cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Fred Dushin (JIRA)" <j...@apache.org>
Subject [jira] Updated: (CXF-1085) EnhReq: Add support for TrustStores in PEM format
Date Tue, 02 Oct 2007 17:21:50 GMT

     [ https://issues.apache.org/jira/browse/CXF-1085?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Fred Dushin updated CXF-1085:
-----------------------------

    Attachment: cxf-1085.patch

The patch adds support for a certStore schama type to configuration, supports the processing
of this type, and exercises this code in the existing https system test.

I will add the binary PKCS12 files needed for this patch to this ticket, as well, as I believe
the patch does not include them.  I'll include relative paths to where these files need to
be added.

> EnhReq: Add support for TrustStores in PEM format
> -------------------------------------------------
>
>                 Key: CXF-1085
>                 URL: https://issues.apache.org/jira/browse/CXF-1085
>             Project: CXF
>          Issue Type: New Feature
>          Components: Configuration
>    Affects Versions: 2.0.2
>            Reporter: Fred Dushin
>             Fix For: 2.0.3
>
>         Attachments: cxf-1085.patch
>
>
> Currently, we support config for key and trust stores along the lines of:
> {{{
> <http:tls(Client|Server)Parameters>
>     <sec:keyManagers keyPassword="password">
>         <sec:keyStore type="pkcs12" password="password"
>             file="src/test/java/org/apache/cxf/systest/http/resources/server.p12"/>
>     </sec:keyManagers>
>     <sec:trustManagers>
>         <sec:keyStore type="JKS" password="password"
>             file="src/test/java/org/apache/cxf/systest/http/resources/truststore.jks"/>
>     </sec:trustManagers>
> </http:tls(Client|Server)Parameters>
> }}}
> I propose a new element [1], sec:pemStore, which can be added to a sec:trustManagers
element [2] (but obviously not a sec:keyManagers element), along the lines of:
> {{{
> <http:tls(Client|Server)Parameters>
>     <sec:keyManagers keyPassword="password">
>         <sec:keyStore type="pkcs12" password="password"
>             file="src/test/java/org/apache/cxf/systest/http/resources/server.p12"/>
>     </sec:keyManagers>
>     <sec:trustManagers>
>         <sec:pemStore
>             file="src/test/java/org/apache/cxf/systest/http/resources/truststore.pem"/>
>     </sec:trustManagers>
> </http:tls(Client|Server)Parameters>
> }}}
> The sec:pemStore element also supports the url and resource attributes, analogously to
the sec:keyStore element.
> The certificates in a pemStore are assumed to be sequence of catenated X.509 certificates,
in PEM format.
> Patch to follow shortly.
> [1] I'd considered overloading the meaning of the "type" attribute in the KeyStoreType
schema definition, but this is really an abuse of semantics -- the type attribute really means
"keystore encoding".
> [2] We use an xs:choice here, to avoid any ambiguity in config

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message