>>>>       >      > _______________________________________________
>>>>>       >      > wildfly-dev mailing list
>>>>>       >      > [hidden email]
>>>>>       <mailto:[hidden email]>
>>>>>       <mailto:[hidden email]
>>>>>       <mailto:[hidden email]>>
>>>>>       >      > https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>>>       >      >
>>>>>       >
>>>>>       >
>>>>>       >     _______________________________________________
>>>>>       >     wildfly-dev mailing list
>>>>>       > [hidden email]
>>>>> <mailto:[hidden email]>
>>>>>       <mailto:[hidden email]
>>>>>       <mailto:[hidden email]>>
>>>>>       > https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>>>       >
>>>>>       >
>>>>>       >
>>>>>       >
>>>>>       > _______________________________________________
>>>>>       > wildfly-dev mailing list
>>>>>       > [hidden email]
>>>>> <mailto:[hidden email]>
>>>>>       > https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>>>       >
>>>>>       _______________________________________________
>>>>>       wildfly-dev mailing list
>>>>>       [hidden email] <mailto:[hidden email]>
>>>>>       https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> wildfly-dev mailing list
>>>>> [hidden email] <mailto:[hidden email]>
>>>>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>>
>>>>
>>>> _______________________________________________
>>>> wildfly-dev mailing list
>>>> [hidden email]
>>>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>>
>>>
>>>
>> _______________________________________________
>> wildfly-dev mailing list
>> [hidden email]
>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>
_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev
Reply | Threaded
Open this post in threaded view
|

EE Subsystem Configuration Documentation

Eduardo Martins-2
In reply to this post by Darran Lofthouse
Added a page documenting the EE Subsystem Configuration, which allows an admin to:

* customise the deployment of Java EE applications
* configure EE Concurrency Utilities instances
* define the default bindings, such as java:comp/DefaultDatasource

The page URL is https://docs.jboss.org/author/display/WFLY8/EE+Subsystem+Configuration

Also updated the JNDI Reference in WildFly's Developer Guide, which URL is https://docs.jboss.org/author/display/WFLY8/JNDI+Reference

Feedback is welcome.

—E
_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev
Reply | Threaded
Open this post in threaded view
|

Re: Support for PKCS12 keystores in Security Realms

Marek Żupnik
In reply to this post by Darran Lofthouse
It's a great news. Thank you for your help.

Kind regards,
Marek Zupnik


2014-03-24 12:58 GMT+01:00 Darran Lofthouse <[hidden email]>:
Most of the changes are now in for this, just some final updates to make
this compatible with alternative file based stores.

