cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Fred Dushin (JIRA)" <j...@apache.org>
Subject [jira] Created: (CXF-1085) EnhReq: Add support for TrustStores in PEM format
Date Mon, 01 Oct 2007 21:20:50 GMT
EnhReq: Add support for TrustStores in PEM format
-------------------------------------------------

                 Key: CXF-1085
                 URL: https://issues.apache.org/jira/browse/CXF-1085
             Project: CXF
          Issue Type: New Feature
          Components: Configuration
    Affects Versions: 2.0.2
            Reporter: Fred Dushin
             Fix For: 2.0.3


Currently, we support config for key and trust stores along the lines of:

{{{
<http:tls(Client|Server)Parameters>
    <sec:keyManagers keyPassword="password">
        <sec:keyStore type="pkcs12" password="password"
            file="src/test/java/org/apache/cxf/systest/http/resources/server.p12"/>
    </sec:keyManagers>
    <sec:trustManagers>
        <sec:keyStore type="JKS" password="password"
            file="src/test/java/org/apache/cxf/systest/http/resources/truststore.jks"/>
    </sec:trustManagers>
</http:tls(Client|Server)Parameters>
}}}

I propose a new element [1], sec:pemStore, which can be added to a sec:trustManagers element
[2] (but obviously not a sec:keyManagers element), along the lines of:

{{{
<http:tls(Client|Server)Parameters>
    <sec:keyManagers keyPassword="password">
        <sec:keyStore type="pkcs12" password="password"
            file="src/test/java/org/apache/cxf/systest/http/resources/server.p12"/>
    </sec:keyManagers>
    <sec:trustManagers>
        <sec:pemStore
            file="src/test/java/org/apache/cxf/systest/http/resources/truststore.pem"/>
    </sec:trustManagers>
</http:tls(Client|Server)Parameters>
}}}

The sec:pemStore element also supports the url and resource attributes, analogously to the
sec:keyStore element.

The certificates in a pemStore are assumed to be sequence of catenated X.509 certificates,
in PEM format.

Patch to follow shortly.

[1] I'd considered overloading the meaning of the "type" attribute in the KeyStoreType schema
definition, but this is really an abuse of semantics -- the type attribute really means "keystore
encoding".

[2] We use an xs:choice here, to avoid any ambiguity in config

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message