Alon Bar-Lev has uploaded a new change for review. Change subject: security: use PKCS#12 format to store keys ......................................................................
security: use PKCS#12 format to store keys Java supports standard cryptographic format PKCS#12, this format bundles private key and certificate chain into one file with integrity of passphrase. Using Java proprietary key store format force additional work if using non-Java solutions. This change is a migration from JKS and duplicates into single PKCS#12 keystore for private key store. It does not handle the trust store which is left as JKS for now. Most of the changes within Java sources are the removal of the key alias as it is not needed when using PKCS#12 stores. Remove unnecessary scripts from CA implementations that do not support this effort. Change-Id: I2abda5778477faff09798a43cf3dc96435efb272 Signed-off-by: Alon Bar-Lev <alo...@redhat.com> --- M Makefile M backend/manager/conf/ca/CreateCA.sh D backend/manager/conf/ca/CreateKStore.sh D backend/manager/conf/ca/CreatePem.sh D backend/manager/conf/ca/CreateReq.sh D backend/manager/conf/ca/exportK2SSH.sh D backend/manager/conf/ca/generate-ssh-keys D backend/manager/conf/ca/importToKeyStore.sh M backend/manager/conf/ca/installCA.sh M backend/manager/conf/ca/installCA_dev.sh D backend/manager/conf/ca/store-utils.sh M backend/manager/dbscripts/upgrade/pre_upgrade/0000_config.sql M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java M backend/manager/modules/dal/pom.xml M backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dal/dbbroker/generic/DBConfigUtils.java M backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dal/dbbroker/generic/DomainsPasswordMap.java M backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/VdsStaticDAODbFacadeImpl.java M backend/manager/modules/dal/src/test/java/org/ovirt/engine/core/dal/dbbroker/generic/DomainsPasswordMapTest.java D backend/manager/modules/dal/src/test/resources/.keystore A backend/manager/modules/dal/src/test/resources/key.p12 M backend/manager/modules/engineencryptutils/src/main/java/org/ovirt/engine/core/engineencryptutils/EncryptionUtils.java D backend/manager/modules/engineencryptutils/src/main/java/org/ovirt/engine/core/engineencryptutils/StoreUtils.java M backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/hostinstall/MinaInstallWrapper.java M backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/KerberosUpgrade.java M backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ssl/AuthSSLProtocolSocketFactory.java M backend/manager/modules/utils/src/test/java/org/ovirt/engine/core/utils/hostinstall/MinaInstallWrapperTest.java D backend/manager/modules/utils/src/test/resources/.hostKstore D backend/manager/modules/utils/src/test/resources/.keystore A backend/manager/modules/utils/src/test/resources/hostkey.p12 M backend/manager/tools/engine-config/src/main/java/org/ovirt/engine/core/config/entity/helper/PasswordValueHelper.java M backend/manager/tools/engine-notifier/engine-notifier-service/src/main/java/org/ovirt/engine/core/notifier/EngineMonitorService.java M packaging/fedora/engine-service.xml.in M packaging/fedora/setup/basedefs.py M packaging/fedora/setup/engine-cleanup.py M packaging/fedora/setup/engine-setup.py M packaging/fedora/spec/ovirt-engine.spec.in 36 files changed, 108 insertions(+), 714 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/83/6883/1 -- To view, visit http://gerrit.ovirt.org/6883 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I2abda5778477faff09798a43cf3dc96435efb272 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev <alo...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
