This issue can be closed once DJ supports PEM files as a trust manager provider. Motivation for supporting PEM files is provided in
COMMONS-410. Using dsconfig it should be possible to configure a PEM file trust manager provider and use it for obtaining public keys used for TLS. The config framework should provide the following configurable properties:
- the name of the PEM file
I don't think a password is ever required for public keys.
- commons secrets test files: https://stash.forgerock.org/projects/COMMONS/repos/forgerock-commons/browse/secrets/secrets-backend-propertyresolver/src/test/resources
- source code for the commons secrets key manager: https://stash.forgerock.org/projects/COMMONS/repos/forgerock-commons/browse/secrets/secrets-api/src/main/java/org/forgerock/secrets/SecretsTrustManager.java
- PEM RFC: https://tools.ietf.org/html/rfc7468