You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@activemq.apache.org by "Gary Tully (JIRA)" <ji...@apache.org> on 2014/12/22 16:30:13 UTC
[jira] [Resolved] (AMQ-5495) ActiveMQSslConnectionFactory should
support different keystore and key passwords
[ https://issues.apache.org/jira/browse/AMQ-5495?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gary Tully resolved AMQ-5495.
-----------------------------
Resolution: Fixed
Fix Version/s: 5.11.0
Assignee: Gary Tully
Suggestion applied in http://git-wip-us.apache.org/repos/asf/activemq/commit/815e0ec5 with thanks.
looks like there is some scope for code reuse here in the future. If you get a chance, feel free to do some surgery and submit a patch.
> ActiveMQSslConnectionFactory should support different keystore and key passwords
> --------------------------------------------------------------------------------
>
> Key: AMQ-5495
> URL: https://issues.apache.org/jira/browse/AMQ-5495
> Project: ActiveMQ
> Issue Type: Improvement
> Components: Broker
> Affects Versions: 5.10.0
> Reporter: Davy De Waele
> Assignee: Gary Tully
> Fix For: 5.11.0
>
>
> The current ActiveMQSslConnectionFactory allows us to specify
> - trustStore
> - trustStorePassword
> - keyStore
> - keyStorePassword
> In case the passphrase of the key contained in the keystore is different from the password of the keystore itself this connection factory cannot be used.
> What we're missing is the following field
> - keyStoreKeyPassword
> In the ActiveMQ configuration such a setup is supported (via the [SpringSslContext|https://svn.apache.org/repos/asf/activemq/trunk/activemq-spring/src/main/java/org/apache/activemq/spring/SpringSslContext.java]), however for accessing ActiveMQ via the ActiveMQSslConnectionFactory it is not.
> Adding a keyStoreKeyPassword field and changing the createKeyManager slightly would fix this:
> {noformat}
> protected KeyManager[] createKeyManager() throws Exception {
>
> KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
> KeyStore ks = KeyStore.getInstance("jks");
> KeyManager[] keystoreManagers = null;
> if (keyStore != null) {
> byte[] sslCert = loadClientCredential(keyStore);
> if (sslCert != null && sslCert.length > 0) {
> ByteArrayInputStream bin = new ByteArrayInputStream(sslCert);
> ks.load(bin, keyStorePassword.toCharArray());
> kmf.init(ks, keyStoreKeyPassword !=null ? keyStoreKeyPassword.toCharArray() : keyStorePassword.toCharArray());
> keystoreManagers = kmf.getKeyManagers();
> }
> }
> return keystoreManagers;
> }
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)