Yair Zaslavsky has submitted this change and it was merged.
Change subject: pki: use PKCS#12 format to store keys
......................................................................
pki: use PKCS#12 format to store keys
Java supports standard cryptographic format PKCS#12, this format
bundles private key and certificate chain into one file with integrity
of passphrase.
Using Java proprietary key store format force additional work if using
non-Java solutions.
This change is a migration from JKS and duplicates into single PKCS#12
keystore for private key store. It does not handle the trust store which
is left as JKS for now.
Remove unnecessary scripts from CA implementations that do not support
this effort.
Also issue separate apache certificate and key to ease future enrollment
separation.
Change-Id: I2abda5778477faff09798a43cf3dc96435efb272
Signed-off-by: Alon Bar-Lev <alonbl(a)redhat.com>
Bug-Url:
https://bugzilla.redhat.com/show_bug.cgi?id=854540
---
M Makefile
M backend/manager/conf/ca/CreateCA.sh
D backend/manager/conf/ca/CreateKStore.sh
D backend/manager/conf/ca/CreatePem.sh
D backend/manager/conf/ca/CreateReq.sh
D backend/manager/conf/ca/exportK2SSH.sh
D backend/manager/conf/ca/generate-ssh-keys
D backend/manager/conf/ca/importToKeyStore.sh
M backend/manager/conf/ca/installCA.sh
M backend/manager/conf/ca/installCA_dev.sh
D backend/manager/conf/ca/store-utils.sh
M backend/manager/dbscripts/upgrade/pre_upgrade/0000_config.sql
M
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java
M backend/manager/modules/dal/pom.xml
M
backend/manager/modules/dal/src/test/java/org/ovirt/engine/core/dal/dbbroker/generic/DomainsPasswordMapTest.java
D backend/manager/modules/dal/src/test/resources/.keystore
A backend/manager/modules/dal/src/test/resources/key.p12
M
backend/manager/modules/engineencryptutils/src/main/java/org/ovirt/engine/core/engineencryptutils/EncryptionUtils.java
D
backend/manager/modules/engineencryptutils/src/main/java/org/ovirt/engine/core/engineencryptutils/StoreUtils.java
M
backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/hostinstall/VdsInstallerSSH.java
M
backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ssl/AuthSSLProtocolSocketFactory.java
M
backend/manager/modules/utils/src/test/java/org/ovirt/engine/core/utils/hostinstall/VdsInstallerSSHTest.java
D backend/manager/modules/utils/src/test/resources/.hostKstore
D backend/manager/modules/utils/src/test/resources/.keystore
A backend/manager/modules/utils/src/test/resources/key.p12
M
backend/manager/tools/engine-notifier/engine-notifier-service/src/main/java/org/ovirt/engine/core/notifier/EngineMonitorService.java
M packaging/fedora/engine-service.xml.in
M packaging/fedora/setup/basedefs.py
M packaging/fedora/setup/engine-cleanup.py
M packaging/fedora/setup/engine-setup.py
M packaging/fedora/setup/engine-upgrade.py
M packaging/fedora/spec/ovirt-engine.spec.in
32 files changed, 279 insertions(+), 703 deletions(-)
Approvals:
Yair Zaslavsky: Verified; Looks good to me, approved
--
To view, visit
http://gerrit.ovirt.org/6883
To unsubscribe, visit
http://gerrit.ovirt.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I2abda5778477faff09798a43cf3dc96435efb272
Gerrit-PatchSet: 13
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev <alonbl(a)redhat.com>
Gerrit-Reviewer: Alex Lourie <alourie(a)redhat.com>
Gerrit-Reviewer: Alon Bar-Lev <alonbl(a)redhat.com>
Gerrit-Reviewer: Barak Azulay <bazulay(a)redhat.com>
Gerrit-Reviewer: Doron Fediuck <dfediuck(a)redhat.com>
Gerrit-Reviewer: Juan Hernandez <juan.hernandez(a)redhat.com>
Gerrit-Reviewer: Ofer Schreiber <oschreib(a)redhat.com>
Gerrit-Reviewer: Yair Zaslavsky <yzaslavs(a)redhat.com>
Gerrit-Reviewer: oVirt Jenkins CI Server