[
https://issues.apache.org/jira/browse/AMQ-5495?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Davy De Waele updated AMQ-5495:
-------------------------------
Description:
The current ActiveMQSslConnectionFactory allows us to specify
- trustStore
- trustStorePassword
- keyStore
- keyStorePassword
In case the passphrase of the key contained in the keystore is different from
the password of the keystore itself this connection factory cannot be used.
What we're missing is the following field
- keyStoreKeyPassword
In the ActiveMQ configuration such a setup is supported (via the
[SpringSslContext|https://svn.apache.org/repos/asf/activemq/trunk/activemq-spring/src/main/java/org/apache/activemq/spring/SpringSslContext.java]),
however for accessing ActiveMQ via the ActiveMQSslConnectionFactory it is not.
Adding a keyStoreKeyPassword field and changing the createKeyManager slightly
would fix this:
{noformat}
protected KeyManager[] createKeyManager() throws Exception {
KeyManagerFactory kmf =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore ks = KeyStore.getInstance("jks");
KeyManager[] keystoreManagers = null;
if (keyStore != null) {
byte[] sslCert = loadClientCredential(keyStore);
if (sslCert != null && sslCert.length > 0) {
ByteArrayInputStream bin = new ByteArrayInputStream(sslCert);
ks.load(bin, keyStorePassword.toCharArray());
kmf.init(ks, keyStoreKeyPassword !=null ?
keyStoreKeyPassword.toCharArray() : keyStorePassword.toCharArray());
keystoreManagers = kmf.getKeyManagers();
}
}
return keystoreManagers;
}
{noformat}
was:
The current ActiveMQSslConnectionFactory allows us to specify
- trustStore
- trustStorePassword
- keyStore
- keyStorePassword
In case the passphrase of the key contained in the keystore is different from
the password of the keystore itself this connection factory cannot be used.
What we're missing is the following field
- keyStoreKeyPassword
In the ActiveMQ configuration such a setup is supported (via the
SpringSslContext), however for accessing ActiveMQ via the
ActiveMQSslConnectionFactory it is not.
Adding a keyStoreKeyPassword field and changing the createKeyManager slightly
would fix this:
{noformat}
protected KeyManager[] createKeyManager() throws Exception {
KeyManagerFactory kmf =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore ks = KeyStore.getInstance("jks");
KeyManager[] keystoreManagers = null;
if (keyStore != null) {
byte[] sslCert = loadClientCredential(keyStore);
if (sslCert != null && sslCert.length > 0) {
ByteArrayInputStream bin = new ByteArrayInputStream(sslCert);
ks.load(bin, keyStorePassword.toCharArray());
kmf.init(ks, keyStoreKeyPassword !=null ?
keyStoreKeyPassword.toCharArray() : keyStorePassword.toCharArray());
keystoreManagers = kmf.getKeyManagers();
}
}
return keystoreManagers;
}
{noformat}
> ActiveMQSslConnectionFactory should support different keystore and key
> passwords
> --------------------------------------------------------------------------------
>
> Key: AMQ-5495
> URL: https://issues.apache.org/jira/browse/AMQ-5495
> Project: ActiveMQ
> Issue Type: Improvement
> Components: Broker
> Affects Versions: 5.10.0
> Reporter: Davy De Waele
>
> The current ActiveMQSslConnectionFactory allows us to specify
> - trustStore
> - trustStorePassword
> - keyStore
> - keyStorePassword
> In case the passphrase of the key contained in the keystore is different from
> the password of the keystore itself this connection factory cannot be used.
> What we're missing is the following field
> - keyStoreKeyPassword
> In the ActiveMQ configuration such a setup is supported (via the
> [SpringSslContext|https://svn.apache.org/repos/asf/activemq/trunk/activemq-spring/src/main/java/org/apache/activemq/spring/SpringSslContext.java]),
> however for accessing ActiveMQ via the ActiveMQSslConnectionFactory it is
> not.
> Adding a keyStoreKeyPassword field and changing the createKeyManager slightly
> would fix this:
> {noformat}
> protected KeyManager[] createKeyManager() throws Exception {
>
> KeyManagerFactory kmf =
> KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
> KeyStore ks = KeyStore.getInstance("jks");
> KeyManager[] keystoreManagers = null;
> if (keyStore != null) {
> byte[] sslCert = loadClientCredential(keyStore);
> if (sslCert != null && sslCert.length > 0) {
> ByteArrayInputStream bin = new ByteArrayInputStream(sslCert);
> ks.load(bin, keyStorePassword.toCharArray());
> kmf.init(ks, keyStoreKeyPassword !=null ?
> keyStoreKeyPassword.toCharArray() : keyStorePassword.toCharArray());
> keystoreManagers = kmf.getKeyManagers();
> }
> }
> return keystoreManagers;
> }
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
