You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Timothee Maret (JIRA)" <ji...@apache.org> on 2016/06/13 12:19:21 UTC
[jira] [Commented] (SLING-5760) Allow to support certificate based
authentication in Distribution transport
[ https://issues.apache.org/jira/browse/SLING-5760?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15327243#comment-15327243 ]
Timothee Maret commented on SLING-5760:
---------------------------------------
{{SLING-5760.patch}} allows to plug a custom SSLContext.
It does so by introducing new API under the new package {{org/apache/sling/distribution/context}}.
The APIs consist of
1. {{org.apache.sling.distribution.context.DistributionContext}} (ProviderType), default implementation ({{SimpleDistributionTransportContext}}) provided in the {{org.apache.sling.distribution.core}} bundle.
2. {{org.apache.sling.distribution.context.DistributionContextProperties}} (ProviderType), defines the properties (names and types) that are supported in the contexts. This interface will evolve as more properties are supported in the contexts.
3. {{org.apache.sling.distribution.context.DistributionContextProvider}} (ConsumerType), default implementation ({{SimpleDistributionContextProvider}} in the {{core}} bundle. This interface is meant to be implemented by consumers and thus is not meant to evolve.
The {{DistributionContext}} and {{DistributionContextProvider}} are generic and could be reused for different contexts in the implementation. The patch contains the possibility to configure a custom transport context.
The patch compiles, tests pass, but the patch is mostly untested yet, thus not ready for merging. However, the approach is mostly there and I think it is ready for being reviewed while I extend it with testing.
[~mpetria], [~teofili] could you have a look ?
> Allow to support certificate based authentication in Distribution transport
> ---------------------------------------------------------------------------
>
> Key: SLING-5760
> URL: https://issues.apache.org/jira/browse/SLING-5760
> Project: Sling
> Issue Type: Improvement
> Components: Distribution
> Affects Versions: Content Distribution Core 0.1.18
> Reporter: Timothee Maret
> Assignee: Timothee Maret
> Fix For: Content Distribution 0.2.0
>
> Attachments: SLING-5760.patch
>
>
> Certificate based authentication is an alternative to the basic authentication currently available for Distribution transport. Certificate based authentication is done during the SSL handshake iff the target instance is configured to require or accept client client authentication. This client authentication scheme is a logical complement when connecting to endpoints serving over https. This result in authenticating both the source and the target using SSL.
> The client certificate and private key are required to complete the SSL handshake. By default, the JRE will use the default {{KeyStore}} to retrieve those informations. However, in some platforms such as Adobe Granite, there is the ability to specify custom {{KeyStore}} based on user. For those platforms, the custom {{KeyStore}} can be provided with a {{javax.net.ssl.SSLContext}} which also contains a custom {{TrustStore}}.
> This issue tracks allowing to leverage certificate based authentication using a custom {{javax.net.ssl.SSLContext}} in Distribution transport.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)