On 20/03/14 17:54, Darran Lofthouse wrote:
> I have updated the pull request for the schema version bump, once that
> one is in I will get pull requests in for backporting the upstream
> changes and enabling support for alternative file based keystores such
> as PKCS#12
>
> Regards,
> Darran Lofthouse.
>
>
> On 20/03/14 11:18, Darran Lofthouse wrote:
>> I am just tagging a JBoss Negotiation release then I will switch to
>> getting this backported.
>>
>> Once backported it may be easier if we just delete the commit from
>> Kabir's branch when he rebases.
>>
>>   From this point forward can we please push less to WildFly 9? ;-)  I
>> already lost time as I started to work on this for 8 and was then
>> diverted by other engineers to push it to 9, I am now going to spend
>> time pulling it back to 8!
>>
>> Regards,
>> Darran Lofthouse.
>>
>>
>> On 20/03/14 02:31, Brian Stansberry wrote:
>>> It's very similar to the existing commit for WF9/EAP6.3 [1], so if we
>>> want the feature in 8.0.1 we should just merge the open PR to bump the
>>> core schema versions[2] and then backport that commit.
>>>
>>> [1]
>>> https://github.com/kabir/wildfly/commit/3f22fcfa81975bf9951003889c4d4af1d2dbd319
>>>
>>>
>>> [2] https://github.com/wildfly/wildfly/pull/5913
>>>
>>> On 3/19/14, 8:32 PM, Jason T. Greene wrote:
>>>> Since this change looks minor, and it comes from a community member
>>>> I am
>>>> inclined to allow into 8.0.1.
>>>>
>>>> How bad is the conflict for the other change you are referring to
>>>> Darran?
>>>>
>>>> On Mar 19, 2014, at 5:43 PM, Marek Żupnik <[hidden email]
>>>> <mailto:[hidden email]>> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> Darran, I understand your point of view, but stable version of 9 will
>>>>> be not released tomorrow. Lack of pkcs12 support in 8 is a major
>>>>> issue, not to mention that in AS 7 I was able to use this format for
>>>>> https private key. I think it will be useful to fix it yet in 8, even
>>>>> thought the code with a fix will be thrown away in 9.
>>>>>
>>>>> I made a pull request with a fix
>>>>> (https://github.com/wildfly/wildfly/pull/6062). It is up to you what
>>>>> you do with it.
>>>>>
>>>>> Thank you for your answers and clarifications.
>>>>>
>>>>> Kind Regards,
>>>>> Marek Zupnik
>>>>>
>>>>>
>>>>> 2014-03-18 18:10 GMT+01:00 Darran Lofthouse
>>>>> <[hidden email] <mailto:[hidden email]>>:
>>>>>
>>>>>       I will have another look if I get a chance to get something
>>>>> into 8 but
>>>>>       in reality a related change in this area (that completely
>>>>>       conflicts with
>>>>>       your changes) was pushed to 9 as the consensus was we did not
>>>>> want the
>>>>>       configuration model in this area changing before WildFLy 9.
>>>>>
>>>>>       On 18/03/14 16:30, Marek Żupnik wrote:
>>>>>       > Hi,
>>>>>       >
>>>>>       > Thank You Brian for your comments. I'll try to apply them
>>>>> to my
>>>>>       code. I
>>>>>       > ask if I will have further questions about it.
>>>>>       >
>>>>>       > @Darran, I have a question for you. I wasn't looking into
>>>>>       development
>>>>>       > branch so I haven't known about the changes. Is it possible
>>>>> that
>>>>>       pkcs12
>>>>>       > support will be merged in Wildfly 8? If not, could my
>>>>> change be
>>>>>       merged
>>>>>       > earlier? Otherwise, I'm forced to maintain my version of
>>>>> Wildfly
>>>>>       untill
>>>>>       > no 9 will be released.
>>>>>       >
>>>>>       > Kind Regards,
>>>>>       > Marek Zupnik
>>>>>       >
>>>>>       >
>>>>>       > 2014-03-18 16:20 GMT+01:00 Brian Stansberry
>>>>>       <[hidden email]
>>>>> <mailto:[hidden email]>
>>>>>       > <mailto:[hidden email]
>>>>>       <mailto:[hidden email]>>>:
>>>>>       >
>>>>>       >     Hi Marek,
>>>>>       >
>>>>>       >     Welcome!
>>>>>       >
>>>>>       >     I'm going to make a few comments on github re: some minor
>>>>>       details of
>>>>>       >     your commit. But please keep an eye on this list for your
>>>>>       more general
>>>>>       >     question about whether this is how we want to go about
>>>>> this.
>>>>>       I believe
>>>>>       >     Darran Lofthouse was planning some work in this area so he
>>>>>       may have some
>>>>>       >     input.
>>>>>       >
>>>>>       >     Cheers,
>>>>>       >
>>>>>       >     --
>>>>>       >     Brian Stansberry
>>>>>       >     Senior Principal Software Engineer
>>>>>       >     JBoss by Red Hat
>>>>>       >
>>>>>       >     On 3/18/14, 8:59 AM, Marek Żupnik wrote:
>>>>>       >      > Hi,
>>>>>       >      >
>>>>>       >      > I'm Marek Zupnik. It's my first message for this
>>>>> list but for
>>>>>       >     some time
>>>>>       >      > I've been keeping my eyes on what's happening in
>>>>> wildfly
>>>>>       development.
>>>>>       >      >
>>>>>       >      > I'm writing regarding to the issue about lack of
>>>>> support
>>>>>       for PKCS12
>>>>>       >      > keystores in security realms
>>>>>       >      > (https://issues.jboss.org/browse/WFLY-2229). I
>>>>> wanted to
>>>>>       migrate my
>>>>>       >      > system to Wildfly but in my case it is a blocking
>>>>> issue.
>>>>>       I have
>>>>>       >     to use
>>>>>       >      > keystore in PKCS12 format in which I'm storing, among
>>>>>       others, https
>>>>>       >      > private key.
>>>>>       >      >
>>>>>       >      > I forked Wildfly on github and made a simple fix for
>>>>> this
>>>>>       issue which
>>>>>       >      > consists in additional parameter "keystore-type" for
>>>>> keystore
>>>>>       >      > configuration. Based on this parameter I'm able to
>>>>> create
>>>>>       appropriate
>>>>>       >      > keystore type.
>>>>>       >      >
>>>>>       >      > Config sample:
>>>>>       >      > <keystore path="keystore.p12"
>>>>>       relative-to="jboss.server.config.dir"
>>>>>       >      > keystore-password="xxx" keystore-type="PKCS12"
>>>>>       alias="https"/>
>>>>>       >      >
>>>>>       >      > The changes are in my fork on github (keystore_type
>>>>> branch):
>>>>>       >      > https://github.com/mzupnik/wildfly/tree/keystore_type
>>>>>       >      >
>>>>>       >      > Before I will try to do push request, could you
>>>>> answer me
>>>>>       if it is
>>>>>       >      > acceptable solution according to your architecture
>>>>>       concept? If not,
>>>>>       >      > could you give me some tips how to resolve it in
>>>>> other way? I
>>>>>       >     care about
>>>>>       >      > this fix before 9. release.
>>>>>       >      >
>>>>>       >      > Kind Regards,
>>>>>       >      > Marek Zupnik
>>>>>       >      >
>>>>>       >      >
>>>>>       >      > _______________________________________________
>>>>>       >      > wildfly-dev mailing list
>>>>>       >      > [hidden email]
>>>>>       <mailto:[hidden email]>
>>>>>       <mailto:[hidden email]
>>>>>       <mailto:[hidden email]>>
>>>>>       >      > https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>>>       >      >
>>>>>       >
>>>>>       >
>>>>>       >     _______________________________________________
>>>>>       >     wildfly-dev mailing list
>>>>>       > [hidden email]
>>>>> <mailto:[hidden email]>
>>>>>       <mailto:[hidden email]
>>>>>       <mailto:[hidden email]>>
>>>>>       > https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>>>       >
>>>>>       >
>>>>>       >
>>>>>       >
>>>>>       > _______________________________________________
>>>>>       > wildfly-dev mailing list
>>>>>       > [hidden email]
>>>>> <mailto:[hidden email]>
>>>>>       > https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>>>       >
>>>>>       _______________________________________________
>>>>>       wildfly-dev mailing list
>>>>>       [hidden email] <mailto:[hidden email]>
>>>>>       https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> wildfly-dev mailing list
>>>>> [hidden email] <mailto:[hidden email]>
>>>>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>>
>>>>
>>>> _______________________________________________
>>>> wildfly-dev mailing list
>>>> [hidden email]
>>>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>>
>>>
>>>
>> _______________________________________________
>> wildfly-dev mailing list
>> [hidden email]
>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>
_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev


_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev