Draft
Conversation
a. Better HTTPS with Client authentication : - In order to avoid too many PIN/Password requests (HTTPS hanshakes), downloads first the initial jar (mono-thread) then all remaining ones (multi-thread) - In case of initial jar download failure (Client Certificate Selection cancel, incorrect PIN/Password, ...), fail fast and do not try to download remaining jars - No resource prefetch, otherwise deployment.cache.parallelDownloadCount is not enforced b. New Security Dialog UI for Client Certificate Selection : - Ability to display details on each certificate - Shown in TaskBar - Cancellable - Selection using double-click, Enter key or OK button - Internationalization c. SmartCard support on Windows - Introduction of a Merged Key Manager for user, system and browser key stores - Client alias selection using a preference algorithm : a) Get all non-expired aliases with extension ClientCert (1.3.6.1.5.5.7.3.2) or ANY (2.5.29.37.0) if only one, it is selected, if more than one, a UI helps to select one of them. b) Otherwise, get all expired aliases with extension ClientCert (1.3.6.1.5.5.7.3.2) or ANY (2.5.29.37.0) if only one, it is selected, if more than one, a UI helps to select one of them. c) Otherwise, get all remaining aliases if only one, it is selected, if more than one, a UI helps to select one of them. - UI will display the suffix " (from user keystore)" or " (from system keystore)" or " (from browser keystore)" - If user cancels the Client Certificate UI, it is remembered for next chooseClientAlias call - Client alias selection is cached per remote host
Better HTTPS with Client Authentication & SmartCard support on Windows
sclassen
force-pushed
the
https-client-smart-card
branch
from
dd52b91 to
c1b6f68
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Original contribution by @DavidTavoularis in #729:
a. Better HTTPS with Client authentication :
b. New Security Dialog UI for Client Certificate Selection :
c. SmartCard support on Windows