Re: [Dev] [C5] Setting TrustStore and KeyStore as Java System properties

2018-01-09 Thread Malintha Amarasinghe 
Hi All,

Have we decided a way forward for this?

Is it possible to introduce a new config to read it and set this globally
from java level as system properties via carbon-transport as Niranjan
suggested?

Thanks!


On Tue, Dec 5, 2017 at 3:24 PM, Bhathiya Jayasekara 
wrote:

> Hi Dulanja,
>
> C5 kernel does have a keystore, but not a truststore. So we're using a
> temporary trustmanager[1] to trust all certificates at the moment until a
> platform-wide solution is implemented. We raised the concern in [2].
>
> [1] https://github.com/wso2/carbon-apimgt/blob/master/compon
> ents/apimgt/org.wso2.carbon.apimgt.core/src/main/java/org/
> wso2/carbon/apimgt/core/util/AMSSLSocketFactory.java#L108
> [2] "[C5] SSLSocketFactory and HostnameVerifier implementations"
>
> Thanks,
> Bhathiya
>
> On Tue, Dec 5, 2017 at 3:10 PM, Dulanja Liyanage  wrote:
>
>> Thanks Niranjan.
>>
>> We need to decide this soon, because Stream Processor will get released
>> in this month, and they will have to write their own module if this is not
>> coming from a common place. This will be same for all the C5 based
>> products. IMO that's unnecessary duplication.
>>
>> How is AM 3.0.0 doing this right now?
>>
>>
>> On Mon, Dec 4, 2017 at 11:31 AM, Niranjan Karunanandham <
>> niran...@wso2.com> wrote:
>>
>>> Hi Dulanja,
>>>
>>> On Wed, Nov 29, 2017 at 8:29 PM, Dulanja Liyanage 
>>> wrote:
>>>
 Hi Abimaran,

 I'm actually talking about the following two System properties. They
 are used only for SSL:

- javax.net.ssl.keyStore
- javax.net.ssl.trustStore

 IIRC these were set during the bootstrap time in C4.

 Thanks,
 Dulanja


 On Wed, Nov 29, 2017 at 5:18 PM, Abimaran Kugathasan  wrote:

> Hi Dulanja,
>
> If we set these keystores through system properties, we will be losing
> the flexibility of having different keystore for different purposes like
> SSL, JWT signing, etc.
>
> On Wed, Nov 29, 2017 at 4:09 PM, Dulanja Liyanage 
> wrote:
>
>> Hi All,
>>
>> From the conversations I had with some of the developers, it seems
>> $subject is not done from the kernel level. Is my understanding correct?
>>
>> If so, any particular reason for not doing this from the kernel
>> level?
>>
>
>>> As I remember there was a mail thread on this. In C5, the kernel does
>>> not have transports in it. IMO this should be from the component which is
>>> bringing in keystores. If am not mistaken, this should come from the
>>> carbon-transports.
>>>
>>>

>> Thanks,
>> Dulanja
>>
>> --
>> Thanks & Regards,
>> Dulanja Liyanage
>> Lead, Platform Security Team
>> WSO2 Inc.
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Thanks
> Abimaran Kugathasan
> Senior Software Engineer - API Technologies
>
> Email : abima...@wso2.com
> Mobile : +94 773922820 <077%20392%202820>
>
> 
> 
>   
> 
>
>


 --
 Thanks & Regards,
 Dulanja Liyanage
 Lead, Platform Security Team
 WSO2 Inc.

