You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@activemq.apache.org by roelens8 <gi...@git.apache.org> on 2017/03/27 22:35:52 UTC
[GitHub] activemq-artemis pull request #1139: ARTEMIS-1074 Acceptors/Connectors now s...
GitHub user roelens8 opened a pull request:
https://github.com/apache/activemq-artemis/pull/1139
ARTEMIS-1074 Acceptors/Connectors now start up when configured to use SSL and a password codec
-Updates the NettyConnector and NettyAcceptor classes to pass in the password codec property as an argument into the ConfigurationHelper:getPasswordProperty() method when initializing the keystore and truststore passwords.
-When using the default password codec, passwords are required to be encrypted. If an unencrypted password was passed into the decode method, then an exception would get thrown that doesn't explain to user what went wrong. Fixed this issue to throw a new Configuration exception with a message saying the password must be encrypted when an unencrypted password is passed in.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/roelens8/activemq-artemis ARTEMIS-1074
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/activemq-artemis/pull/1139.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #1139
----
commit 2713953c305bb13ced92d75948633d4f119dbd18
Author: Armand Roelens <ar...@connexta.com>
Date: 2017-03-27T21:59:02Z
ARTEMIS-1074 Acceptors/Connectors now start up when configured to use SSL and a password codec
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] activemq-artemis pull request #1139: ARTEMIS-1074 Acceptors/Connectors now s...
Posted by jbertram <gi...@git.apache.org>.
Github user jbertram commented on a diff in the pull request:
https://github.com/apache/activemq-artemis/pull/1139#discussion_r108480518
--- Diff: artemis-commons/src/main/java/org/apache/activemq/artemis/utils/DefaultSensitiveStringCodec.java ---
@@ -139,8 +140,12 @@ private void updateKey(String key) {
public String decode(String secret) throws Exception {
SecretKeySpec key = new SecretKeySpec(internalKey, "Blowfish");
- BigInteger n = new BigInteger((String) secret, 16);
- byte[] encoding = n.toByteArray();
+ byte[] encoding;
+ try {
+ encoding = new BigInteger(secret, 16).toByteArray();
+ } catch (Exception ex) {
+ throw new IllegalArgumentException("Password must be encrypted.");
--- End diff --
I think it would also be worth logging the original exception at debug level. Be sure to wrap the log statement in `if (logger.isDebugEnabled())`.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] activemq-artemis pull request #1139: ARTEMIS-1074 Acceptors/Connectors now s...
Posted by roelens8 <gi...@git.apache.org>.
Github user roelens8 commented on a diff in the pull request:
https://github.com/apache/activemq-artemis/pull/1139#discussion_r108338051
--- Diff: artemis-commons/src/main/java/org/apache/activemq/artemis/utils/DefaultSensitiveStringCodec.java ---
@@ -20,6 +20,8 @@
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
+import javax.naming.ConfigurationException;
--- End diff --
how about an IllegalFormatException? What would make sense here?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] activemq-artemis pull request #1139: ARTEMIS-1074 Acceptors/Connectors now s...
Posted by jbertram <gi...@git.apache.org>.
Github user jbertram commented on a diff in the pull request:
https://github.com/apache/activemq-artemis/pull/1139#discussion_r108424112
--- Diff: artemis-commons/src/main/java/org/apache/activemq/artemis/utils/DefaultSensitiveStringCodec.java ---
@@ -20,6 +20,8 @@
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
+import javax.naming.ConfigurationException;
--- End diff --
I'd recommend java.lang.IllegalArgumentException.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] activemq-artemis pull request #1139: ARTEMIS-1074 Acceptors/Connectors now s...
Posted by roelens8 <gi...@git.apache.org>.
Github user roelens8 commented on a diff in the pull request:
https://github.com/apache/activemq-artemis/pull/1139#discussion_r108471873
--- Diff: artemis-commons/src/main/java/org/apache/activemq/artemis/utils/DefaultSensitiveStringCodec.java ---
@@ -20,6 +20,8 @@
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
+import javax.naming.ConfigurationException;
--- End diff --
Changed it be be an IllegalArgumentException.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] activemq-artemis pull request #1139: ARTEMIS-1074 Acceptors/Connectors now s...
Posted by roelens8 <gi...@git.apache.org>.
Github user roelens8 commented on a diff in the pull request:
https://github.com/apache/activemq-artemis/pull/1139#discussion_r108497183
--- Diff: artemis-commons/src/main/java/org/apache/activemq/artemis/utils/DefaultSensitiveStringCodec.java ---
@@ -139,8 +140,12 @@ private void updateKey(String key) {
public String decode(String secret) throws Exception {
SecretKeySpec key = new SecretKeySpec(internalKey, "Blowfish");
- BigInteger n = new BigInteger((String) secret, 16);
- byte[] encoding = n.toByteArray();
+ byte[] encoding;
+ try {
+ encoding = new BigInteger(secret, 16).toByteArray();
+ } catch (Exception ex) {
+ throw new IllegalArgumentException("Password must be encrypted.");
--- End diff --
Added a logger to log the original exception.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] activemq-artemis pull request #1139: ARTEMIS-1074 Acceptors/Connectors now s...
Posted by jbertram <gi...@git.apache.org>.
Github user jbertram commented on a diff in the pull request:
https://github.com/apache/activemq-artemis/pull/1139#discussion_r108325677
--- Diff: artemis-commons/src/main/java/org/apache/activemq/artemis/utils/DefaultSensitiveStringCodec.java ---
@@ -20,6 +20,8 @@
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
+import javax.naming.ConfigurationException;
--- End diff --
I don't think this is the proper exception to use here as this method has nothing to do with naming (e.g. JNDI).
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] activemq-artemis issue #1139: ARTEMIS-1074 Acceptors/Connectors now start up...
Posted by clebertsuconic <gi...@git.apache.org>.
Github user clebertsuconic commented on the issue:
https://github.com/apache/activemq-artemis/pull/1139
Sure. If u could use git cheepick -x please.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] activemq-artemis issue #1139: ARTEMIS-1074 Acceptors/Connectors now start up...
Posted by roelens8 <gi...@git.apache.org>.
Github user roelens8 commented on the issue:
https://github.com/apache/activemq-artemis/pull/1139
Could we put up a PR to merge this fix into the 1.X branch?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] activemq-artemis pull request #1139: ARTEMIS-1074 Acceptors/Connectors now s...
Posted by asfgit <gi...@git.apache.org>.
Github user asfgit closed the pull request at:
https://github.com/apache/activemq-artemis/pull/1139
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---