[jira] [Work logged] (ARTEMIS-3794) "org.apache.activemq.ssl.keyStorePassword" and "org.apache.activemq.ssl.trustStorePassword" system properties should support ENC(...) format

Mon, 04 Jul 2022 02:36:05 -0700 


     [ 
https://issues.apache.org/jira/browse/ARTEMIS-3794?focusedWorklogId=787529&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-787529
 ]

ASF GitHub Bot logged work on ARTEMIS-3794:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 04/Jul/22 09:35
            Start Date: 04/Jul/22 09:35
    Worklog Time Spent: 10m 
      Work Description: brusdev commented on PR #4135:
URL: 
https://github.com/apache/activemq-artemis/pull/4135#issuecomment-1173589388

   I see a test failure due to system properties set by the new test:
   
https://github.com/apache/activemq-artemis/runs/7171602475?check_suite_focus=true
   ```
   WARN  [io.netty.channel.ChannelInitializer] Failed to initialize a channel. 
Closing: [id: 0xcf2b8ab7]: java.lang.Exception: Failed to find a store at 
unknownclient-keystore.jks
        at 
org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.validateStoreURL(SSLSupport.java:356)
        at 
org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.loadKeystore(SSLSupport.java:304)
        at 
org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.loadKeyManagerFactory(SSLSupport.java:332)
        ...
   ```




Issue Time Tracking
-------------------

    Worklog Id:     (was: 787529)
    Time Spent: 1h 10m  (was: 1h)

> "org.apache.activemq.ssl.keyStorePassword" and 
> "org.apache.activemq.ssl.trustStorePassword" system properties should support 
> ENC(...) format
> --------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: ARTEMIS-3794
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-3794
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>          Components: Configuration
>    Affects Versions: 2.19.1
>            Reporter: Apache Dev
>            Priority: Major
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> In order to set client keyStore/trustStore passwords, overriding those 
> obtained by topology updates from brokers (see ARTEMIS-1157), we need to set 
> system properties.
> Such properties could be logged in traces or be present in dumps.
> It would be a more secure practice to handle ENC(...) format to mask them.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to