[jira] [Resolved] (AMQ-5495) ActiveMQSslConnectionFactory should support different keystore and key passwords

Mon, 22 Dec 2014 07:30:31 -0800 

     [ 
https://issues.apache.org/jira/browse/AMQ-5495?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Gary Tully resolved AMQ-5495.
-----------------------------
       Resolution: Fixed
    Fix Version/s: 5.11.0
         Assignee: Gary Tully

Suggestion applied in 
http://git-wip-us.apache.org/repos/asf/activemq/commit/815e0ec5 with thanks.

looks like there is some scope for code reuse here in the future. If you get a 
chance, feel free to do some surgery and submit a patch.

> ActiveMQSslConnectionFactory should support different keystore and key 
> passwords
> --------------------------------------------------------------------------------
>
>                 Key: AMQ-5495
>                 URL: https://issues.apache.org/jira/browse/AMQ-5495
>             Project: ActiveMQ
>          Issue Type: Improvement
>          Components: Broker
>    Affects Versions: 5.10.0
>            Reporter: Davy De Waele
>            Assignee: Gary Tully
>             Fix For: 5.11.0
>
>
> The current ActiveMQSslConnectionFactory allows us to specify
> - trustStore
> - trustStorePassword
> - keyStore
> - keyStorePassword
> In case the passphrase of the key contained in the keystore is different from 
> the password of the keystore itself this connection factory cannot be used.
> What we're missing is the following field
> - keyStoreKeyPassword
> In the ActiveMQ configuration such a setup is supported (via the 
> [SpringSslContext|https://svn.apache.org/repos/asf/activemq/trunk/activemq-spring/src/main/java/org/apache/activemq/spring/SpringSslContext.java]),
>  however for accessing ActiveMQ via the ActiveMQSslConnectionFactory it is 
> not.
> Adding a keyStoreKeyPassword field and changing the createKeyManager slightly 
> would fix this:
> {noformat}
>     protected KeyManager[] createKeyManager() throws Exception {
>       
>         KeyManagerFactory kmf = 
> KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
>         KeyStore ks = KeyStore.getInstance("jks");
>         KeyManager[] keystoreManagers = null;
>         if (keyStore != null) {
>             byte[] sslCert = loadClientCredential(keyStore);
>             if (sslCert != null && sslCert.length > 0) {
>                 ByteArrayInputStream bin = new ByteArrayInputStream(sslCert);
>                 ks.load(bin, keyStorePassword.toCharArray());
>                 kmf.init(ks, keyStoreKeyPassword !=null ? 
> keyStoreKeyPassword.toCharArray() : keyStorePassword.toCharArray());
>                 keystoreManagers = kmf.getKeyManagers();
>             }
>         }
>         return keystoreManagers;
>     }
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to