Change in ovirt-engine[master]: pki: use PKCS#12 format to store keys

yzaslavs at redhat.com yzaslavs at redhat.com
Sun Sep 30 03:40:33 UTC 2012


Yair Zaslavsky has submitted this change and it was merged.

Change subject: pki: use PKCS#12 format to store keys
......................................................................


pki: use PKCS#12 format to store keys

Java supports standard cryptographic format PKCS#12, this format
bundles private key and certificate chain into one file with integrity
of passphrase.

Using Java proprietary key store format force additional work if using
non-Java solutions.

This change is a migration from JKS and duplicates into single PKCS#12
keystore for private key store. It does not handle the trust store which
is left as JKS for now.

Remove unnecessary scripts from CA implementations that do not support
this effort.

Also issue separate apache certificate and key to ease future enrollment
separation.

Change-Id: I2abda5778477faff09798a43cf3dc96435efb272
Signed-off-by: Alon Bar-Lev <alonbl at redhat.com>
Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=854540
---
M Makefile
M backend/manager/conf/ca/CreateCA.sh
D backend/manager/conf/ca/CreateKStore.sh
D backend/manager/conf/ca/CreatePem.sh
D backend/manager/conf/ca/CreateReq.sh
D backend/manager/conf/ca/exportK2SSH.sh
D backend/manager/conf/ca/generate-ssh-keys
D backend/manager/conf/ca/importToKeyStore.sh
M backend/manager/conf/ca/installCA.sh
M backend/manager/conf/ca/installCA_dev.sh
D backend/manager/conf/ca/store-utils.sh
M backend/manager/dbscripts/upgrade/pre_upgrade/0000_config.sql
M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java
M backend/manager/modules/dal/pom.xml
M backend/manager/modules/dal/src/test/java/org/ovirt/engine/core/dal/dbbroker/generic/DomainsPasswordMapTest.java
D backend/manager/modules/dal/src/test/resources/.keystore
A backend/manager/modules/dal/src/test/resources/key.p12
M backend/manager/modules/engineencryptutils/src/main/java/org/ovirt/engine/core/engineencryptutils/EncryptionUtils.java
D backend/manager/modules/engineencryptutils/src/main/java/org/ovirt/engine/core/engineencryptutils/StoreUtils.java
M backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/hostinstall/VdsInstallerSSH.java
M backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ssl/AuthSSLProtocolSocketFactory.java
M backend/manager/modules/utils/src/test/java/org/ovirt/engine/core/utils/hostinstall/VdsInstallerSSHTest.java
D backend/manager/modules/utils/src/test/resources/.hostKstore
D backend/manager/modules/utils/src/test/resources/.keystore
A backend/manager/modules/utils/src/test/resources/key.p12
M backend/manager/tools/engine-notifier/engine-notifier-service/src/main/java/org/ovirt/engine/core/notifier/EngineMonitorService.java
M packaging/fedora/engine-service.xml.in
M packaging/fedora/setup/basedefs.py
M packaging/fedora/setup/engine-cleanup.py
M packaging/fedora/setup/engine-setup.py
M packaging/fedora/setup/engine-upgrade.py
M packaging/fedora/spec/ovirt-engine.spec.in
32 files changed, 279 insertions(+), 703 deletions(-)

Approvals:
  Yair Zaslavsky: Verified; Looks good to me, approved


--
To view, visit http://gerrit.ovirt.org/6883
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I2abda5778477faff09798a43cf3dc96435efb272
Gerrit-PatchSet: 13
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev <alonbl at redhat.com>
Gerrit-Reviewer: Alex Lourie <alourie at redhat.com>
Gerrit-Reviewer: Alon Bar-Lev <alonbl at redhat.com>
Gerrit-Reviewer: Barak Azulay <bazulay at redhat.com>
Gerrit-Reviewer: Doron Fediuck <dfediuck at redhat.com>
Gerrit-Reviewer: Juan Hernandez <juan.hernandez at redhat.com>
Gerrit-Reviewer: Ofer Schreiber <oschreib at redhat.com>
Gerrit-Reviewer: Yair Zaslavsky <yzaslavs at redhat.com>
Gerrit-Reviewer: oVirt Jenkins CI Server



More information about the Engine-commits mailing list