If you set the managed="true" attribute on the ssl parameters
for the servicemix-http component, you will use the
org.apache.servicemix.http.jetty.ServiceMixSslSocketConnector
instead of the standard jetty ssl connector. This one handle
the keyAlias parameter.
To use this, you will need to define a
org.apache.servicemix.jbi.security.keystore.KeystoreManager
instance (see /conf/security.xml for an example) like the following:
<sm:keystoreManager id="keystoreManager">
<sm:keystores>
<sm:keystore name="default"
path="classpath:keystore.jks"
keystorePassword="servicemix"
keyPasswords="smx=smx" />
</sm:keystores>
</sm:keystoreManager>
You will need to configure it on the component configuration, using
either a JNDI name or a direct reference. Unfortunately, there is
currently no way to set it for the endpoint itself, though it should be
easy to modify.
On 11/6/06, Thomas TERMIN <[EMAIL PROTECTED]> wrote:
Guillaume,
We have some issues with ssl here. As I said before you can set the
key-alias parameter but it is not used at the moment from servicemix to
create a sslSocketConnector. But the bigger problem is that jetty does
not support that. Jetty reads the keystore from the keystore file and if
there is more than one key in this store it gives an exception. The
thing is I can fix that in jetty as well as in servicemix. But I have no
contacts to the jetty community. So one thing is if I would fix that
could you bring this patch faster in the jetty code as I could (Assumed
that you have better contacts). The second thing is if you are
interested at all on improve this things.
So what I would do is I would read the keystore file in jetty as already
done and would create inmemory keystores for every alias. So I would
have a hash table or something where you could get the keystore for a
specific given alias. The only thing in servicemix then is to get the
key-alias (if it is set in the http endpoint configuration) and call a
jetty getter method for the key alias. The Ssl socket connector can then
get the specific keystore from the hast table and intialise the complete
ssl stuff with the right given key.
Hope it was understandable. ;-)
What do you think?
Cheers,
Thomas
Thomas TERMIN wrote:
> Thanks Guillaume it is a nice feature in servicemix but it seems to be
> not supported from the SslSocketConnector (jetty). There is no such
> attribute unfortunately.
>
> Do you have any ideas?
>
> Cheers,
> Thomas
>
> Guillaume Nodet wrote:
>> The SslParameters class has a keyAlias attribute that you
>> can use for that.
>>
>> On 11/3/06, Thomas TERMIN <[EMAIL PROTECTED]> wrote:
>>> Hello,
>>>
>>> Who can I specify the alias for a key in the keystore for secure ssl
>>> consumer endpoints? Or is that basicly impossible to have more than one
>>> key in the keystore?
>>>
>>> Cheers,
>>> Thomas Termin
>>>
>>
>
>
--
Cheers,
Guillaume Nodet
