pgjdbc OSGI bundle under FIPS -- custom sslfactory #2651
Replies: 5 comments 4 replies
-
Would you have to have it in a bundle declared as a fragment of the pgjdbc
bundle?
…On Tue, Oct 25, 2022 at 2:55 PM fjcrow2008 ***@***.***> wrote:
I know how to use the sslfactory= parameter on a pgjdbc connection when
running in a standalone or even a Spring application. I use that to provide
a custom FIPS-based factory (using SunPKCS11-NSS-FIPS security provider)
when running under FIPS.
However, when I tried to use that approach within an application that runs
in an OSGI environment (Apache Karaf in particular), I have not been able
to figure out how to provide my custom sslfactory class in a way that the
pgjdbc bundle can find it.
Can anyone point me to documentation or an example that could help me
figure that out?
—
Reply to this email directly, view it on GitHub
<#2651>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAW3U3JFHPD6PBZAJQPULALWFA3LXANCNFSM6AAAAAAROJTIWA>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
I got this to work yesterday. The correct value for Again, I'm just a novice at Karaf, so this is what worked for me and might not be the prescribed method or best practice. |
Beta Was this translation helpful? Give feedback.
-
Could you write up a short paragraph how you got it to work? We can include it in the docs |
Beta Was this translation helpful? Give feedback.
-
Quick Solution: Create a Java Maven project with "bundle" packaging. Using the Apache Felix Maven Bundle Plugin (BND), export your custom SSL factory class using the <instructions>
<Bundle-SymbolicName>org.example.ssl.CustomSSLFactory</Bundle-SymbolicName>
<Bundle-Version>1.0</Bundle-Version>
<Export-Package>org.example.ssl.*;version="1.0"</Export-Package>
<Fragment-Host>org.postgresql.jdbc42;bundle-version=42.2.8</Fragment-Host>
</instructions> Use You can now use the See attached README for a complete example. |
Beta Was this translation helpful? Give feedback.
-
Updated README with typos fixed. |
Beta Was this translation helpful? Give feedback.
-
I know how to use the
sslfactory=
parameter on a pgjdbc connection when running in a standalone or even a Spring application. I use that to provide a custom FIPS-based factory (using SunPKCS11-NSS-FIPS security provider) when running under FIPS.However, when I tried to use that approach within an application that runs in an OSGI environment (Apache Karaf in particular), I have not been able to figure out how to provide my custom sslfactory class in a way that the pgjdbc bundle can find it.
Can anyone point me to documentation or an example that could help me figure that out?
Beta Was this translation helpful? Give feedback.
All reactions