>>>
>>> Regards,
>>> Nira
>>>
>>> --
>>>
>>>
>>> *Niranjan Karunanandham*
>>> Associate Technical Lead - WSO2 Inc.
>>> WSO2 Inc.: http://www.wso2.com
>>>
>>>
>>
>>
>> --
>> Thanks & Regards,
>> Dulanja Liyanage
>> Lead, Platform Security Team
>> WSO2 Inc.
>>
>
>
>
> --
> *Bhathiya Jayasekara*
> *Associate Technical Lead,*
> *WSO2 inc., http://wso2.com *
>
> *Phone: +94715478185 <+94%2071%20547%208185>*
> *LinkedIn: http://www.linkedin.com/in/bhathiyaj
> *
> *Twitter: https://twitter.com/bhathiyax *
> *Blog: http://movingaheadblog.blogspot.com
> *
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Malintha Amarasinghe
*WSO2, Inc. - lean | enterprise | middleware*
http://wso2.com/

Mobile : +94 712383306 <+94%2071%20238%203306>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [C5] Setting TrustStore and KeyStore as Java System properties

2017-12-05 Thread Bhathiya Jayasekara 
Hi Dulanja,

C5 kernel does have a keystore, but not a truststore. So we're using a
temporary trustmanager[1] to trust all certificates at the moment until a
platform-wide solution is implemented. We raised the concern in [2].

[1]
https://github.com/wso2/carbon-apimgt/blob/master/components/apimgt/org.wso2.carbon.apimgt.core/src/main/java/org/wso2/carbon/apimgt/core/util/AMSSLSocketFactory.java#L108
[2] "[C5] SSLSocketFactory and HostnameVerifier implementations"

Thanks,
Bhathiya

On Tue, Dec 5, 2017 at 3:10 PM, Dulanja Liyanage  wrote:

> Thanks Niranjan.
>
> We need to decide this soon, because Stream Processor will get released in
> this month, and they will have to write their own module if this is not
> coming from a common place. This will be same for all the C5 based
> products. IMO that's unnecessary duplication.
>
> How is AM 3.0.0 doing this right now?
>
>
> On Mon, Dec 4, 2017 at 11:31 AM, Niranjan Karunanandham  > wrote:
>
>> Hi Dulanja,
>>
>> On Wed, Nov 29, 2017 at 8:29 PM, Dulanja Liyanage 
>> wrote:
>>
>>> Hi Abimaran,
>>>
>>> I'm actually talking about the following two System properties. They are
>>> used only for SSL:
>>>
>>>- javax.net.ssl.keyStore
>>>- javax.net.ssl.trustStore
>>>
>>> IIRC these were set during the bootstrap time in C4.
>>>
>>> Thanks,
>>> Dulanja
>>>
>>>
>>> On Wed, Nov 29, 2017 at 5:18 PM, Abimaran Kugathasan 
>>> wrote:
>>>
 Hi Dulanja,

 If we set these keystores through system properties, we will be losing
 the flexibility of having different keystore for different purposes like
 SSL, JWT signing, etc.

 On Wed, Nov 29, 2017 at 4:09 PM, Dulanja Liyanage 
 wrote:

> Hi All,
>
> From the conversations I had with some of the developers, it seems
> $subject is not done from the kernel level. Is my understanding correct?
>
> If so, any particular reason for not doing this from the kernel level?
>

>> As I remember there was a mail thread on this. In C5, the kernel does not
>> have transports in it. IMO this should be from the component which is
>> bringing in keystores. If am not mistaken, this should come from the
>> carbon-transports.
>>
>>
>>>
> Thanks,
> Dulanja
>
> --
> Thanks & Regards,
> Dulanja Liyanage
> Lead, Platform Security Team
> WSO2 Inc.
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


 --
 Thanks
 Abimaran Kugathasan
 Senior Software Engineer - API Technologies

 Email : abima...@wso2.com
 Mobile : +94 773922820 <077%20392%202820>

 
 
   
 


>>>
>>>
>>> --
>>> Thanks & Regards,
>>> Dulanja Liyanage
>>> Lead, Platform Security Team
>>> WSO2 Inc.
>>>
>>
>> Regards,
>> Nira
>>
>> --
>>
>>
>> *Niranjan Karunanandham*
>> Associate Technical Lead - WSO2 Inc.
>> WSO2 Inc.: http://www.wso2.com
>>
>>
>
>
> --
> Thanks & Regards,
> Dulanja Liyanage
> Lead, Platform Security Team
> WSO2 Inc.
>



-- 
*Bhathiya Jayasekara*
*Associate Technical Lead,*
*WSO2 inc., http://wso2.com *

*Phone: +94715478185*
*LinkedIn: http://www.linkedin.com/in/bhathiyaj
*
*Twitter: https://twitter.com/bhathiyax *
*Blog: http://movingaheadblog.blogspot.com
*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [C5] Setting TrustStore and KeyStore as Java System properties

2017-12-05 Thread Dulanja Liyanage 
Thanks Niranjan.

