[jira] [Work logged] (ARTEMIS-3794) "org.apache.activemq.ssl.keyStorePassword" and "org.apache.activemq.ssl.trustStorePassword" system properties should support ENC(...) format

Tue, 05 Jul 2022 12:56:04 -0700 


     [ 
https://issues.apache.org/jira/browse/ARTEMIS-3794?focusedWorklogId=788034&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-788034
 ]

ASF GitHub Bot logged work on ARTEMIS-3794:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 05/Jul/22 19:55
            Start Date: 05/Jul/22 19:55
    Worklog Time Spent: 10m 
      Work Description: brusdev commented on code in PR #4135:
URL: https://github.com/apache/activemq-artemis/pull/4135#discussion_r914155512


##########
artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java:
##########
@@ -584,15 +585,15 @@ public synchronized void start() {
             realTrustStorePassword = trustStorePassword;
          } else {
             realKeyStorePath = 
Stream.of(System.getProperty(ACTIVEMQ_KEYSTORE_PATH_PROP_NAME), 
System.getProperty(JAVAX_KEYSTORE_PATH_PROP_NAME), keyStorePath).map(v -> 
useDefaultSslContext ? keyStorePath : 
v).filter(Objects::nonNull).findFirst().orElse(null);
-            realKeyStorePassword = 
Stream.of(System.getProperty(ACTIVEMQ_KEYSTORE_PASSWORD_PROP_NAME), 
System.getProperty(JAVAX_KEYSTORE_PASSWORD_PROP_NAME), keyStorePassword).map(v 
-> useDefaultSslContext ? keyStorePassword : 
v).filter(Objects::nonNull).findFirst().orElse(null);
+            realKeyStorePassword = 
processSslPasswordProperty(Stream.of(System.getProperty(ACTIVEMQ_KEYSTORE_PASSWORD_PROP_NAME),
 System.getProperty(JAVAX_KEYSTORE_PASSWORD_PROP_NAME), keyStorePassword).map(v 
-> useDefaultSslContext ? keyStorePassword : 
v).filter(Objects::nonNull).findFirst().orElse(null));

Review Comment:
   I'm not sure to get the purpose of this PR, why does a user need to set the 
password-codec in the connector url and the passwords in system properties?





Issue Time Tracking
-------------------

    Worklog Id:     (was: 788034)
    Time Spent: 1h 50m  (was: 1h 40m)

> "org.apache.activemq.ssl.keyStorePassword" and 
> "org.apache.activemq.ssl.trustStorePassword" system properties should support 
> ENC(...) format
> --------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: ARTEMIS-3794
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-3794
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>          Components: Configuration
>    Affects Versions: 2.19.1
>            Reporter: Apache Dev
>            Priority: Major
>          Time Spent: 1h 50m
>  Remaining Estimate: 0h
>
> In order to set client keyStore/trustStore passwords, overriding those 
> obtained by topology updates from brokers (see ARTEMIS-1157), we need to set 
> system properties.
> Such properties could be logged in traces or be present in dumps.
> It would be a more secure practice to handle ENC(...) format to mask them.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to