This version (2017/05/27 13:44) is a draft.
Approvals: 0/1

[00:40:25] <xkr47> temporal_,

[00:40:39] <xkr47> totally untested.. COMPILES!

[00:41:07] <temporal_> :-)

[00:41:11] <temporal_> does it pass a test ?

[00:41:46] <xkr47> that depedns on the test lol

[00:42:04] <temporal_> getCertificateChain(hostname)

[00:42:21] <temporal_> which certificate does it return ?

[00:42:47] <xkr47> whatever the SunX509KeyManagerImpl provides

[00:43:10] <xkr47> SunX509KeyManagerImpl.X509Credentials var2 = (SunX509KeyManagerImpl.X509Credentials)this.credentialsMap.get(var1);

[00:43:13] <xkr47> return var2 == null?null:(X509Certificate[])var2.certificates.clone();

[00:43:44] <temporal_> it uses alias

[00:43:56] <temporal_> javadoc says

[00:43:57] <temporal_> getCertificateChain(String alias)

[00:44:01] <temporal_> Returns the certificate chain associated with the given alias.

[00:44:06] <temporal_> so it uses keystore aliases

[00:44:19] <temporal_> so this actually can be implemented only with keystore I think

[00:44:26] <temporal_> and no pem support

[00:44:47] <temporal_> for pem a mapping would be needed

[00:45:06] <xkr47> you mean when you have cert & key as separate pem files?

[00:47:01] <temporal_> no

[00:47:28] <temporal_> I mean that on server we support keystore / pkcs12 and / privatekey+cert as pem

[00:47:42] <temporal_> keystore provides several entries with alias

[00:47:54] <temporal_> but in case of pem : there is only one single file

[00:48:08] <temporal_> I find convenient to map sni server name on keystore alias

[00:48:24] <xkr47> hmmkay

[00:48:25] <temporal_> but in case of pem there is no mapping and one should provide a map or something like that

[00:48:37] <temporal_> but maybe it's enough to just support for keystore

[00:48:40] <temporal_> I don't know

[00:48:46] <temporal_> just brainstorming :-)

[00:48:55] <xkr47> currently the KeyCert inner class in KeyStoreHelper doesn't add any aliases when it loads the PEMs

[00:49:29] <xkr47> since that obviously wasn't needed

[00:50:03] <xkr47> how about a KeyStoreBuilder..

[00:50:48] <xkr47> new KeyStoreBuilder().addPem(cert1, key1).addPem(cert2, key2, aliasMap2).addKeyStoreFile(“foo.jks”).build()

[00:51:11] <temporal_> it would rather be named

[00:51:13] <xkr47> now when it comes to PKCS12 vs JKS keystores I have _NO_ idea what the difference is

[00:51:18] <temporal_> KeyCertBuilder

[00:51:22] <temporal_> the damn format!

[00:51:31] <xkr47> is there in-memeory differencies?

[00:51:39] <temporal_> no it's the same in memory

[00:51:43] <xkr47> sure I knew the disk files differed, duh :D

[00:51:49] <xkr47> ok

[00:51:56] <temporal_> at the end of the day in memory it's just cert and keys :-)

[00:52:22] <xkr47> I thought aliases etc

[00:52:27] <xkr47> but ok it's the same

[00:53:04] <xkr47> sooo did your name suggestion include a hint that you didn't totally dislike my idea?

[00:53:06] <temporal_> I hope that having anyway the getKeyManagerFactory in KeyCertOptions provide enough flexilibyt

[00:53:12] <temporal_> no

[00:53:23] <xkr47> doh

[00:53:27] <temporal_> I don't think we have to support it for pem if it works for keystore

[00:53:31] <temporal_> and add new complexity

[00:53:51] <temporal_> I'm curious to know if your solution works

[00:53:53] <temporal_> at least

[00:53:57] <xkr47> me too

[00:54:09] <temporal_> because it seems the minimal path on the server to provide the feature

[00:54:19] <temporal_> I'm gong to bed

[00:54:22] <temporal_> it's late here !

[00:54:26] <xkr47> 01:54 here

[00:54:32] <xkr47> wife, kids asleep

[00:54:37] <xkr47> best time ever to do this

[00:54:47] <xkr47> how about you?

[00:54:50] <temporal_> 1am

[00:54:58] <xkr47> and thanks for staying with me

[00:54:58] <temporal_> tomorrow morning won't be best time ever tho

[00:55:08] <temporal_> well I was fixing things in the build :)

[00:55:32] <xkr47> I appreciate your dishonesty

[00:55:33] <xkr47> :D

[00:55:38] <xkr47> good night

[00:55:40] <temporal_> bye

[00:57:10] * ChanServ sets mode: +o temporalfox [09:28:36] * ChanServ sets mode: +o temporal_

[12:22:30] * ChanServ sets mode: +o temporalfox [19:11:29] <xkr47_> temporalfox, how's the bugfixing going? I just wanted to wish best of luck! [21:18:35] * ChanServ sets mode: +o temporal_

[21:30:27] <rbkrishna> Hello :)

[21:31:15] <rbkrishna> I am interested in this issue: Rewrite consumer sync ( )

[21:31:27] <rbkrishna> Can someone guide me through it?

[23:26:40] *** ChanServ sets mode: +o temporalfox