We need to decide this soon, because Stream Processor will get released in
this month, and they will have to write their own module if this is not
coming from a common place. This will be same for all the C5 based
products. IMO that's unnecessary duplication.

How is AM 3.0.0 doing this right now?

On Mon, Dec 4, 2017 at 11:31 AM, Niranjan Karunanandham 
wrote:

> Hi Dulanja,
>
> On Wed, Nov 29, 2017 at 8:29 PM, Dulanja Liyanage 
> wrote:
>
>> Hi Abimaran,
>>
>> I'm actually talking about the following two System properties. They are
>> used only for SSL:
>>
>>- javax.net.ssl.keyStore
>>- javax.net.ssl.trustStore
>>
>> IIRC these were set during the bootstrap time in C4.
>>
>> Thanks,
>> Dulanja
>>
>>
>> On Wed, Nov 29, 2017 at 5:18 PM, Abimaran Kugathasan 
>> wrote:
>>
>>> Hi Dulanja,
>>>
>>> If we set these keystores through system properties, we will be losing
>>> the flexibility of having different keystore for different purposes like
>>> SSL, JWT signing, etc.
>>>
>>> On Wed, Nov 29, 2017 at 4:09 PM, Dulanja Liyanage 
>>> wrote:
>>>
 Hi All,

 From the conversations I had with some of the developers, it seems
 $subject is not done from the kernel level. Is my understanding correct?

 If so, any particular reason for not doing this from the kernel level?

>>>
> As I remember there was a mail thread on this. In C5, the kernel does not
> have transports in it. IMO this should be from the component which is
> bringing in keystores. If am not mistaken, this should come from the
> carbon-transports.
>
>
>>
 Thanks,
 Dulanja

 --
 Thanks & Regards,
 Dulanja Liyanage
 Lead, Platform Security Team
 WSO2 Inc.

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


>>>
>>>
>>> --
>>> Thanks
>>> Abimaran Kugathasan
>>> Senior Software Engineer - API Technologies
>>>
>>> Email : abima...@wso2.com
>>> Mobile : +94 773922820 <077%20392%202820>
>>>
>>> 
>>> 
>>>   
>>> 
>>>
>>>
>>
>>
>> --
>> Thanks & Regards,
>> Dulanja Liyanage
>> Lead, Platform Security Team
>> WSO2 Inc.
>>
>
> Regards,
> Nira
>
> --
>
>
> *Niranjan Karunanandham*
> Associate Technical Lead - WSO2 Inc.
> WSO2 Inc.: http://www.wso2.com
>
>


-- 
Thanks & Regards,
Dulanja Liyanage
Lead, Platform Security Team
WSO2 Inc.
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [C5] Setting TrustStore and KeyStore as Java System properties

2017-12-03 Thread Niranjan Karunanandham 
Hi Dulanja,

On Wed, Nov 29, 2017 at 8:29 PM, Dulanja Liyanage  wrote:

> Hi Abimaran,
>
> I'm actually talking about the following two System properties. They are
> used only for SSL:
>
>- javax.net.ssl.keyStore
>- javax.net.ssl.trustStore
>
> IIRC these were set during the bootstrap time in C4.
>
> Thanks,
> Dulanja
>
>
> On Wed, Nov 29, 2017 at 5:18 PM, Abimaran Kugathasan 
> wrote:
>
>> Hi Dulanja,
>>
>> If we set these keystores through system properties, we will be losing
>> the flexibility of having different keystore for different purposes like
>> SSL, JWT signing, etc.
>>
>> On Wed, Nov 29, 2017 at 4:09 PM, Dulanja Liyanage 
>> wrote:
>>
>>> Hi All,
>>>
>>> From the conversations I had with some of the developers, it seems
>>> $subject is not done from the kernel level. Is my understanding correct?
>>>
>>> If so, any particular reason for not doing this from the kernel level?
>>>
>>
As I remember there was a mail thread on this. In C5, the kernel does not
have transports in it. IMO this should be from the component which is
bringing in keystores. If am not mistaken, this should come from the
carbon-transports.


