You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@activemq.apache.org by "Gary Tully (JIRA)" <ji...@apache.org> on 2014/12/22 16:30:13 UTC

[jira] [Resolved] (AMQ-5495) ActiveMQSslConnectionFactory should support different keystore and key passwords

     [ https://issues.apache.org/jira/browse/AMQ-5495?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Gary Tully resolved AMQ-5495.
-----------------------------
       Resolution: Fixed
    Fix Version/s: 5.11.0
         Assignee: Gary Tully

Suggestion applied in http://git-wip-us.apache.org/repos/asf/activemq/commit/815e0ec5 with thanks.

looks like there is some scope for code reuse here in the future. If you get a chance, feel free to do some surgery and submit a patch.

> ActiveMQSslConnectionFactory should support different keystore and key passwords
> --------------------------------------------------------------------------------
>
>                 Key: AMQ-5495
>                 URL: https://issues.apache.org/jira/browse/AMQ-5495
>             Project: ActiveMQ
>          Issue Type: Improvement
>          Components: Broker
>    Affects Versions: 5.10.0
>            Reporter: Davy De Waele
>            Assignee: Gary Tully
>             Fix For: 5.11.0
>
>
> The current ActiveMQSslConnectionFactory allows us to specify
> - trustStore
> - trustStorePassword
> - keyStore
> - keyStorePassword
> In case the passphrase of the key contained in the keystore is different from the password of the keystore itself this connection factory cannot be used.
> What we're missing is the following field
> - keyStoreKeyPassword
> In the ActiveMQ configuration such a setup is supported (via the [SpringSslContext|https://svn.apache.org/repos/asf/activemq/trunk/activemq-spring/src/main/java/org/apache/activemq/spring/SpringSslContext.java]), however for accessing ActiveMQ via the ActiveMQSslConnectionFactory it is not.
> Adding a keyStoreKeyPassword field and changing the createKeyManager slightly would fix this:
> {noformat}
>     protected KeyManager[] createKeyManager() throws Exception {
>     	
>         KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
>         KeyStore ks = KeyStore.getInstance("jks");
>         KeyManager[] keystoreManagers = null;
>         if (keyStore != null) {
>             byte[] sslCert = loadClientCredential(keyStore);
>             if (sslCert != null && sslCert.length > 0) {
>                 ByteArrayInputStream bin = new ByteArrayInputStream(sslCert);
>                 ks.load(bin, keyStorePassword.toCharArray());
>                 kmf.init(ks, keyStoreKeyPassword !=null ? keyStoreKeyPassword.toCharArray() : keyStorePassword.toCharArray());
>                 keystoreManagers = kmf.getKeyManagers();
>             }
>         }
>         return keystoreManagers;
>     }
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)