Analysis - High level security workflow for HAL

Version 5

Created by claudio4j on Feb 28, 2018 4:46 PM. Last modified by claudio4j on Apr 20, 2018 12:34 PM.

Summary

Provide UI controls to enable SSL for http management interface and undertow https listener. Elytron provides many resources to configure these settings, but user should go to different UI view to configure them (key-store, key-manager, server-ssl-context, management-interface). The goal is to make this task easier for the user to enable ssl in one UI workflow.

Requirements

Provide an UI workfklow where the user may choose three different scenarios to enable ssl for http management interfaces and undertow https listener.

For all tasks the UI will group all managed operations in one composite operation.

This should work in standalone and domain mode.

To enable a http management interface or an undertow https listener, it is necessary to have the following elytron resources: key-store, key-manager, server-ssl-context

If mutual authentication is necessary, more resources are needed: trust-manager

To enable or disable the ssl on the management interface, user must navigate to the following views, select the management interface and click on the "Enable SSL" or "Disable SSL"

* Domain mode: Runtime -> Host -> Host view -> Management Interface -> HTTP

* Standalone mode: Runtime -> Server view -> HTTP Management Console

To enable or disable the ssl on the undertow https listener, user must navigate to the Configuration, Web, Server view, then go to Listener menu item, select the HTTPS listener and click on the "Enable SSL" or "Disable SSL".

The user must have write permission to the "ssl-context" attribute to launch the wizard to enable or disable SSL.

There are three scenarios the UI workflow is going to cover, also for each scenario it will asks user if he wants mutual authentication, as for this later case, more fields and resources are necessary to configure.

Scenario 1 - User already has a java key store and trust store file in the filesystem.

In this scenario the user already has a java keystore file (example: wildfly.jks) with valid certificates, then the UI workflow should create the elytron resources and point to the existing keystore. The UI view will ask user to set the following fields:

path*, relative-to, password*, type, mutual authentication, protocols, algorithm, key manager, server-ssl-context

if user chooses mutual authentication to true, the following fields are also requested:

client certificate path*, trust-manager file path*, trust-manager name, trust manager relative-to, trust manager password, trust-manager alias,

Scenario 2 - User already has an elytron key-store (and trust store as key-store) resource in the domain model.

In this scenario the user already has a valid elytron key-store, then the UI workflow should create the remaining elytron resources (key-manager, trust-manager, server-ssl-context) and point to the existing key-store. The UI view will ask user to set the following fields:

protocols, algorithm, key manager, server-ssl-context

If user chooses mutual authentication to true, the following fields are also requested:

client certificate path*, trust-manager file path*, trust-manager name, trust manager relative-to, trust manager password, trust-manager alias,

Scenario 3 - User wants to create all resources.

In this scenario the user wants to create all resources, then the UI workflow should ask the user to configure all necessary fields.

path*, relative-to, password*, type, validity, alias, DN (distinguished name), mutual authentication, protocols, algorithm, key manager, server-ssl-context

if user chooses mutual authentication to true, the following fields are also requested:

client certificate*, trust-manager file path*, trust-manager name, trust manager relative-to, trust manager password, trust-manager alias,

When the fields are presented to the user, some of them are required (marked with an star) the user to add values to it, when the field is optional, either HAL will set a random value to it or will use the resource default value.

Disable SSL operation

* HTTP Management Interface

The Disable SSL operation undefines the ssl-context and secure-port attributes. It also asks if the user wants to reload the domain controller.

* Undertow HTTPS Listener

The Disable SSL operation undefines the ssl-context attribute and asks the user to set the security-realm attribute, as they are alternatives and required.

Notes

To make it easy for the user, some default values are applied, when user doesn't set them.

self signed certificate algorithm=RSA

protocols=TLSv1.2

key store type=JKS

key manager algorithm=SunX509

Distinguished Name=<CN=My Name,OU=My Org Unit,O=My Org,L=My Local,ST=My State,C=My Country>

If user chooses to enabled SSL on the http management interface, the UI workflow will ask if he wants to reload the server (in standalone mode) or the host controller (in domain mode), after then, HAL will present a blocking dialog and says the new URL user should click to access the secure http management interface. HAL is unable to automatically refresh browser as the secure or unsecure URL is different of the previous one, javascript API cannot redirect, due to CORS protection.

Non requirements

Remove the created elytron resources, when user wants to disable them from undertow https and management interfaces. This is because it is unreliable to determine the elytron resources (key-store, trust-store, key-manager, etc.), whether the user created them or was created by the UI workkflow.

Upload a java keystore file, as there is no managed operation for this.

Configure SSL on a native management interface (/core-service=management/management-interface=native-interface)