Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-5926

Extend SSL KeyManagers with password callback handler

          Details

          • Type: Improvement
          • Status: Closed
          • Priority: Major
          • Resolution: Fixed
          • Affects Version/s: None
          • Fix Version/s: 3.0.6, 2.7.17, 3.1.2
          • Component/s: Core
          • Labels:
            None
          • Estimated Complexity:
            Unknown

            Description

            Currently user can specify password for private key in SSL KeyManager configuration only explicitly:

            <http:conduit name="https://localhost:.*/customerservice/.*">
	<http:client ConnectionTimeout="3000000" ReceiveTimeout="3000000" />
	<http:tlsClientParameters>
		<sec:keyManagers keyPassword="ckpass">
			<sec:keyStore file="src/main/config/clientKeystore.jks"
				password="cspass" type="JKS" />
		</sec:keyManagers>
		<sec:trustManagers>
			<sec:keyStore file="src/main/config/clientKeystore.jks"
				password="cspass" type="JKS" />
		</sec:trustManagers>
	</http:tlsClientParameters>
</http:conduit>

            There are some users requests to support password callback handler as well.
            Proposal is to introduce optional attribute keyPasswordCallbackHandler in keyManagers element. This attribute will contain full class name implementing JSE CallbackHandler interface and expecting PasswordCallback element in input array. Path to keystore will be used as identifier in PasswordCallback.

              Attachments

                Activity

                  People

                  • Assignee:
                    ashakirin Andrei Shakirin
                    Reporter:
                    ashakirin Andrei Shakirin
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    1 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: