brusdev commented on code in PR #4135:
URL: https://github.com/apache/activemq-artemis/pull/4135#discussion_r914414526
##########
artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java:
##########
@@ -584,15 +585,15 @@ public synchronized void start() {
realTrustStorePassword = trustStorePassword;
} else {
realKeyStorePath =
Stream.of(System.getProperty(ACTIVEMQ_KEYSTORE_PATH_PROP_NAME),
System.getProperty(JAVAX_KEYSTORE_PATH_PROP_NAME), keyStorePath).map(v ->
useDefaultSslContext ? keyStorePath :
v).filter(Objects::nonNull).findFirst().orElse(null);
- realKeyStorePassword =
Stream.of(System.getProperty(ACTIVEMQ_KEYSTORE_PASSWORD_PROP_NAME),
System.getProperty(JAVAX_KEYSTORE_PASSWORD_PROP_NAME), keyStorePassword).map(v
-> useDefaultSslContext ? keyStorePassword :
v).filter(Objects::nonNull).findFirst().orElse(null);
+ realKeyStorePassword =
processSslPasswordProperty(Stream.of(System.getProperty(ACTIVEMQ_KEYSTORE_PASSWORD_PROP_NAME),
System.getProperty(JAVAX_KEYSTORE_PASSWORD_PROP_NAME), keyStorePassword).map(v
-> useDefaultSslContext ? keyStorePassword :
v).filter(Objects::nonNull).findFirst().orElse(null));
Review Comment:
If the purpose is to override keyStore/trustStore passwords obtained from
topology with encrypted system properties maybe we should use system properties
to set the mask mode and the password codec too, i.e.
'org.apache.activemq.ssl.passwordCodec', the server and the client could use a
different mask mode or password codec.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
