Differences

This shows you the differences between two versions of the page.

Link to this comparison view

irc:1489273200 [2017/05/27 13:44]
irc:1489273200 [2017/05/27 13:44] (current)
Line 1: Line 1:
 +[00:40:25] <​xkr47>​ temporal_, https://​gist.github.com/​xkr47/​457fd13c45bd84764fcd80151f19ffa3
 +
 +[00:40:39] <​xkr47>​ totally untested.. COMPILES!
 +
 +[00:41:07] <​temporal_>​ :-)
 +
 +[00:41:11] <​temporal_>​ does it pass a test ?
 +
 +[00:41:46] <​xkr47>​ that depedns on the test lol
 +
 +[00:42:04] <​temporal_>​ getCertificateChain(hostname)
 +
 +[00:42:21] <​temporal_>​ which certificate does it return ?
 +
 +[00:42:47] <​xkr47>​ whatever the SunX509KeyManagerImpl provides
 +
 +[00:43:10] <​xkr47> ​            ​SunX509KeyManagerImpl.X509Credentials var2 = (SunX509KeyManagerImpl.X509Credentials)this.credentialsMap.get(var1);​
 +
 +[00:43:13] <​xkr47> ​            ​return var2 == null?​null:​(X509Certificate[])var2.certificates.clone();​
 +
 +[00:43:44] <​temporal_>​ it uses alias
 +
 +[00:43:56] <​temporal_>​ javadoc says
 +
 +[00:43:57] <​temporal_>​ getCertificateChain(String alias)
 +
 +[00:44:01] <​temporal_>​ Returns the certificate chain associated with the given alias.
 +
 +[00:44:06] <​temporal_>​ so it uses keystore aliases
 +
 +[00:44:19] <​temporal_>​ so this actually can be implemented only with keystore I think
 +
 +[00:44:26] <​temporal_>​ and no pem support
 +
 +[00:44:47] <​temporal_>​ for pem a mapping would be needed
 +
 +[00:45:06] <​xkr47>​ you mean when you have cert & key as separate pem files?
 +
 +[00:47:01] <​temporal_>​ no
 +
 +[00:47:28] <​temporal_>​ I mean that on server we support keystore / pkcs12 and / privatekey+cert as pem
 +
 +[00:47:42] <​temporal_>​ keystore provides several entries with alias
 +
 +[00:47:54] <​temporal_>​ but in case of pem : there is only one single file
 +
 +[00:48:08] <​temporal_>​ I find convenient to map sni server name on keystore alias
 +
 +[00:48:24] <​xkr47>​ hmmkay
 +
 +[00:48:25] <​temporal_>​ but in case  of pem there is no mapping and one should provide a map or something like that
 +
 +[00:48:37] <​temporal_>​ but maybe it's enough to just support for keystore
 +
 +[00:48:40] <​temporal_>​ I don't know
 +
 +[00:48:46] <​temporal_>​ just brainstorming :-)
 +
 +[00:48:55] <​xkr47>​ currently the KeyCert inner class in KeyStoreHelper doesn'​t add any aliases when it loads the PEMs
 +
 +[00:49:29] <​xkr47>​ since that obviously wasn't needed
 +
 +[00:50:03] <​xkr47>​ how about a KeyStoreBuilder..
 +
 +[00:50:48] <​xkr47>​ new KeyStoreBuilder().addPem(cert1,​ key1).addPem(cert2,​ key2, aliasMap2).addKeyStoreFile("​foo.jks"​).build()
 +
 +[00:51:11] <​temporal_>​ it would rather be named
 +
 +[00:51:13] <​xkr47>​ now when it comes to PKCS12 vs JKS keystores I have _NO_ idea what the difference is
 +
 +[00:51:18] <​temporal_>​ KeyCertBuilder
 +
 +[00:51:22] <​temporal_>​ the damn format!
 +
 +[00:51:31] <​xkr47>​ is there in-memeory differencies?​
 +
 +[00:51:39] <​temporal_>​ no it's the same in memory
 +
 +[00:51:43] <​xkr47>​ sure I knew the disk files differed, duh :D
 +
 +[00:51:49] <​xkr47>​ ok
 +
 +[00:51:56] <​temporal_>​ at the end of the day in memory it's just cert and keys :-)
 +
 +[00:52:22] <​xkr47>​ I thought aliases etc
 +
 +[00:52:27] <​xkr47>​ but ok it's the same
 +
 +[00:53:04] <​xkr47>​ sooo did your name suggestion include a hint that you didn't totally dislike my idea?
 +
 +[00:53:06] <​temporal_>​ I hope that having anyway the getKeyManagerFactory in KeyCertOptions provide enough flexilibyt
 +
 +[00:53:12] <​temporal_>​ no
 +
 +[00:53:23] <​xkr47>​ doh
 +
 +[00:53:27] <​temporal_>​ I don't think we have to support it for pem if it works for keystore
 +
 +[00:53:31] <​temporal_>​ and add new complexity
 +
 +[00:53:51] <​temporal_>​ I'm curious to know if your solution works
 +
 +[00:53:53] <​temporal_>​ at least
 +
 +[00:53:57] <​xkr47>​ me too
 +
 +[00:54:09] <​temporal_>​ because it seems the minimal path on the server to provide the feature
 +
 +[00:54:19] <​temporal_>​ I'm gong to bed
 +
 +[00:54:22] <​temporal_>​ it's late here !
 +
 +[00:54:26] <​xkr47>​ 01:54 here
 +
 +[00:54:32] <​xkr47>​ wife, kids asleep
 +
 +[00:54:37] <​xkr47>​ best time ever to do this
 +
 +[00:54:47] <​xkr47>​ how about you?
 +
 +[00:54:50] <​temporal_>​ 1am
 +
 +[00:54:58] <​xkr47>​ and thanks for staying with me
 +
 +[00:54:58] <​temporal_>​ tomorrow morning won't be best time ever tho
 +
 +[00:55:08] <​temporal_>​ well I was fixing things in the build :)
 +
 +[00:55:32] <​xkr47>​ I appreciate your dishonesty
 +
 +[00:55:33] <​xkr47>​ :D
 +
 +[00:55:38] <​xkr47>​ good night
 +
 +[00:55:40] <​temporal_>​ bye
 +
 +[00:57:10] *** ChanServ sets mode: +o temporalfox
 +
 +[09:28:36] *** ChanServ sets mode: +o temporal_
 +
 +[12:22:30] *** ChanServ sets mode: +o temporalfox
 +
 +[19:11:29] <​xkr47_>​ temporalfox,​ how's the bugfixing going? I just wanted to wish best of luck!
 +
 +[21:18:35] *** ChanServ sets mode: +o temporal_
 +
 +[21:30:27] <​rbkrishna>​ Hello :)
 +
 +[21:31:15] <​rbkrishna>​ I am interested in this issue: Rewrite consumer sync ( https://​github.com/​vert-x3/​vertx-kafka-client/​issues/​1 )
 +
 +[21:31:27] <​rbkrishna>​ Can someone guide me through it?
 +
 +[23:26:40] *** ChanServ sets mode: +o temporalfox