[
https://issues.apache.org/jira/browse/SLING-5760?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15327243#comment-15327243
]
Timothee Maret commented on SLING-5760:
---------------------------------------
{{SLING-5760.patch}} allows to plug a custom SSLContext.
It does so by introducing new API under the new package
{{org/apache/sling/distribution/context}}.
The APIs consist of
1. {{org.apache.sling.distribution.context.DistributionContext}}
(ProviderType), default implementation ({{SimpleDistributionTransportContext}})
provided in the {{org.apache.sling.distribution.core}} bundle.
2. {{org.apache.sling.distribution.context.DistributionContextProperties}}
(ProviderType), defines the properties (names and types) that are supported in
the contexts. This interface will evolve as more properties are supported in
the contexts.
3. {{org.apache.sling.distribution.context.DistributionContextProvider}}
(ConsumerType), default implementation ({{SimpleDistributionContextProvider}}
in the {{core}} bundle. This interface is meant to be implemented by consumers
and thus is not meant to evolve.
The {{DistributionContext}} and {{DistributionContextProvider}} are generic and
could be reused for different contexts in the implementation. The patch
contains the possibility to configure a custom transport context.
The patch compiles, tests pass, but the patch is mostly untested yet, thus not
ready for merging. However, the approach is mostly there and I think it is
ready for being reviewed while I extend it with testing.
[~mpetria], [~teofili] could you have a look ?
> Allow to support certificate based authentication in Distribution transport
> ---------------------------------------------------------------------------
>
> Key: SLING-5760
> URL: https://issues.apache.org/jira/browse/SLING-5760
> Project: Sling
> Issue Type: Improvement
> Components: Distribution
> Affects Versions: Content Distribution Core 0.1.18
> Reporter: Timothee Maret
> Assignee: Timothee Maret
> Fix For: Content Distribution 0.2.0
>
> Attachments: SLING-5760.patch
>
>
> Certificate based authentication is an alternative to the basic
> authentication currently available for Distribution transport. Certificate
> based authentication is done during the SSL handshake iff the target instance
> is configured to require or accept client client authentication. This client
> authentication scheme is a logical complement when connecting to endpoints
> serving over https. This result in authenticating both the source and the
> target using SSL.
> The client certificate and private key are required to complete the SSL
> handshake. By default, the JRE will use the default {{KeyStore}} to retrieve
> those informations. However, in some platforms such as Adobe Granite, there
> is the ability to specify custom {{KeyStore}} based on user. For those
> platforms, the custom {{KeyStore}} can be provided with a
> {{javax.net.ssl.SSLContext}} which also contains a custom {{TrustStore}}.
> This issue tracks allowing to leverage certificate based authentication using
> a custom {{javax.net.ssl.SSLContext}} in Distribution transport.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
