[jira] [Created] (QPID-3739) Java properties qpid.ssl.keyStoreCertType and qpid.ssl.trustStoreCertType have misleading names and would be better called qpid.ssl.keyManagerFactory.algorithm

Keith Wall (Created) (JIRA) Tue, 10 Jan 2012 01:13:27 -0800

Java properties qpid.ssl.keyStoreCertType and qpid.ssl.trustStoreCertType have 
misleading names and would be better called qpid.ssl.keyManagerFactory.algorithm
---------------------------------------------------------------------------------------------------------------------------------------------------------------


                 Key: QPID-3739
                 URL: https://issues.apache.org/jira/browse/QPID-3739
             Project: Qpid
          Issue Type: Bug
          Components: Documentation, Java Broker, Java Client
    Affects Versions: 0.15
            Reporter: Keith Wall


The Java client supports two system properties, qpid.ssl.trustStoreCertType and 
qpid.ssl.keyStoreCertType that the Programming-In-Apache-Qpid docbook describe 
as "the certificate type".   These properties are defaulted to SunX509 in 
ConnectionSettings.java and SSLContextFactory.java.

Similarly, the Java broker supports a configuration item connector/ssl/certType 
which is again defaulted to SunX509 in ServerConfiguration.

On all code paths, these values are passed down to 
javax.net.ssl.KeyManagerFactory
.KeyManagerFactory.getInstance().


The confusion is that KeyManagerFactory.getInstance() does not accept a 
certificate type at all.  It accepts a key manager factory algorithm.

It would be better if the existing property names where deprecated and a more 
accurate name used, such as
qpid.ssl.keyManagerFactory.algorithm.  We would continue to support the 
existing properties, with a warning for a time period.

It is not clear to me that the we need a separate truststore and keystore 
versions of this property.

I also notice that other projects tend to default the algorithm to 
Security.getProperty("ssl.KeyManagerFactory.algorithm" and only fallback to 
SunX509 if that is null.  This plays better with non Sun JDKs such as IBMs. 
See:  http://jira.codehaus.org/browse/JETTY-70








--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:dev-subscr...@qpid.apache.org

[jira] [Created] (QPID-3739) Java properties qpid.ssl.keyStoreCertType and qpid.ssl.trustStoreCertType have misleading names and would be better called qpid.ssl.keyManagerFactory.algorithm

Reply via email to