[ https://issues.apache.org/jira/browse/AMQ-5100?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Timothy Bish resolved AMQ-5100. ------------------------------- Resolution: Resolved > PKCS11 (NSS-FIPS) support in A-MQ/ActiveMQ > ------------------------------------------ > > Key: AMQ-5100 > URL: https://issues.apache.org/jira/browse/AMQ-5100 > Project: ActiveMQ > Issue Type: Bug > Components: Broker > Reporter: Jesse Sightler > > I have attempted to configure PKCS11/NSS support in ActiveMQ, however, I am > receiving the following exception: > Caused by: java.io.FileNotFoundException: class path resource [NONE] cannot > be opened because it does not exist > at > org.springframework.core.io.ClassPathResource.getInputStream(ClassPathResource.java:157) > at > org.apache.activemq.spring.SpringSslContext.createKeyManagerKeyStore(SpringSslContext.java:119) > at > org.apache.activemq.spring.SpringSslContext.createKeyManagers(SpringSslContext.java:88) > at > org.apache.activemq.spring.SpringSslContext.afterPropertiesSet(SpringSslContext.java:65) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:622) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1581) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1522) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1452) > ... 40 more > My configured sslContext for the broker looks like this: > <sslContext> > <sslContext > keyStore="NONE" keyStoreType="PKCS11" > keyStorePassword="password" > trustStore="/etc/activemqssl/truststore.jks" > trustStorePassword="password" > /> > </sslContext> > AFAIK, setting keyStore to "NONE" is the generally accepted way to do with > with PKCS11. The code should generate a warning at most for this, but instead > I receive the above exception and a failure to load the keystore. > The activemq code looks like this (in > org.apache.activemq.spring.SpringSslContext): > private KeyStore createKeyManagerKeyStore() throws Exception { > if( keyStore ==null ) { > return null; > } > KeyStore ks = KeyStore.getInstance(keyStoreType); > InputStream is=Utils.resourceFromString(keyStore).getInputStream(); > try { > ks.load(is, keyStorePassword==null? null : > keyStorePassword.toCharArray()); > } finally { > is.close(); > } > return ks; > } > It looks like this should just be setting "is" to null, generating a warning, > and then calling ks.load with the null inputstream (the nss library will load > the nss files based upon the nss.cfg file). -- This message was sent by Atlassian JIRA (v6.3.4#6332)