3 Replies Latest reply on Feb 9, 2011 1:25 PM by Ron Sigal

    Encrypt SSL KeyStorePassword in remoting-sslbisocket-service.xml

    Nikos Massios Novice

      Hello,

       

      I am using jboss 5.1 GA.

       

      I would like to encrypt the ssl keystore password in the remoting-sslbisocket-service.xml of jboss messaging. This xml contains the following mbean configuration. This xml of jboss messaging is using the org.jboss.remoting.securirity.SSLSocketBuilder mbean of jboss remoting. From what I can see here http://docs.jboss.org/jbosasremoting/docs/api/org/jboss/remoting/security/SSLSocketBuilder.html there is no way to encrypt the keystore, trustsore passwords. Am I correct? Has anyone tried extending the SSLSocketBuilder class to provide such functionality? I am considering doing this myself.

       

      Thanks,

       

      Nikos.

       

       

      mbean  code="org.jboss.remoting.security.SSLSocketBuilder" name="jboss.messaging:service=SocketBuilder,type=SSL" display-name="SSL  Server Socket Factory Builder">
      
      - <!--
                 IMPORTANT - If making ANY customizations, this MUST be set to false.
                 Otherwise, will used default settings and the following attributes will be ignored.
            
        -->
      
        <attribute name="UseSSLServerSocketFactory">false</attribute>
      
      - <!--
       This is the url string to the key store to use 
        -->
      
        <attribute name="KeyStoreURL">${jboss.server.home.url}/conf/ssl/server.keystore</attribute>
      
      - <!--
       The password for the key store 
        -->
      
        <attribute name="KeyStorePassword">MY_PASSWORD_IS_HERE</attribute>
      
      - <!--
       The password for the keys (will use KeystorePassword if this is not set explicitly. 
        -->
      - <!--
                <attribute name="KeyPassword">secureexample</attribute>
        -->
      - <!--
       The protocol for the SSLContext. Default is TLS. 
        -->
      
        <attribute name="SecureSocketProtocol">TLS</attribute>
      
      - <!--
       The algorithm for the key manager factory.  Default is SunX509. 
        -->
      
        <attribute name="KeyStoreAlgorithm">SunX509</attribute>
      
      - <!--
                 The type to be used for the key store.
                 Defaults to JKS. Some acceptable values are JKS (Java Keystore - Sun's keystore format),
                 JCEKS (Java Cryptography Extension keystore - More secure version of JKS), and
                 PKCS12 (Public-Key Cryptography Standards #12 keystore - RSA's Personal Information
                 Exchange Syntax Standard). These are not case sensitive.
            
        -->
      
        <attribute name="KeyStoreType">JKS</attribute>
      
        </mbean>
      
      
      <