>
>>> Thanks,
>>> Dulanja
>>>
>>> --
>>> Thanks & Regards,
>>> Dulanja Liyanage
>>> Lead, Platform Security Team
>>> WSO2 Inc.
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Thanks
>> Abimaran Kugathasan
>> Senior Software Engineer - API Technologies
>>
>> Email : abima...@wso2.com
>> Mobile : +94 773922820 <077%20392%202820>
>>
>> 
>> 
>>   
>> 
>>
>>
>
>
> --
> Thanks & Regards,
> Dulanja Liyanage
> Lead, Platform Security Team
> WSO2 Inc.
>

Regards,
Nira

-- 


*Niranjan Karunanandham*
Associate Technical Lead - WSO2 Inc.
WSO2 Inc.: http://www.wso2.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [C5] Setting TrustStore and KeyStore as Java System properties

2017-11-29 Thread Dulanja Liyanage 
Hi Abimaran,

I'm actually talking about the following two System properties. They are
used only for SSL:

   - javax.net.ssl.keyStore
   - javax.net.ssl.trustStore

IIRC these were set during the bootstrap time in C4.

Thanks,
Dulanja


On Wed, Nov 29, 2017 at 5:18 PM, Abimaran Kugathasan 
wrote:

> Hi Dulanja,
>
> If we set these keystores through system properties, we will be losing
> the flexibility of having different keystore for different purposes like
> SSL, JWT signing, etc.
>
> On Wed, Nov 29, 2017 at 4:09 PM, Dulanja Liyanage 
> wrote:
>
>> Hi All,
>>
>> From the conversations I had with some of the developers, it seems
>> $subject is not done from the kernel level. Is my understanding correct?
>>
>> If so, any particular reason for not doing this from the kernel level?
>>
>> Thanks,
>> Dulanja
>>
>> --
>> Thanks & Regards,
>> Dulanja Liyanage
>> Lead, Platform Security Team
>> WSO2 Inc.
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Thanks
> Abimaran Kugathasan
> Senior Software Engineer - API Technologies
>
> Email : abima...@wso2.com
> Mobile : +94 773922820 <077%20392%202820>
>
> 
> 
>   
> 
>
>


-- 
Thanks & Regards,
Dulanja Liyanage
Lead, Platform Security Team
WSO2 Inc.
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [C5] Setting TrustStore and KeyStore as Java System properties

2017-11-29 Thread Abimaran Kugathasan 
Hi Dulanja,

If we set these keystores through system properties, we will be losing
the flexibility of having different keystore for different purposes like
SSL, JWT signing, etc.

On Wed, Nov 29, 2017 at 4:09 PM, Dulanja Liyanage  wrote:

> Hi All,
>
> From the conversations I had with some of the developers, it seems
> $subject is not done from the kernel level. Is my understanding correct?
>
> If so, any particular reason for not doing this from the kernel level?
>
> Thanks,
> Dulanja
>
> --
> Thanks & Regards,
> Dulanja Liyanage
> Lead, Platform Security Team
> WSO2 Inc.
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Thanks
Abimaran Kugathasan
Senior Software Engineer - API Technologies

Email : abima...@wso2.com
Mobile : +94 773922820


  
  
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [C5] Setting TrustStore and KeyStore as Java System properties

2017-11-29 Thread Dulanja Liyanage 
Hi All,

>From the conversations I had with some of the developers, it seems $subject
is not done from the kernel level. Is my understanding correct?

If so, any particular reason for not doing this from the kernel level?

Thanks,
Dulanja

-- 
Thanks & Regards,
Dulanja Liyanage
Lead, Platform Security Team
WSO2 Inc.
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev