Davy De Waele created AMQ-5495:
----------------------------------
Summary: ActiveMQSslConnectionFactory should support different
keystore and key passwords
Key: AMQ-5495
URL: https://issues.apache.org/jira/browse/AMQ-5495
Project: ActiveMQ
Issue Type: Improvement
Components: Broker
Affects Versions: 5.10.0
Reporter: Davy De Waele
The current ActiveMQSslConnectionFactory allows us to specify
- trustStore
- trustStorePassword
- keyStore
- keyStorePassword
In case the passphrase of the key contained in the keystore is different from
the password of the keystore itself this connection factory cannot be used.
What we're missing is the following field
- keyStoreKeyPassword
In the ActiveMQ configuration such a setup is supported (via the
SpringSslContext), however for accessing ActiveMQ via the
ActiveMQSslConnectionFactory it is not.
Adding a keyStoreKeyPassword field and changing the createKeyManager slightly
would fix this:
{noformat}
protected KeyManager[] createKeyManager() throws Exception {
KeyManagerFactory kmf =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore ks = KeyStore.getInstance("jks");
KeyManager[] keystoreManagers = null;
if (keyStore != null) {
byte[] sslCert = loadClientCredential(keyStore);
if (sslCert != null && sslCert.length > 0) {
ByteArrayInputStream bin = new ByteArrayInputStream(sslCert);
ks.load(bin, keyStorePassword.toCharArray());
kmf.init(ks, keyStoreKeyPassword !=null ?
keyStoreKeyPassword.toCharArray() : keyStorePassword.toCharArray());
keystoreManagers = kmf.getKeyManagers();
}
}
return keystoreManagers;
}
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
