Versions Compared

Old Version 1

changes.mady.by.user George Zaronikas

Saved on

compared with

New Version 2

changes.mady.by.user Diana Krepinska

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Associated JBoss community project(s):

Idea Proposals

WildFly Elytron - Add support for Online Certificate Status Protocol (OCSP) stapling to WildFly Elytron, for use in the WildFly application server

Summary of idea:

If you want to learn about security, this is your chance to develop a new security feature for the WildFly Application Server! As a bonus, you'll get to work with a diverse team.

The WildFly Elytron project is a security framework for Java clients and application servers. WildFly is an open source application server. Elytron is used by the WildFly application server to secure applications that are deployed to the server and to secure management access to the server. Banks, retail stores, and governments are just some examples of end-users of the enterprise version of the WildFly application server.

The TLS protocol allows communication between a client and a server to be encrypted. WildFly Elytron allows users to configure policy information related to TLS. Currently, this includes things like key managers, trust managers, cipher suites, and protocols (see https://github.com/wildfly-security/wildfly-elytron/tree/1.x/ssl/src/main/java/org/wildfly/security/ssl).

The purpose of this project is to work on new OCSP feature for the WildFly server. In particular, the goal of this project is to add support for Online Certificate Status Protocol (OCSP) stapling to WildFly Elytron, for use in the WildFly application server.

OCSP stapling is a standard that’s used to check the revocation status of an X.509 certificate. In particular, when presenting its certificate during a TLS handshake, the server first sends an OCSP request to an OCSP responder and the returned response is “stapled” to the server’s certificate chain. Because the server is the one contacting the OCSP responder instead of the client, the advantage is that the server bears the resource cost and the OCSP response it receives can be cached and used multiple times for different clients.

Possible tasks for this project:

  • Create a document that describes how you plan to approach the problem.
  • Implement the ability for a WildFly server to use OCSP stapling when presenting its certificate. This will involve adding functionality to both the WildFly Elytron project as well as the WildFly Core project, where Elytron is actually integrated with the WildFly application server.
  • Implement appropriate test cases.
  • Write documentation.
  • Create a blog post that gives an overview of your project.


The WildFly Elytron team is a diverse, distributed team that has a lot of experience working with interns and junior engineers.

Knowledge pre-requisites:

  • Experience with Java
  • Git
  • Maven

GitHub repo: https://github.com/wildfly-security/wildfly-elytron

Other useful links: 

Project size: Medium (~175 hours)

Skill level: Intermediate

Project chat: https://wildfly.zulipchat.com/#narrow/stream/173102-wildfly-elytron

Contact(s) / potential mentors(s): Farah Juma <fjuma@redhat.com> and Diana Krepinska <dvilkola@redhat.com>

Associated JBoss community project(s): Elytron, WildFly